Hi Paul, that's the point - we are concerned with on-path watchers. That is why we are in strong favour of hashing like i already stated: Hashing does not protect against "decryption" - but it makes a distinct difference whether I need to make a targeted attack on a hash, or can arbitrarily search through the plaintext in a stream of data.
Best Patrik Am 05.08.2015 um 17:55 schrieb Paul Hoffman: > On 5 Aug 2015, at 8:25, Stephen Farrell wrote: > >> On 05/08/15 16:12, Paul Hoffman wrote: >>> Wearing my author hat: I don't care between b32 and hashing. Both are >>> equally easy to document. However: >>> >>> On 5 Aug 2015, at 4:28, Stephen Farrell wrote: >>> >>>> So sorry to continue an argument but shouldn't this experiment be >>>> a more conservative about privacy just in case it ends up wildly >>>> successful? >>> >>> How is using the hash more conservative about privacy, except in zones >>> that are signed with NSEC instead of the more common NSEC3? If you >>> assume zones signed with NSEC3, both options are equally susceptible to >>> dictionary-based guessing attacks, given that the effort to create >>> search dictionaries for the billion of common LHS names is pretty low >>> even for hashes. >> >> Tempora. That on-path attacker has a far easier time reversing the >> b32 than anything based on the hash. Even with DPRIVE, we don't know >> how to handle the recursive to authoritative part. > > Thanks, I was only thinking of off-path attackers. > > I agree that, if we are concerned with on-path watchers, hashes would > preserve much more privacy than Base32 encodings. > > --Paul Hoffman > > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane -- Patrik Löhr Posteo e.K. Methfesselstr. 38 10965 Berlin tel. +49 30 85074618 mail <[email protected]> web <https://posteo.de> USt-IdNr.: DE186713958 Handelsregister: Berlin-Charlottenburg · HRA 47592 B _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
