Hi Paul,

that's the point - we are concerned with on-path watchers.
That is why we are in strong favour of hashing like i already stated:
Hashing does not protect against "decryption" - but it makes a distinct
difference whether I need to make a targeted attack on a hash, or can
arbitrarily search through the plaintext in a stream of data.

Best
Patrik

Am 05.08.2015 um 17:55 schrieb Paul Hoffman:
> On 5 Aug 2015, at 8:25, Stephen Farrell wrote:
> 
>> On 05/08/15 16:12, Paul Hoffman wrote:
>>> Wearing my author hat: I don't care between b32 and hashing. Both are
>>> equally easy to document. However:
>>>
>>> On 5 Aug 2015, at 4:28, Stephen Farrell wrote:
>>>
>>>> So sorry to continue an argument but shouldn't this experiment be
>>>> a more conservative about privacy just in case it ends up wildly
>>>> successful?
>>>
>>> How is using the hash more conservative about privacy, except in zones
>>> that are signed with NSEC instead of the more common NSEC3? If you
>>> assume zones signed with NSEC3, both options are equally susceptible to
>>> dictionary-based guessing attacks, given that the effort to create
>>> search dictionaries for the billion of common LHS names is pretty low
>>> even for hashes.
>>
>> Tempora. That on-path attacker has a far easier time reversing the
>> b32 than anything based on the hash. Even with DPRIVE, we don't know
>> how to handle the recursive to authoritative part.
> 
> Thanks, I was only thinking of off-path attackers.
> 
> I agree that, if we are concerned with on-path watchers, hashes would
> preserve much more privacy than Base32 encodings.
> 
> --Paul Hoffman
> 
> _______________________________________________
> dane mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dane

-- 
Patrik Löhr

Posteo e.K.
Methfesselstr. 38
10965 Berlin

tel. +49 30 85074618
mail <[email protected]>
web <https://posteo.de>

USt-IdNr.: DE186713958
Handelsregister: Berlin-Charlottenburg · HRA 47592 B

_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane

Reply via email to