This is what I added in new version of CGA-TSIGe when I considered the encryption and talked about encryption. It wasn't clear in the draft and some people asked me about that.
Best, Hosnieh From: dns-privacy [mailto:[email protected]] On Behalf Of Guangqing Deng Sent: Friday, May 09, 2014 9:43 AM To: Wes Hardaker Cc: dns-privacy Subject: Re: [dns-privacy] On behalf of Apr 1st, here is a DNSE solution. Have you ever built a prototype of this draft and done some test? If so, what is the extra time delay caused by it compared with normal DNS resolving? Maybe that is another problem. _____ Guangqing Deng CNNIC From: Wes Hardaker <mailto:[email protected]> Date: 2014-05-09 11:06 To: Guangqing Deng <mailto:[email protected]> CC: Wes Hardaker <mailto:[email protected]> ; dns-privacy <mailto:[email protected]> Subject: Re: [dns-privacy] On behalf of Apr 1st, here is a DNSE solution. "Guangqing Deng" <[email protected]> writes: > Hi, Wes, I have a minor question about this draft. It is said in > section 2.1 of this draft that the encrypted "real" request (namely > the blob "EEEEEEEE" in this draft) is taken as the left-most label of > the new synthetic domain name (namely > "EEEEEEEEE.K1.example.org"). Since the length of a domain name label > is within 64, now I am wondering is it always possible to insert an > encrypted DNS request into one synthetic domain name as the left-most > label? No, certainly there are issues in general. There are maximum lengths not just for a label, but for the number of labels. So not only is there size constraints for the size of an individual label (and there are ways around that), but there are constraints on the number of labels we can use (and there is no way around some of those issues; You always have to append a suffix which means you're always reducing the maximum label count by the suffix length. Which in the above is 2). -- Wes Hardaker Parsons
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
