IETF Logo Mail Archive

Re: XQID (Re: Forgery Resistance phase #2 )

Paul Vixie <vixie@isc.org> Wed, 30 July 2008 19:05 UTC

Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8C51228C3CB; Wed, 30 Jul 2008 12:05:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sqibdk0FWR2C; Wed, 30 Jul 2008 12:05:43 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 8080D28C3B6; Wed, 30 Jul 2008 12:05:43 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KOGuN-0008P8-2Z for namedroppers-data@psg.com; Wed, 30 Jul 2008 19:00:23 +0000
Received: from [2001:4f8:3:bb:230:48ff:fe5a:2f38] (helo=nsa.vix.com) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <vixie@vix.com>) id 1KOGuJ-0008OR-7c for namedroppers@ops.ietf.org; Wed, 30 Jul 2008 19:00:21 +0000
Received: from nsa.vix.com (localhost [127.0.0.1]) by nsa.vix.com (Postfix) with ESMTP id 84708A9D1B; Wed, 30 Jul 2008 19:00:06 +0000 (UTC) (envelope-from vixie@nsa.vix.com)
From: Paul Vixie <vixie@isc.org>
To: Jelte Jansen <jelte@NLnetLabs.nl>
cc: namedroppers@ops.ietf.org
In-Reply-To: Your message of "Wed, 30 Jul 2008 20:09:13 +0200." <4890AE49.7040006@NLnetLabs.nl>
References: <200807281555.m6SFsxAO021711@stora.ogud.com> <027b01c8f17e$f99b0a80$ecd11f80$@com> <1135.1217352731@nsa.vix.com> <4890AE49.7040006@NLnetLabs.nl>
X-Mailer: MH-E 8.0.3; nil; GNU Emacs 22.2.1
Date: Wed, 30 Jul 2008 19:00:06 +0000
Message-ID: <71458.1217444406@nsa.vix.com>
MIME-Version: 1.0
X-Vix-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: 84708A9D1B.326D6
X-Vix-MailScanner: Found to be clean
X-Vix-MailScanner-From: vixie@vix.com
Subject: Re: XQID (Re: Forgery Resistance phase #2 )
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>

> correct me if i'm wrong, but i think you might be confusing two
> proposals here. XQID and the EDNS PING proposal. XQID appends entropy to
> the actual query name, and shouldn't be downgradeable by leaving out
> something (because then the answer wouldn't be the same as the query).
> 
> Using EDNS PING is 'cleaner' (it doesn't muck with the query), but would
> need something like you ask for here.

yes, and i apologize for my confusion, i'm jittery from too much coffee and
too little sleep in the last few weeks.  PING with that modification to
EDNS's fallback would work, though i'm beginning to realize that the
requirement should be phrased as "each query transaction must be protected
by XYZ bits of high quality random entropy, which can be reached using any
combination of udp port number, query ID, DNS 0x20 bits, PING, or repeated
queries".  XYZ is probably about 50 if we want to rule out guessing
attacks.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.45.0 | Report a Bug | By Email | System Status