On Mon, Sep 28, 2015 at 09:56:38AM -0700, Paul Vixie wrote: > so i think there's good cause to add a DNS-level checksum even as we add > DNS-level cookies.
+1 I would prefer to use checksum and cookies in parallel rather than have the checksum option recapitulate cookie functionality, though. Unless I'm overlooking something, the NONCE field in Mukund's proposal becomes unnecessary if cookies are in use. Otherwise it seems like a very good idea. (It's a pity there's no version field in the COOKIE option format; COOKIE version 1 could have been extended to include a checksum.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop