[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-dnsext-forgery-resilience-01.txt

To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: draft-ietf-dnsext-forgery-resilience-01.txt
From: Danny Mayer <mayer@gis.net>
Date: Sun, 18 Nov 2007 15:28:16 -0500
Cc: bert hubert <bert.hubert@netherlabs.nl>, namedroppers@ops.ietf.org
In-reply-to: <20071112223543.GA12580@laperouse.bortzmeyer.org>
References: <20071110214233.GB8260@laperouse.bortzmeyer.org> <87sl3biytx.fsf@mid.deneb.enyo.de> <27988.1194879471@sa.vix.com> <20071112154535.GC31775@outpost.ds9a.nl> <86081.1194888591@sa.vix.com> <20071112220343.GA19255@outpost.ds9a.nl> <20071112223543.GA12580@laperouse.bortzmeyer.org>
Reply-to: mayer@gis.net
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

Stephane Bortzmeyer wrote:
> On Mon, Nov 12, 2007 at 11:03:44PM +0100,
>  bert hubert <bert.hubert@netherlabs.nl> wrote 
>  a message of 34 lines which said:
> 
>>   Implementations MUST use Query-IDs that are hard to predict
> 
> More detailed, with the help of Alex Bligh:
> 
> Implementations MUST use Query-IDs that are hard to predict for a
> third party with access to wire data. This could, for instance, be
> achieved by introducing a random [RFC 4086] or pseudo-random component
> into the mechanism used to select the ID
> 
> --
> Read on /., about MS-Windows error messages:
> 
> Your system must meet the requirements to be able to run the Windows
> Random Number Generator on Vista. Otherwise, you will need to use
> Windows Number Generator Basic. The only number WNGB can generate is
> 4.

You can use CryptGenRandom() on Windows if you want a good random number
generator. However, none of this has anything to do with the question on
Query-IDs and is at a level of detail that the implementor would be
dealing with.

Danny

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Paul Vixie <paul@vix.com>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: bert hubert <bert.hubert@netherlabs.nl>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Paul Vixie <paul@vix.com>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: bert hubert <bert.hubert@netherlabs.nl>
- Re: draft-ietf-dnsext-forgery-resilience-01.txt
  - From: Stephane Bortzmeyer <bortzmeyer@nic.fr>

Prev by Date: Re: I-D Action:draft-reid-dnsext-zs-00.txt
Next by Date: I-D Action:draft-ietf-dnsext-dnssec-bis-updates-06.txt
Previous by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Next by thread: Re: draft-ietf-dnsext-forgery-resilience-01.txt
Index(es):
- Date
- Thread