The Nominum DHCP server (DCS) supports the exact mechanism described in the
collection of documents, except that the data is stored in a TXT record
rather than a DHCID record, because we are waiting on the DHCID record. We
also implement the older version of the protocol that the ISC server
s
On Monday 28 November 2005 23:40, Harald Tveit Alvestrand wrote:
> This means that we will not have a backwards compatibility issue with the
> installed base if we change the format of the record, but *will* have a
> procedural compatibility issue if we don't keep the property of "you can
> know th
On Mon, Nov 28, 2005 at 05:20:09PM -0500, Bernie Volz (volz) wrote:
> Yes, I can.
>
> The ISC's DHCP server (www.isc.org) does this (I'm not sure whether it
> uses MD5 to encode the client identity or not). Ted might know for sure.
It does, though it only encodes the client identity (client ident
--On tirsdag, november 29, 2005 00:03:03 -0700 Ted Lemon
<[EMAIL PROTECTED]> wrote:
On Monday 28 November 2005 23:40, Harald Tveit Alvestrand wrote:
This means that we will not have a backwards compatibility issue with the
installed base if we change the format of the record, but *will* hav
Thanks - these responses point out very clearly that the mechanism is being
used as described, *except* for the bit that's contentious (use of MD5 for
information hiding).
This means that we will not have a backwards compatibility issue with the
installed base if we change the format of the re
BTW: Just to be clear, the MD5 hash is calculated using both the client
identifier AND the domain name. But the domain name is known (it is the
entry under which the DHCID RR lives).
However, this means that the DHCID data for a client changes with its
name.
The RDATA for all type codes other
]
> Sent: Monday, November 28, 2005 5:14 PM
> To: Bernie Volz (volz); Steven M. Bellovin; Ted Lemon
> Cc: dhcwg@ietf.org; Pekka Savola; ietf@ietf.org;
> namedroppers@ops.ietf.org
> Subject: RE: [dhcwg] Re: DHCID and the use of MD5 [Re: Last
> Call: 'Resolution ofFQDN Conflic
--On mandag, november 28, 2005 17:00:39 -0500 "Bernie Volz (volz)"
<[EMAIL PROTECTED]> wrote:
I confess that I don't see the problem. The updater would do a DNS
query for DHCID RRs; it would be given all of the stored
records.
That's not how the current update algorithm works. Sure, we co
BTW, whatever algorithm you use (SHA-256 or even something much more
complex) is not going to help -- it may make the work someone has to do
a bit more involved, but it really doesn't make it impossible.
1. You always have a brute force attack. As you indicate, calculating
the hash based on the ma
> I confess that I don't see the problem. The updater would do a DNS
> query for DHCID RRs; it would be given all of the stored
> records.
That's not how the current update algorithm works. Sure, we could do
almost anything but we'll be debating this for the next 100 years. It
has already gone
10 matches
Mail list logo
