I can't see the justification for a MUST. A SHOULD would be
reasonable as it would mean that you need a good justification to
do anything else.
If you want secure DNS transactions you have to use TSIG or SIG(0).
Donald
-----Original Message-----
From: owner-namedroppers@ops.ietf.org [mailto:owner-
namedroppers@ops.ietf.org] On Behalf Of David Conrad
Sent: Monday, July 25, 2005 1:37 PM
To: Edward Lewis
Cc: Ólafur Guðmundsson /DNSEXT co-chair; Florian Weimer;
namedroppers@ops.ietf.org
Subject: Re: Randomness requirements for message ID generation
On Jul 25, 2005, at 10:12 AM, Edward Lewis wrote:
Good randomness should be used by all DNS resolvers on query ID.
...
I know that this is a dead issue in the WG (fortunately), but I had
some real data to throw in. And I wanted to kill once and for all
the
notion that the message id had to be "random."
Hmm. Perhaps this has been mentioned:
http://madchat.org/reseau/tcp-ip/tcpip-seqnb/#otherp
In terms of specification, I believe having query ids be as random
as possible should be a MUST. Anything else increases the
likelihood of spoofability.
Rgds,
-drc
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org
with the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org
with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>