[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-dnsext-forgery-resilience-01.txt

To: Andrew Sullivan <andrew@ca.afilias.info>
Subject: Re: draft-ietf-dnsext-forgery-resilience-01.txt
From: Paul Vixie <paul@vix.com>
Date: Tue, 13 Nov 2007 16:26:37 +0000
Cc: namedroppers@ops.ietf.org
In-reply-to: Your message of "Tue, 13 Nov 2007 11:04:45 EST." <20071113160444.GC8030@afilias.info>
References: <20071110214233.GB8260@laperouse.bortzmeyer.org> <87sl3biytx.fsf@mid.deneb.enyo.de> <20071112100506.GA15120@laperouse.bortzmeyer.org> <87y7d3hi37.fsf@mid.deneb.enyo.de> <Pine.LNX.4.64.0711121625530.24448@hermes-1.csi.cam.ac.uk> <D71301A20C6825193A046E0A@Ximenes.local> <20071113160444.GC8030@afilias.info>

> >  "ID's SHOULD be assigned in a manner that the ability of a third party
> >   with access wire data to guess ID's on subsequent queries is minimised;
> >   this could, for instance, be achieved by introducing a pseudo-random
> >   component into the mechanism used to select the ID".
> 
> I like this version.  It specifys narrowly the condition one is trying
> to avoid, and gives a clue about why one wants to avoid it.  It
> provides an example of how to avoid it, but does not prescribe one.

i don't like this version, it overspecifies.  i like bert's version.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Tony Finch <dot@dotat.at>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Alex Bligh <alex@alex.org.uk>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Andrew Sullivan <andrew@ca.afilias.info>

Prev by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Previous by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Index(es):
- Date
- Thread