Benoit, thanks for the COMMENT - i will add the proposed text change to make the logic clearer before the draft goes to the RFC editor.
Alex On Tue, Mar 1, 2016 at 10:04 AM, Benoit Claise <[email protected]> wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Looking at this logic ... > > Responders MUST pad DNS responses when the respective DNS query > included the 'Padding' option, unless doing so would violate the > maximum UDP payload size. > > Responders MAY pad DNS responses when the respective DNS query > indicated EDNS(0) support of the Requestor. > > Responders MUST NOT pad DNS responses when the respective DNS query > did not indicate EDNS(0). > > ... I believe we need to improve the second paragraph. Taken out of > context of the first paragraph, it might be misleading. > > Responders MAY pad DNS responses when the respective DNS query > indicated EDNS(0) support of the Requestor and the 'Padding' option > is not included. > > Editorial: > > However, even if both DNS query and response messages were encrypted, > meta data of could still be used to correlate such messages with well > known unencrypted messages, hence jeopardizing some of the > confidentiality gained by encryption. One such property is the message > size. > > meta data of? > > >
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
