I thought this discussion was important enough to surface with a new topic.
I can see why the server might need to set a minimum in the DNS record, but I find it likely irrelevant, since I intend to effectively max out the padding allowed within a packet. thanks, Rob On Tue, Oct 22, 2019 at 11:52 AM Rob Sayre <say...@gmail.com> wrote: > On Tue, Oct 22, 2019 at 11:45 AM Ben Schwartz <bem...@google.com> wrote: > >> On Tue, Oct 22, 2019 at 2:29 PM Rob Sayre <say...@gmail.com> wrote: >> > It seems to me that the client is in the best position to set the >> padding, so I’m not sure why there is anything in the DNS record.. >> >> Strongly disagree. If one IP address hosts two domains, short.example >> and longlonglonglonglonglonglonglong.example, a client of >> short.example has no SNI privacy unless they pad up to the length of >> the longer name. The client can't know to do this unless the DNS >> record says so. > > > Well, I am not sure we are disagreeing so strongly. I want to pad > everything up to 260 since the ClientHello will still fit in one packet. I > think it would be ok to send a minimum length in the DNS record. > >>
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
