"trivial" changes to DNS (was: OpenNTPProject.org)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Jan 16 20:49:43 UTC 2014

On Thu, 16 Jan 2014 13:35:00 -0600, Jimmy Hess said:

> Then  the client's  UDP stack must  construct and send a  Hashcash   proof
> of work,  of sufficient difficulty  based on the estimated query plus
> response size,
> up to the first full round trip;
>   containing a message digest of the first UDP packet  the client will
> send,  before sending the packet,  or it will be silently discarded.

> An  out-of-band reply will come back to the claimed source,   that the
> client souce IP:Port has to acknowledge within 5 packets.
> Once the out-of-band reply is acknowledged,   the source is confirmed not
> to be spoofed.

How is this any better than a TCP 3-packet handshake with syncookies?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140116/a490c48d/attachment.sig>

More information about the NANOG mailing list