[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dns-0x20.txt

To: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Re: dns-0x20.txt
From: Mark Andrews <Mark_Andrews@isc.org>
Date: Wed, 12 Mar 2008 22:45:57 +1100
Cc: Paul Vixie <Paul_Vixie@isc.org>, namedroppers@ops.ietf.org, dagon@cc.gatech.edu
In-reply-to: Your message of "Tue, 11 Mar 2008 23:12:44 EDT." <a06240800c3fcfa414ee0@[130.129.23.164]>

> An off-hand comment, this doesn't do a whole lot for the reverse map. 
> (Unless I am missing something.)  It doesn't hurt though.  Probably a 
> mention in the security section on that topic.

	Which reverse map?  It helps in ip6.arpa.  Just another reason
	to go to IPv6.  :-)
 
	Mark
 
> At 17:43 +0000 2/26/08, Paul Vixie wrote:
> >i think i've missed the cutoff for new -00 drafts, but, this is topical and
> >i'd like to discuss it anyway, even if it can't be on the philly agenda.
> >
> >                                     Abstract
> >
> >       The small (16-bit) size of the DNS transaction ID has made it a
> >       frequent target for forgery, with the unhappy result of many cache
> >       pollution events throughout Internet history.  Even with perfectly
> >       and unpredictably random transaction ID's, random and birthday
> >       attacks are still theoretically feasible.  This document describes a
> >       method by which an initiator can improve transaction identity using
> >       the 0x20 bit in DNS labels.  The method described here has already
> >       been implemented, and is running in production.
> >
> >for more, go to <http://sa.vix.com/~vixie/dns-0x20.txt>.
> >
> >
> >--
> >to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> >the word 'unsubscribe' in a single line as the message text body.
> >archive: <http://ops.ietf.org/lists/namedroppers/>
> 
> -- 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis                                                +1-571-434-5468
> NeuStar
> 
> Never confuse activity with progress.  Activity pays more.
> 
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

References:
- Re: dns-0x20.txt
  - From: Edward Lewis <Ed.Lewis@neustar.biz>

Prev by Date: Re: conjoining dns-forgery-resilience with dns-0x20; also, rtt banding
Next by Date: Re: dns-0x20.txt
Previous by thread: Re: dns-0x20.txt
Next by thread: Re: dns-0x20.txt
Index(es):
- Date
- Thread