On Thu 2015-07-23 18:50:14 +0200, Alexander Mayrhofer wrote:
I had a discussion with Daniel Khan Gillmor today, and we talked about
his proposal to specify a padding option in TLS so that message-size
based correlation attacks on encrypted DNS packets could be
prevented. We continued
This can be dropped. EDNS aware clients are required to ignore unknown EDNS
options.
A server MUST use the 'Padding' option in a DNS response (QR=1) only
when that response correlates to a query that contained the 'Padding'
option.
For QUERY I would be padding the request out to 400
--On Monday, July 20, 2015 13:50 -0400 Bob Harold
rharo...@umich.edu wrote:
This thread has taught me more about the .onion names - thanks
for that. But I would have to agree with those that think this
bit of explanation is unnecessary to the RFC and should be
excluded, rather than
What does it mean to exceed the proffered EDNS0 buffer size with your
padded response?
You're 'silent' on length, but surely the server should respect the EDNS0
size proffer as a limit?
On Thu, Jul 23, 2015 at 6:50 PM, Alexander Mayrhofer
alexander.mayrho...@nic.at wrote:
Hi,
I had a
George,
i certainly agree. Noted for a revision.
Alex
Von: George Michaelson [mailto:g...@algebras.org]
Gesendet: Donnerstag, 23. Juli 2015 18:52
An: Alexander Mayrhofer
Cc: dns-priv...@ietf.org; dnsop@ietf.org
Betreff: Re: [DNSOP] draft-mayrhofer-edns0-padding
What does it mean to exceed the
Hi
I've upload the draft version of the minutes from the meeting on Monday.
Big thanks to Paul Hoffman for putting these together.
When you have a minute,take a look and let us know if there are any
corrections.
https://www.ietf.org/proceedings/93/minutes/minutes-93-dnsop
thanks
tim
On Thu, Jul 23, 2015 at 6:46 PM, Stephane Bortzmeyer bortzme...@nic.fr wrote:
On Thu, Jul 23, 2015 at 12:50:37PM +0800,
延志伟 yanzhi...@cnnic.cn wrote
a message of 113 lines which said:
#Z. W. Yan: we will revised it as: an authoritative name server
#operator can ensure that the recursive
Hi,
I had a discussion with Daniel Khan Gillmor today, and we talked about his
proposal to specify a padding option in TLS so that message-size based
correlation attacks on encrypted DNS packets could be prevented. We continued
discussing other options (such as artificial RRs in the
On Thu, Jul 23, 2015 at 12:50:37PM +0800,
延志伟 yanzhi...@cnnic.cn wrote
a message of 113 lines which said:
#Z. W. Yan: we will revised it as: an authoritative name server
#operator can ensure that the recursive server that the client is
#using has all the answers in its cache from the