On Thu 2015-07-23 18:50:14 +0200, Alexander Mayrhofer wrote:
I had a discussion with Daniel Khan Gillmor today, and we talked about
his proposal to specify a padding option in TLS so that message-size
based correlation attacks on encrypted DNS packets could be
prevented. We continued
This can be dropped. EDNS aware clients are required to ignore unknown EDNS
options.
A server MUST use the 'Padding' option in a DNS response (QR=1) only
when that response correlates to a query that contained the 'Padding'
option.
For QUERY I would be padding the request out to 400
