On Thu 2015-07-23 18:50:14 +0200, Alexander Mayrhofer wrote: > I had a discussion with Daniel Khan Gillmor today, and we talked about > his proposal to specify a padding option in TLS so that message-size > based correlation attacks on encrypted DNS packets could be > prevented. We continued discussing other options (such as "artificial" > RRs in the additional section), and I floated the idea that we could > use EDNS0 to include padding in DNS packets. > > So, I've created a quick-and-dirty strawman proposal draft for this > idea, and i'm happy to discuss this during tomorrow's DPRIVE session > if we have time: > > https://www.ietf.org/id/draft-mayrhofer-edns0-padding-00.txt
wow, thanks for the incredibly quick writeup! I think this draft could have an informative reference to Haya Shulman's research on difficulties in DNS encryption, which won the recent ANRP: https://irtf.org/anrp https://www.ietf.org/mail-archive/web/dns-privacy/current/pdfWqAIUmEl47.pdf Section 3.2.2 shows that her mechanism for inferring the contents of queries becomes *even more effective* by including the size of the packets in her analysis. (Everyone working on dprive should read this paper to get a sense of some of the massive difficulties we need to consider because of the structure of DNS traffic analysis; just encrypting the traffic is insufficient for several reasons) I also note that draft-mayrhofer-edns0-padding curently suggests that the minimum padding size is 1 octet. Is there any reason to avoid a padding size of 0? --dkg _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
