Re: draft-ietf-dnsext-forgery-resilience-01.txt

[Florian Weimer <fw@deneb.enyo.de>]

* Olaf M. Kolkman:

>> The former.  It has been argued that non-repeating query IDs are more
>> important than good randomness.  I tried very hard to understand this,
>> but I still don't get it.
>
> Does a sentence like this help clarify:
>
> "The (sequence of) Query IDs SHOULD be unpredictable"
> possibly with the addition off:
> "e.g. by using a good source of randomness to generate them".

I think this is worse because you should reuse query IDs in some cases
(to avoid the birthday paradox when you still accept previous in-flight
queries).

> Or is your question more fundamental?

Oh, let me put this differently: An implementation does not follow
anything close to RFC 4086.  We should figure out why they do this.
Maybe there's a compelling reason, and in that case, the reason really
should be mentioned in the draft.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>