On Tue, 2016-11-01 at 15:05 -0400, Bob Harold wrote: > > On Tue, Nov 1, 2016 at 7:09 AM, Hugo Connery <[email protected]> wrote: > > Hi, > > > > [snip] > > > > > Good start. > > 4.4. Random Length Padding > 'Alternatively, pad a certain percentage of "remaining space"?' > -- This, like fixed length padding, is discoverable and thus of no > help.
I think we may have a terminology misunderstanding here. Obviously, constantly appending a fixed length padding is of little value. Based upon known characteristics (which the watchers have in abundance) it would be easy to identify the size of the fixed offset and thus you move to length based analysis which reduces us to the no padding 'strategy'. But this is not what I think is being proposed. "pad a certain percentage" should perhaps be "pad a (pseudo) random number generated percentage of the remaining length". It comes under the heading "Random length padding" so I think this a valid interpretation. > You should specifically recommend against this, in case someone else > thinks of it and does not realize the problem with it. Yes, I hope that the final document specifies all options, including the bad ones, and provides clear descriptions about the trade-offs involved. Eg. No padding provides no confidentiality increase, and constant length (fixed) appending of padding is equivalently bad as the attacker will likely have historical data which will allow them to rapidly discover the fixed offset, thus the fixed offset strategy degenerates to the no padding strategy and is equivalently bad. Regards, Hugo _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
