Re: [dns-privacy] ENDS0 Padding Profile: Rough first draft

Bob Harold <rharolde@umich.edu> Tue, 01 November 2016 19:06 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3DF41298D5 for <dns-privacy@ietfa.amsl.com>; Tue, 1 Nov 2016 12:06:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.489
X-Spam-Level:
X-Spam-Status: No, score=-2.489 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: DNS error: query timed out)" header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-4nI4vDqHpw for <dns-privacy@ietfa.amsl.com>; Tue, 1 Nov 2016 12:06:25 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6143C1293DA for <dns-privacy@ietf.org>; Tue, 1 Nov 2016 12:05:54 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id h14so190551341ywa.2 for <dns-privacy@ietf.org>; Tue, 01 Nov 2016 12:05:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wNfaQd9LLjE8UPqP7BhF3B4RTjfQGgV4BWGDx8QE6Ng=; b=ElNxQsaU4pCYN0MQPhcxEwG22i1GO4sfxY0hkbFiCzf5mW9QExp2IDne2AsTltwGZd geubQ85/0rqP8Qvim6zGMOBR/MEtBEN0XvAJNN1sF2DX0DsAWPEiFVtjgUaOVd6XDkH6 evwPP/nmQD/6M5xQ0LNkQrW8H1iA4DfCkpITUT9FpK2l+Gn4JssENSXvnKjL3/7Zj9S/ Kaw/qVoZR2SJbvCf/hUiMq/d8kZknLalY8EvCVkmv9xjC5p73ZWiAKQhW+hLCtvPy6wX 9wEm4Vhge8qA/Ufta7YCdKFok5xk9bY9ZFsoPvciKGgUdjO4VWGEtU238OOhQ4lsZ9V0 Ywug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wNfaQd9LLjE8UPqP7BhF3B4RTjfQGgV4BWGDx8QE6Ng=; b=GC5kJQBGads4yyiNR8yVKcwsQIGTNSdE52nkC4FqL6tjM6r06qMi3smtw/b4rXC1jC KmmM3/mvdNrn7aR3fiSdJWEfhvn6H+28IVoYTQEsD/j9eG6HKThuzfng8a2MQStdnI9s iarrjIDZfrds4pcU4oJXXTqNxpp5tG7W/IoIh53XlvaM/D9P4HOG9Lmvns0YAUbyrqf3 DSVgi+lfjp6QieubK5Bgx9m4sU0YEK6Sdy5vCDjIUU7zqiLzINY+PjCKcNOWkpNzLaZ/ LsIDsfb+oTfk6ioSYej2zN4a/cy3IuXgh1wcsCcetBthfVllkCX5Hyc0cb9BRc8gvBjX 1y5w==
X-Gm-Message-State: ABUngve4GZ74CZ/LqO5k3l+LQhEvuBlxL+u+4udxTM4t3NntzNhK13kcOxkxmPqG6iDv7UaTxl+YZDFSpLpJPcHv
X-Received: by 10.129.43.132 with SMTP id r126mr21664070ywr.102.1478027153348; Tue, 01 Nov 2016 12:05:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.209.70 with HTTP; Tue, 1 Nov 2016 12:05:52 -0700 (PDT)
In-Reply-To: <1477998568.4843.13.camel@env.dtu.dk>
References: <CAHXf=0p+Afhs27SQraupwyF4DO9on4a3aJKJ_B7Gc+gHzBmqtQ@mail.gmail.com> <1477998568.4843.13.camel@env.dtu.dk>
From: Bob Harold <rharolde@umich.edu>
Date: Tue, 1 Nov 2016 15:05:52 -0400
Message-ID: <CA+nkc8Ai6fkOQGSiP-1GQHMWVhmFXeVEhptyNSDvJbS6B-rHEA@mail.gmail.com>
To: Hugo Connery <hmco@env.dtu.dk>
Content-Type: multipart/alternative; boundary=001a1141d6ec71df360540420370
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/HRlGahfHlRFqizl19G1Ln0NMsPE>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com>
Subject: Re: [dns-privacy] ENDS0 Padding Profile: Rough first draft
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2016 19:06:40 -0000

On Tue, Nov 1, 2016 at 7:09 AM, Hugo Connery <hmco@env.dtu.dk> wrote:

> Hi,
>
> The document looks like a great start.
>
> You seem to be using 'strategy' (28 times) and 'profile' (8 times)
> interchangeably. You may wish to prefer one over the other, or
> clearly delineate the difference in meaning.
>
> The list of strategies looks great.  Perhaps you could mention
> the "pad the message to the maximum possible message length"
> explicitly as a sub-case of "Block Length Padding".
>
> I am not recommending it, but it has the maximum "confidentiality"
> property (all EDNS messages look identical -- random noise of the same
> size). Thus, it probably deserves an explicit mention, in the same
> way that "no padding" deserves a mention as it has the minimum
> "confidentiality" property.
>
> You spell length as lenght twice in the first paragraph of section 4.5
>
> Regards,  Hugo Connery
>
> On Mon, 2016-10-31 at 22:40 +0100, Alexander Mayrhofer wrote:
> > Hi,
> >
> > I've posted a first rough cut of a "Padding Profile" draft,
> > describing strategies regarding EDNS0 padding size (which we
> > specifically did *not* address in RFC 7830):
> >
> > https://tools.ietf.org/html/draft-mayrhofer-dprive-padding-profile-00
> >
> > It's more like a "strawman proposal" rather than a polished document
> > in the current version, but i'm more than happy to talk about it in
> > Seoul if we have time. See the full I-D announcement below.
> >
> > best,
> > Alex
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> > directories.
> >
> >
> >         Title           : Padding Profiles for EDNS(0)
> >         Author          : Alexander Mayrhofer
> >       Filename        : draft-mayrhofer-dprive-padding-profile-00.txt
> >       Pages           : 6
> >       Date            : 2016-10-31
> >
> > Abstract:
> >    RFC 7830 specifies the EDNS0 'Padding' option, but does not
> > specify
> >    the amount of padding to be used in specific applications.  This
> > memo
> >    lists the possible options ("Padding Profiles"), discusses the
> >    implications of each of these options, and provides implementation
> >    guidance.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-mayrhofer-dprive-padding-profi
> > le/
>
>
Good start.

4.4.  Random Length Padding
'Alternatively, pad a certain percentage of "remaining space"?'
-- This, like fixed length padding, is discoverable and thus of no help.
You should specifically recommend against this, in case someone else thinks
of it and does not realize the problem with it.

-- 
Bob Harold