Hello Peter, > -----Original Message----- > From: dane [mailto:[email protected]] On Behalf Of Peter van Dijk > On 31 Jul 2015, at 16:26, Hosnieh Rafiee wrote:
> >> The sense of the room in the IETF-93 meeting was to do do a BASE32 > >> encoding of local part with 60 character labels, shortest label is > >> the left most label. > > > > I would see the use of base32 (without extra improvement techniques) > > as a security risk. This is because, it decreases the entropy of > > SHA256 hash function (As far as I know based on my experiment with > > SHA256, SHA256 are case sensitive) which result in possible attacks > on > > usernames and forging usernames. > > The planned/suggested use of base32 is *instead of* SHA256. Thus, > entropy is not a topic - as there is no hashing. > > (That said, encoding a SHA256 hash as base32 would not lose entropy. > Treating a base64-encoding of SHA256 as something base32-like would > lose entropy, but that’s a terrible idea for several reasons and nobody > is suggesting it). > OMG... IMO, in this case the approach will sacrifice users' privacy. Is there any thought of spams that the email owners would receive? Well.. I guess the draft wants to store this mapping on a DNS server right? And this DNS server is a public one... this means, we are handing over all emails to the spammers... I hope I am not correct :-/ Best, Hosnieh _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
