Hello Hosnieh,
On 31 Jul 2015, at 16:26, Hosnieh Rafiee wrote:
Hi,
I have reviewed this draft. I have some questions and feedbacks...
The sense of the room in the IETF-93 meeting was to do do a BASE32
encoding of local part with 60 character labels,
shortest label is the left most label.
I would see the use of base32 (without extra improvement techniques)
as a security risk. This is because, it decreases the entropy of
SHA256 hash function (As far as I know based on my experiment with
SHA256, SHA256 are case sensitive) which result in possible attacks on
usernames and forging usernames.
The planned/suggested use of base32 is *instead of* SHA256. Thus,
entropy is not a topic - as there is no hashing.
(That said, encoding a SHA256 hash as base32 would not lose entropy.
Treating a base64-encoding of SHA256 as something base32-like would lose
entropy, but that’s a terrible idea for several reasons and nobody is
suggesting it).
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
