On Fri, Oct 24, 2014 at 8:36 AM, Frederico A C Neves <[email protected]> wrote:
> On Fri, Oct 24, 2014 at 08:18:54AM -0400, Phillip Hallam-Baker wrote: > > On Fri, Oct 24, 2014 at 1:57 AM, Watson Ladd <[email protected]> > wrote: > ... > > > > The DoS and amplification attacks are the reasons why I believe that > > whatever mechanism we choose needs to authenticate requests and only > > respond if the request is 'sufficiently' authentic. > > We do have a "sufficiently" solution for this proposed now for more > than 8 years and counting. > > http://tools.ietf.org/html/draft-eastlake-dnsext-cookies-00 > Which would be an approach to use if we were not also planning to encrypt the messages which makes use of a MAC much easier and allows us to limit the impact to the transport/presentation packaging and not impact the DNS protocols.
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
