On Thu, Jan 09, 2014 at 05:08:28PM +0000, Dickson, Brian wrote:
> So instead of "encoding" per se, what about using a hash function?
An intriguing suggestion. If the hash is HMAC-SHA1(domain, username),
its hex representation is 40 octets which fits comfortably into a
DNS label. Dictionary harvesting attacks by following NSEC records
are a bit harder, since HMAC with the domain as a key makes the
use of rainbow tables less useful.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
