IETF Logo Mail Archive

Re: [Asrg] DNS over SCTP

Alessandro Vesely <vesely@tana.it> Fri, 29 May 2009 10:08 UTC

Return-Path: <vesely@tana.it>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA5673A6EBA for <asrg@core3.amsl.com>; Fri, 29 May 2009 03:08:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.452
X-Spam-Level:
X-Spam-Status: No, score=-0.452 tagged_above=-999 required=5 tests=[AWL=0.267, BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dlyQF+ZT5Ccd for <asrg@core3.amsl.com>; Fri, 29 May 2009 03:08:14 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by core3.amsl.com (Postfix) with ESMTP id 9A63B3A6CBD for <asrg@irtf.org>; Fri, 29 May 2009 03:08:14 -0700 (PDT)
Received: from [172.25.197.158] (pcale.tana [172.25.197.158]) (AUTH: CRAM-MD5 ale@tana.it, TLS: TLS1.0, 256bits, RSA_AES_256_CBC_SHA1) by wmail.tana.it with esmtp; Fri, 29 May 2009 12:09:35 +0200 id 00000000005DC031.000000004A1FB45F.00003F9D
Message-ID: <4A1FB46A.4090805@tana.it>
Date: Fri, 29 May 2009 12:09:46 +0200
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Paul Wouters <paul@xelerance.com>
References: <4A1A45BA.5030704@swin.edu.au> <3be421270905250718y5d62f6d5odb6f2bebecf418d0@mail.gmail.com> <6684E747-55CB-4BB3-B838-9F4FE906AFE7@mail-abuse.org> <200905251603.MAA16221@Sparkle.Rodents-Montreal.ORG> <CCE0A3E1-4BCB-460C-AEA0-6548BB4AE8FE@mail-abuse.org> <4A1D64C9.5060505@tana.it> <47BC2197-472E-4615-97D2-F7E42B8F3B7D@mail-abuse.org> <4A1E8BD3.8000103@tana.it> <20090528131509.GA13521@nic.fr> <4A1E9CBF.4010703@tana.it> <20090528142325.GA22943@nic.fr> <4A1EB214.6090507@tana.it> <alpine.LFD.1.10.0905281236450.2926@newtla.xelerance.com>
In-Reply-To: <alpine.LFD.1.10.0905281236450.2926@newtla.xelerance.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Anti-Spam Research Group - IRTF <asrg@irtf.org>, ietf@ietf.org
Subject: Re: [Asrg] DNS over SCTP
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 May 2009 10:08:16 -0000

Paul Wouters wrote:
> On Thu, 28 May 2009, Alessandro Vesely wrote:
>> The limitations in TCP or SCTP security stem from
> 
> transport security is pretty meaningless in the DNS world which operates 
> using a distributed caching system.

One has to trust each cache! Given that it is pretty easy to predict a 
subset of the queries a given server will issue in a give time frame, 
using SCTP can improve reliability better than adding another 32bit 
random number.

> This is why dnscurve is just an 
> academic experiment that can never leave the lab for the real world.

IMHO, avoiding to base the Internet on an encumbered algorithm is 
another good reason :-/

v2.23.0 | Report a Bug | By Email