<chair-hat=off> At 17:35 12/11/2007, Stephane Bortzmeyer wrote:
On Mon, Nov 12, 2007 at 11:03:44PM +0100, bert hubert <bert.hubert@netherlabs.nl> wrote a message of 34 lines which said: > Implementations MUST use Query-IDs that are hard to predict More detailed, with the help of Alex Bligh: Implementations MUST use Query-IDs that are hard to predict for a third party with access to wire data. This could, for instance, be achieved by introducing a random [RFC 4086] or pseudo-random component into the mechanism used to select the ID
when third party has access to query stream (i.e. wire access) all bets are off as it sees the query and can forge a single answer. The issue we are trying to address is: can a third party somehow observe few sequential queries and from that information predict future query id's and ports.Olafur
-- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>