-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Zhiwei Yan,
On 03/11/2015 04:24 AM, Zhiwei Yan wrote:
> Hi, All, I have a simple idea to support the encryption of the
> signalings between stub and recursive resolvers under UDP. My
> solution is based on asymmetric encryption scheme and the main
Hi, Wouter,
Your proposal provides a useful scheme to publish and fetch the public key of
the server.
It's the most important point of my solution, I mean, only when the client gets
the public key of the server, it can then encrypt the request information and
its own public key in the request me
On Wed, Mar 11, 2015 at 3:31 AM, W.C.A. Wijngaards wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi Zhiwei Yan,
>
> On 03/11/2015 04:24 AM, Zhiwei Yan wrote:
>> Hi, All, I have a simple idea to support the encryption of the
>> signalings between stub and recursive resolvers under UD
Looking forward to discussions on the draft in a few weeks.
--
Glen Wiley
Principal Engineer
Verisign, Inc.
(571) 230-7917
A5E5 E373 3C75 5B3E 2E24
6A0F DC65 2354 9946 C63A
On 3/11/15, 5:55 AM, "Warren Kumari" wrote:
>On Wed, Mar 11, 2015 at 3:31 AM, W.C.A. Wijngaards
>wrote:
>> -BEGI
The proposal is a reasonable approach and not overly complex. The question
that concerns me though is how the client authenticates the resolver.
Without authentication, encryption is useless because you could be having
the conversation with Mallet.
Using DNSSEC for that is problematic since the cr
Hi, Phillip,
You are right.
In order to make this solution work securely and efficiently. Except the issues
you mentioned, the key rollover schemes for both client and recursive server
should be designed.
BR,
Zhiwei
在 2015-03-11 20:26:13,"Phillip Hallam-Baker" 写道:
>The proposal is a reasonab
On Wed, Mar 11, 2015 at 08:26:13AM -0400, Phillip Hallam-Baker wrote:
> The proposal is a reasonable approach and not overly complex. The question
> that concerns me though is how the client authenticates the resolver.
> Without authentication, encryption is useless because you could be having
> th
On Wed, Mar 11, 2015 at 9:14 AM, Ilari Liusvaara <
ilari.liusva...@elisanet.fi> wrote:
> On Wed, Mar 11, 2015 at 08:26:13AM -0400, Phillip Hallam-Baker wrote:
> > The proposal is a reasonable approach and not overly complex. The
> question
> > that concerns me though is how the client authenticate
On Wed, Mar 11, 2015 at 01:25:24PM -0400, Phillip Hallam-Baker wrote:
> On Wed, Mar 11, 2015 at 9:14 AM, Ilari Liusvaara <
> ilari.liusva...@elisanet.fi> wrote:
>
>
> > > Another concern that I have is that the protocol has to protect resolver
> > > hosts from a Denial of Service attack. That mea
