Unstylishly quoting myself... On 22/10/2019 18:49, Stephen Farrell wrote: > Me too. I'd go for multiples of 32 octets, with a SHOULD > to add an extra block or two randomly, but anything of > that kind should work.
Stylishly however, it seems I'm in the happy position to also admit I was wrong there (thanks to Christian Huitema for spelling this out to me offlist). In most cases, when using ESNI, DNS queries will need to be made for the A/AAAA and ESNIKeys (or HTTPSSSSSSSSSVC:-) and hopefully those DNS queries will also be padded. RFC8467 [1] defines a bunch of ways of doing that, and has one recommended way. While it is likely too early to say that the recommendation in RFC8467 is really a best practice, I think it is the case that padding of the DNS query and of the SNI within the ESNI extension to the CH ought be "commensurate" in the sense that observing both ought not provide more information to someone who only observes one of those. So, at minimum, that'd mean s/32/128/ in my quoted text above, and likely more. (Plus, of course, doing the kind of due-diligence that lead to [1].) Bottom line is that I think I'd modify my starting out position for what to suggest for draft-05 to be to copy (and modify as needed) what's recommended in [1] for padding the query. Cheers, S. [1] https://tools.ietf.org/html/rfc8467
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
