Daniel Kahn Gillmor wrote:
> On Fri 2018-12-14 19:12:41 +0100, A. Schulze wrote:
> >
> > 5. Encoding a key as DNS name of a nameserver makes key rotation harder.
> >Not impossible, but really much harder.
>
> i agree that it makes it harder, but i'm not convinced that it is *much*
> harder.
On Fri 2018-12-14 19:12:41 +0100, A. Schulze wrote:
> Am 11.12.18 um 06:38 schrieb Mukund Sivaraman:
>> There was some discussion in last night's meeting about encoding keys in
>> the DNS name of a nameserver, similar to DNSCurve. There are at least
>> some issues with it:
>> 1...4
>
> 5. Encoding
Hello,
Am 11.12.18 um 06:38 schrieb Mukund Sivaraman:
> There was some discussion in last night's meeting about encoding keys in
> the DNS name of a nameserver, similar to DNSCurve. There are at least
> some issues with it:
> 1...4
5. Encoding a key as DNS name of a nameserver makes key rotation
>
> On Fri 2018-12-14 02:22:12 +0530, Mukund Sivaraman wrote:
> > The trailing '='s are part of the base32 encoding.
> >
> > [muks@naina ~]$ echo -n
> "MFRGGZDFMZTWQ2LKNNWG23TPOBYXE43UOV3HO6DZPI3TQOJQGEZA" | base32 -d
> > abcdefghijklmnopqrstuvwxyz789012[muks@naina ~]$ echo -n
>
On Fri 2018-12-14 03:30:29 +0530, Mukund Sivaraman wrote:
> I don't think this way. :) I think it will not support every RFC 1035
> DNS name, but only a subset of it. It should work for every valid name,
> because they are valid names and some application may want it. Why
> settle for hacks when
On Thu, Dec 13, 2018 at 04:21:39PM -0500, Daniel Kahn Gillmor wrote:
> Hi Mukund--
>
> thanks for your prompt followup!
>
> On Fri 2018-12-14 02:22:12 +0530, Mukund Sivaraman wrote:
> > The trailing '='s are part of the base32 encoding.
> >
> > [muks@naina ~]$ echo -n
> >
Hi Mukund--
thanks for your prompt followup!
On Fri 2018-12-14 02:22:12 +0530, Mukund Sivaraman wrote:
> The trailing '='s are part of the base32 encoding.
>
> [muks@naina ~]$ echo -n
> "MFRGGZDFMZTWQ2LKNNWG23TPOBYXE43UOV3HO6DZPI3TQOJQGEZA" | base32 -d
>
Hi Daniel
First, thank you for replying. I wondered if I'd said something
completely wrong. :)
On Thu, Dec 13, 2018 at 01:50:39PM -0500, Daniel Kahn Gillmor wrote:
> On Tue 2018-12-11 11:08:06 +0530, Mukund Sivaraman wrote:
> > 1. The RDATA of an NS record has to be a hostname, so it would limit
On Tue 2018-12-11 11:08:06 +0530, Mukund Sivaraman wrote:
> 1. The RDATA of an NS record has to be a hostname, so it would limit the
> amount of data that can be encoded within the NSDNAME. As an example,
> base32 encoding is not possible.
why is base32 encoding not possible for a hostname?
just