Re: draft-ietf-dnsext-forgery-resilience-01.txt

[Florian Weimer <fw@deneb.enyo.de>]

* Tony Finch:

> On Mon, 12 Nov 2007, Florian Weimer wrote:
>> * Stephane Bortzmeyer:
>> >
>> > What is not a good idea? "Implementations SHOULD use good random
>> > source to select a Query ID" or "The draft should add a reference to
>> > RFC 4086"?
>>
>> The former.  It has been argued that non-repeating query IDs are more
>> important than good randomness.  I tried very hard to understand this,
>> but I still don't get it.
>
> You can't just naively pick a query ID at random from the whole 16 bit
> space because you'll have ID clashes.

Why are ID clashes a problem?  Do real-world authoritative servers
misbehave when confronted with them?

This should really be mentioned in the draft.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>