In article <[email protected]> you write: >On Tue, 28 Feb 2017, Dale R. Worley wrote: > >> Well enough. Actually, I thought about this issue some more, and that >> led to my followup e-mail. I think there is a real desire to not have >> the DNS provide a direct catalog of valid e-mail addresses, but it >> conflicts with the weak security of non-salted hashes. As I said in >> that e-mail, I think this could be improved by providing a hash in a DNS >> record, which would mean that hashes would be well-justified as >> providing substantially more privacy/security than direct UTF-8 (or >> base64 or anything reversible). > >I don't think that justifies differentiating the lookups of OPENPGPKEY >versus SMIMEA records. So even if I agreed with you, I think it is >too late to change this.
They're experiments. I'd think it'd be useful for the experiments to see whether salted or unsalted hashes work better (or worse.) R's, John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
