> correct me if i'm wrong, but i think you might be confusing two
> proposals here. XQID and the EDNS PING proposal. XQID appends entropy to
> the actual query name, and shouldn't be downgradeable by leaving out
> something (because then the answer wouldn't be the same as the query).
>
> Using EDNS PING is 'cleaner' (it doesn't muck with the query), but would
> need something like you ask for here.


yes, and i apologize for my confusion, i'm jittery from too much coffee and
too little sleep in the last few weeks. PING with that modification to
EDNS's fallback would work, though i'm beginning to realize that the
requirement should be phrased as "each query transaction must be protected
by XYZ bits of high quality random entropy, which can be reached using any
combination of udp port number, query ID, DNS 0x20 bits, PING, or repeated
queries". XYZ is probably about 50 if we want to rule out guessing
attacks.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: