Re: [dns-privacy] I-D Action: draft-ietf-dprive-padding-policy-01.txt
Hugo Connery <hmco@env.dtu.dk> Tue, 04 July 2017 08:40 UTC
Return-Path: <hmco@env.dtu.dk>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 763D9131B31 for <dns-privacy@ietfa.amsl.com>; Tue, 4 Jul 2017 01:40:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XLp-_QdfpwCo for <dns-privacy@ietfa.amsl.com>; Tue, 4 Jul 2017 01:40:18 -0700 (PDT)
Received: from spamfilter4.dtu.dk (spamfilter4.dtu.dk [192.38.80.33]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 187E4131B1F for <dns-privacy@ietf.org>; Tue, 4 Jul 2017 01:40:17 -0700 (PDT)
Received: from ait-pexedg01.win.dtu.dk (ait-pexedg01.win.dtu.dk [192.38.82.191]) by spamfilter4.dtu.dk with ESMTP id v648dSN7014480-v648dSNE014480 (version=TLSv1.0 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL) for <dns-privacy@ietf.org>; Tue, 4 Jul 2017 10:40:11 +0200
Received: from ait-pex02mbx05.win.dtu.dk (192.38.82.185) by ait-pexedg01.win.dtu.dk (192.38.82.191) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 4 Jul 2017 10:40:04 +0200
Received: from ait-pex01mbx01.win.dtu.dk (192.38.82.181) by ait-pex02mbx05.win.dtu.dk (192.38.82.185) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 4 Jul 2017 10:40:02 +0200
Received: from env-er350.win.dtu.dk (130.225.73.250) by ait-pex01mbx01.win.dtu.dk (192.38.82.181) with Microsoft SMTP Server id 14.3.319.2; Tue, 4 Jul 2017 10:40:02 +0200
Message-ID: <1499157602.2629.1.camel@env.dtu.dk>
From: Hugo Connery <hmco@env.dtu.dk>
To: dns-privacy@ietf.org
Date: Tue, 04 Jul 2017 10:40:02 +0200
In-Reply-To: <CAHXf=0pDy9+vp-gfEAfMwb27w8fc8WqSfBL4eC4LZZzLG+XLOw@mail.gmail.com>
References: <149911712731.22782.2792826496381014188@ietfa.amsl.com> <CAHXf=0pDy9+vp-gfEAfMwb27w8fc8WqSfBL4eC4LZZzLG+XLOw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.22.6 (3.22.6-2.fc25)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Originating-IP: [130.225.73.250]
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/gy5Xdtw5RtTimwRgjB7bUzid7xo>
Subject: Re: [dns-privacy] I-D Action: draft-ietf-dprive-padding-policy-01.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2017 08:40:21 -0000
Hi Alexander (and list), Thanks, Alexander, for your efforts on the document (and DKG for the empirical work). May I suggest that another strategy is included, that of "always pad to the maximum message size". This is obviously wasteful, and may be recommended against. However, I believe its inclusion is equivalent to the "no padding" and "fixed block size pad" options which are listed for completeness whilst providing no or very little privacy protection. The "always pad to maximum message size" option is actually the maximal privacy setting (when encrypted) but is horribly wasteful. Perhaps mention it directly after the "no padding option" and describe that it provides maximal privacy protection, but is wasteful and more balanced strategies are described below, including the recommended strategy. Something like this: --- 4.2 Maximal Length Padding In maximal length padding the sender pads every message to the maximum allowed size for a message. Advantages: Maximal length padding, when combined with encrypted transport, provides the highest level of privacy protection. Disadvantages: Maximal length padding places a heavy burden on all parties, including the client, all intervening network equipment, and the server. Maximal length padding is not a recommended strategy. --- Regards, Hugo Connery On Mon, 2017-07-03 at 23:29 +0200, Alexander Mayrhofer wrote: > Hi, > > i've updated the Padding Policy draft - the main change is the > inclusion of an actual recommendation, essentially a blunt copy of > Daniel's recommendations from his empirical research work. > > I'm looking forward to hearing a discussion around these > recommendations - I will subsequently update the draft based on the > outcome of those discussions. > > best, > Alex > > > On Mon, Jul 3, 2017 at 11:25 PM, <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the DNS PRIVate Exchange of the IETF. > > > > Title : Padding Policy for EDNS(0) > > Author : Alexander Mayrhofer > > Filename : draft-ietf-dprive-padding-policy-01.txt > > Pages : 7 > > Date : 2017-07-03 > > > > Abstract: > > RFC 7830 specifies the EDNS0 'Padding' option, but does not > > specify > > the length of padding to be used in specific applications. This > > memo > > lists the possible options ("Padding Policies"), discusses the > > implications of each of these options, and provides a > > recommended > > option. > > > > > > The IETF datatracker status page for this draft is: > > https://datatracker.ietf.org/doc/draft-ietf-dprive-padding-policy/ > > > > There are also htmlized versions available at: > > https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-01 > > https://datatracker.ietf.org/doc/html/draft-ietf-dprive-padding-pol > > icy-01 > > > > A diff from the previous version is available at: > > https://www.ietf.org/rfcdiff?url2=draft-ietf-dprive-padding-policy- > > 01 > > > > > > Please note that it may take a couple of minutes from the time of > > submission > > until the htmlized version and diff are available at > > tools.ietf.org. > > > > Internet-Drafts are also available by anonymous FTP at: > > ftp://ftp.ietf.org/internet-drafts/ > > > > _______________________________________________ > > dns-privacy mailing list > > dns-privacy@ietf.org > > https://www.ietf.org/mailman/listinfo/dns-privacy > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy
- [dns-privacy] I-D Action: draft-ietf-dprive-paddi… internet-drafts
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Alexander Mayrhofer
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Hugo Connery
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Paul Hoffman
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Shane Kerr
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Shane Kerr
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Tony Finch
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Ilari Liusvaara
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Stephane Bortzmeyer
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-p… Stephane Bortzmeyer