On 11/1/2021 10:56 AM, Vladimír Čunát wrote:
On 01/11/2021 17.24, Daniel Kahn Gillmor wrote:
Is there an additional privacy leak if there were to be more than one
EDNS
Padding option?
I don't think it's possible to leak more privacy by doing that.
Assuming an encrypted channel, only the overall length of the DNS
message should matter. Perhaps if the "surprising" repeat could
trigger some bug, I imagine the effect might then be observable, but
it still doesn't sound privacy-risky to me.
We have similar discussions of that in the DNS over QUIC context. QUIC
has its own framing, and it is possible for example to put two DNS
queries back to back in the same encrypted packet. Padding with EDNS
interferes with that, and it might be just as well to use QUIC padding
instead. But then, QUIC padding is inserted by the QUIC stack, so it
will only be "set right" if there is a way for the application to
somehow specify a QUIC padding policy. Otherwise, better be safe and use
EDNS padding.
-- Christian Huitema
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
