* Stephen Farrell <[email protected]>: > > > On 05/08/15 09:14, Paul Wouters wrote: > >> > >> > >> I have no strong preference for base32 vs. digested localpart for the > >> hostname. Digested localparts require a little bit more work to invert > >> than base32, but given the low entropy of typical normalized localparts, > >> they don't provide a lot of protection against a determined attacker. > > > > And as clearly stated, were never meant to provide security. > > Hmm. > > With no hats, I gotta say I prefer the harder to invert local part > (i.e. hashed) to the reversible one (b32). > > If this experiment ends up successful, then I think we'll be setting > a precedent for other per-user identifiers to be used as part of a > DNS name so I do not believe that arguments about this aspect ought > be decided solely based on PGP or SMIME or DANE. We should also > consider that some other protocol is highly likely to follow what > seems to have worked (just as _blah.example.com has been mimicked) > and where we don't now know the privacy consequences of copying > the pattern we're setting here. > > For that reason, I really would prefer that we stick to the hash and > not go for the reversible per-user identifier.
ACK p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
