[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-dnsext-forgery-resilience-01.txt

To: namedroppers@ops.ietf.org
Subject: Re: draft-ietf-dnsext-forgery-resilience-01.txt
From: Andrew Sullivan <andrew@ca.afilias.info>
Date: Tue, 13 Nov 2007 11:04:45 -0500
In-reply-to: <D71301A20C6825193A046E0A@Ximenes.local>
References: <20071110214233.GB8260@laperouse.bortzmeyer.org> <87sl3biytx.fsf@mid.deneb.enyo.de> <20071112100506.GA15120@laperouse.bortzmeyer.org> <87y7d3hi37.fsf@mid.deneb.enyo.de> <Pine.LNX.4.64.0711121625530.24448@hermes-1.csi.cam.ac.uk> <D71301A20C6825193A046E0A@Ximenes.local>
Reply-to: Andrew Sullivan <andrew@ca.afilias.info>
User-agent: Mutt/1.5.13 (2006-08-11)

On Mon, Nov 12, 2007 at 07:38:15PM +0000, Alex Bligh wrote:

>  "ID's SHOULD be assigned in a manner that the ability of a third party
>   with access wire data to guess ID's on subsequent queries is minimised;
>   this could, for instance, be achieved by introducing a pseudo-random
>   component into the mechanism used to select the ID".

I like this version.  It specifys narrowly the condition one is trying
to avoid, and gives a clue about why one wants to avoid it.  It
provides an example of how to avoid it, but does not prescribe one.

A

-- 
Andrew Sullivan                         204-4141 Yonge Street
Afilias Canada                        Toronto, Ontario Canada
<andrew@ca.afilias.info>                              M2P 2A8
jabber: ajsaf@jabber.org                 +1 416 646 3304 x4110

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Alex Bligh <alex@alex.org.uk>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Paul Vixie <paul@vix.com>

References:
- draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Tony Finch <dot@dotat.at>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Alex Bligh <alex@alex.org.uk>

Prev by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Previous by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Index(es):
- Date
- Thread