Have you ever built a prototype of this draft and done some test? If so, what is the extra time delay caused by it compared with normal DNS resolving? Maybe that is another problem.
Guangqing Deng CNNIC From: Wes Hardaker Date: 2014-05-09 11:06 To: Guangqing Deng CC: Wes Hardaker; dns-privacy Subject: Re: [dns-privacy] On behalf of Apr 1st, here is a DNSE solution. "Guangqing Deng" <[email protected]> writes: > Hi, Wes, I have a minor question about this draft. It is said in > section 2.1 of this draft that the encrypted "real" request (namely > the blob "EEEEEEEE" in this draft) is taken as the left-most label of > the new synthetic domain name (namely > "EEEEEEEEE.K1.example.org"). Since the length of a domain name label > is within 64, now I am wondering is it always possible to insert an > encrypted DNS request into one synthetic domain name as the left-most > label? No, certainly there are issues in general. There are maximum lengths not just for a label, but for the number of labels. So not only is there size constraints for the size of an individual label (and there are ways around that), but there are constraints on the number of labels we can use (and there is no way around some of those issues; You always have to append a suffix which means you're always reducing the maximum label count by the suffix length. Which in the above is 2). -- Wes Hardaker Parsons
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
