Sorry to be commenting so late in the process...

Was the strategy of "MTU(-ish) maximum padding policy" ever suggested,
possibly as an alternative to Maximum Padding Policy?

IMHO, there are signifiant benefits, even beyond privacy:

   - It addresses the issues on Random that Eric R raises
   - It doesn't fragment (at least locally and/or if "Internet MTU"
   value(s) are used, like 1492 or 1472 or 1452 rather than 1500 (takes into
   account expectations on use of MPLS and/or L2 encapsulation in the middle
   while still using "maximum-ish" padding,  of fixed size per client
   - It largely defeats use of DNS amplification, since the query packet
   will already be as big as the biggest response. Of course, it doesn't
   defeat anonymizing attacks, it just reduces the use of authority servers
   for strictly amplification purposes.

Brian Dickson

On Fri, Apr 13, 2018 at 3:47 AM <internet-dra...@ietf.org> wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the DNS PRIVate Exchange WG of the IETF.
>
>         Title           : Padding Policy for EDNS(0)
>         Author          : Alexander Mayrhofer
>         Filename        : draft-ietf-dprive-padding-policy-05.txt
>         Pages           : 10
>         Date            : 2018-04-13
>
> Abstract:
>    RFC 7830 specifies the EDNS(0) 'Padding' option, but does not specify
>    the actual padding length for specific applications.  This memo lists
>    the possible options ("Padding Policies"), discusses implications of
>    each of these options, and provides a recommended (experimental)
>    option.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-05
> https://datatracker.ietf.org/doc/html/draft-ietf-dprive-padding-policy-05
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy-05
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/dns-privacy

Reply via email to