XQID (Re: Forgery Resistance phase #2 )

[Paul Vixie <vixie@isc.org>]

[ Moderators note: Post was moderated, either because it was posted by
   a non-subscriber, or because it was over 20K.  
   With the massive amount of spam, it is easy to miss and therefore 
   delete relevant posts by non-subscribers. 
   Please fix your subscription addresses. ]

> I think my XQID suggestion (http://www.jhsoft.com/dns-xqid.htm), which by
> the way seems like a even better idea in light of the Kaminsky bug, is
> somewhere in your list already.

if we can amend the edns spec to require that for the XQID option, a reply
without XQID will cause the transaction to be repeated several times across
all of the zone's nameservers, with a different random UDP port and 16-bit
QID each time, then i will support the XQID proposal.  (this logic for
repeat-on-suspicion is more or less what we're recommending in 0x20, and
it's possible that if there are enough 0x20 bits available, then an XQID
could be made optional for that transaction.)

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>