On Dec 1, 2013, at 4:06 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > Here's a start: "Padding the DNS query stream will have a negative effect on > the DNS systems as a whole, but will only thwart passive surveillance for > those attackers who cannot store and process the larger stream. There is no > current evidence that the bad actors in question have such limitations."
I thought the point of padding was to prevent the attacker from using the length of the encrypted query or response to make correlations and guess the plaintext. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
