Re: [openpgp] Message padding in OpenPGP

Hiya,

I agree with all the rest of your message:-)

But not this bit:

On 27/09/2019 00:12, Daniel Kahn Gillmor wrote:
> The ideal place to apply padding is at the application layer
That's not clear to me. It may be true or it may not.
(Perhaps that's just me being suspicious of terms like
"ideal" though:-)

As a (possible) counter-example, application layer code
is perhaps not (yet) well positioned to deal with padding
of both DNS and application layer traffic, all at once.
E.g., in the case of mail, if a message from a small
sender with a big DNS name arrives at a receiver that does
SPF and DMARC lookups, packet sizes emitted by the mail
receiver might expose information about the mail sender
despite any padding of the SMTP/TLS traffic. That is
likely a bit of a contrived example but I'd worry that
arguing that all "padding policy" be set by layer-4+
might go wrong in some cases.

I do totally agree with a strategy of defining padding
mechanisms everywhere we can and then learning over
time how best to use those though, so I think it'd be
fair to consider my comment here is a bit of a nit-pick.
(But I sent the mail anyway:-)

Cheers,
S.

0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys

signature.asc
Description: OpenPGP digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp