Re: DNS over SCTP

From: Paul Wouters <paul at xelerance.com>
To: Alessandro Vesely <vesely at tana.it>
Cc: Anti-Spam Research Group - IRTF <asrg at irtf.org>, ietf at ietf.org
Date: Fri, 29 May 2009 09:28:29 -0400 (EDT)
In-reply-to: <4A1FB46A.4090805 at tana.it>
References: <4A1A45BA.5030704 at swin.edu.au> <3be421270905250718y5d62f6d5odb6f2bebecf418d0 at mail.gmail.com> <6684E747-55CB-4BB3-B838-9F4FE906AFE7 at mail-abuse.org> <200905251603.MAA16221 at Sparkle.Rodents-Montreal.ORG> <CCE0A3E1-4BCB-460C-AEA0-6548BB4AE8FE at mail-abuse.org> <4A1D64C9.5060505 at tana.it> <47BC2197-472E-4615-97D2-F7E42B8F3B7D at mail-abuse.org> <4A1E8BD3.8000103 at tana.it> <20090528131509.GA13521 at nic.fr> <4A1E9CBF.4010703 at tana.it> <20090528142325.GA22943 at nic.fr> <4A1EB214.6090507 at tana.it> <alpine.LFD.1.10.0905281236450.2926 at newtla.xelerance.com> <4A1FB46A.4090805 at tana.it>

On Fri, 29 May 2009, Alessandro Vesely wrote:

transport security is pretty meaningless in the DNS world which operatesusing a distributed caching system.
One has to trust each cache!


Your solution to protect the DNS is "just trust everyone"?

Given that it is pretty easy to predict a subsetof the queries a given server will issue in a give time frame, using SCTP canimprove reliability better than adding another 32bit random number.


The source port randomization patch is not DNSSEC. DNSSEC is much more then
a 32bit random number. Please read the RFCs.

Paul

References:
- DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
  - From: Alessandro Vesely
- Re: DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
  - From: Stephane Bortzmeyer
- Re: DNS over SCTP
  - From: Alessandro Vesely
- Re: DNS over SCTP
  - From: Stephane Bortzmeyer
- Re: DNS over SCTP
  - From: Alessandro Vesely
- Re: DNS over SCTP
  - From: Paul Wouters
- Re: DNS over SCTP
  - From: Alessandro Vesely

Prev by Date: Re: Taking a time out
Next by Date: Re: DNS over SCTP (was: Re: [Asrg] DNS-based Email Sender Authentication Mechanisms: a Critical Review
Previous by thread: Re: DNS over SCTP
Next by thread: Re: DNS over SCTP
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: DNS over SCTP

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.