On Fri, Feb 07, 2014 at 11:08:20AM -0800, Paul Hoffman wrote:
> Those existed 15 years ago, and still do. The proposal to make
> it slightly harder for a harvester (and that's all we're suggesting)
> adds complexity and no measurable value.
Yes, adding iterations would definitely add complexity.
Arguably HMAC(domain, localpart) is more complex than
SHA(localpart@domain), I don't care which is used.
Either way of computing the hash of the full address, rather than
just the local part adds no complexity, and makes off-line attacks
more difficult (per site dictionaries, rather than global dictionaries).
This is a free win. There's simply no reason not to.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
