(Same error on this mail, I should pay more attention to To: and the reply button. Sorry for the mess)
On Thu, Dec 30, 2010 at 8:10 PM, Matthias Leisi <matth...@leisi.net> wrote: > On Thu, Dec 30, 2010 at 7:43 PM, John Levine <jo...@taugh.com> wrote: > >>>Any protocol that makes lookups in a huge adress space efficient and >>>efficiently-cacheable is going to leak much of the list information. > > As an operator of a whitelist, I don't care too much about this. Yes, > theoretically someone could get our data by doing "enough" queries to > public nameservers. But I doubt it will be worth the effort for the > "attacker": he would keep doing this over and over again to keep up > with the changes, and would sooner or later be blocked due to too high > traffic on the public nameservers. > >> a large zone file. The tradeoff point where it's cheaper than doing >> queries is quite high. If you've got a giant mail system, it makes >> sense, but if you have one or two MTAs, even fairly busy ones, it >> doesn't. > > I believe (although I haven't thought it through) that this largely > depends on the amount of changes in the list data. At dnswl.org, our > data changes only slowly. Rsync transfers are very efficient in terms > of bandwidth, but CPU intensive nevertheless. > > -- Matthias >
