[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Randomness requirements for message ID generation
I can't see the justification for a MUST. A SHOULD would be reasonable as it would mean that you need a good justification to do anything else.
If you want secure DNS transactions you have to use TSIG or SIG(0).
Donald
-----Original Message-----
From: owner-namedroppers@ops.ietf.org [mailto:owner-namedroppers@ops.ietf.org] On Behalf Of David Conrad
Sent: Monday, July 25, 2005 1:37 PM
To: Edward Lewis
Cc: Ólafur Guðmundsson /DNSEXT co-chair; Florian Weimer; namedroppers@ops.ietf.org
Subject: Re: Randomness requirements for message ID generation
On Jul 25, 2005, at 10:12 AM, Edward Lewis wrote:
>> Good randomness should be used by all DNS resolvers on query ID.
...
> I know that this is a dead issue in the WG (fortunately), but I had
> some real data to throw in. And I wanted to kill once and for all the
> notion that the message id had to be "random."
Hmm. Perhaps this has been mentioned:
http://madchat.org/reseau/tcp-ip/tcpip-seqnb/#otherp
In terms of specification, I believe having query ids be as random as possible should be a MUST. Anything else increases the likelihood of spoofability.
Rgds,
-drc
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>