[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-dnsext-forgery-resilience-01.txt

To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: draft-ietf-dnsext-forgery-resilience-01.txt
From: bert hubert <bert.hubert@netherlabs.nl>
Date: Sat, 17 Nov 2007 14:00:21 +0100
Cc: namedroppers@ops.ietf.org
In-reply-to: <20071116145237.GA18431@laperouse.bortzmeyer.org>
References: <20071110214233.GB8260@laperouse.bortzmeyer.org> <87sl3biytx.fsf@mid.deneb.enyo.de> <27988.1194879471@sa.vix.com> <20071112154535.GC31775@outpost.ds9a.nl> <86081.1194888591@sa.vix.com> <20071112220343.GA19255@outpost.ds9a.nl> <20071112223543.GA12580@laperouse.bortzmeyer.org> <20071116145237.GA18431@laperouse.bortzmeyer.org>
User-agent: Mutt/1.5.9i

On Fri, Nov 16, 2007 at 12:52:37PM -0200, Stephane Bortzmeyer wrote:
> New version that I propose, with a clearer separation between the norm
> and the rationale (they could even be placed in different sections). I
> believe this captures the discussion in the WG and that nothing was
> forgotten.
> 
> 
> Rule:
> 
> Implementations MUST use Query-IDs that are hard to predict for a
> third party, even if this third party has access to previous wire
> data.

I like it a lot.

> Advice for implementors:
> 
> "Hard to predict" Query-IDs could, for instance, be achieved by
> introducing a random [RFC 4086] or pseudo-random component into the

This could be put in chapter 10, 'rationale' perhaps.

Thanks!

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Paul Vixie <paul@vix.com>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: bert hubert <bert.hubert@netherlabs.nl>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Paul Vixie <paul@vix.com>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: bert hubert <bert.hubert@netherlabs.nl>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>

Prev by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by Date: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Previous by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Index(es):
- Date
- Thread