[rssac-caucus] [Ext] Re: FOR REVIEW: Harmonizing the Anonymization of Queries to the Root
Wessels, Duane
dwessels at verisign.com
Thu Feb 15 00:39:07 UTC 2018
> On Feb 14, 2018, at 4:35 PM, Paul Hoffman <paul.hoffman at icann.org> wrote:
>
> On Feb 14, 2018, at 4:22 PM, Wessels, Duane <dwessels at verisign.com> wrote:
>> It is meant to show (to me at least) that it actually works as described.
>>
>> I knew cryptopan is prefix-preserving, but before this exercise I didn't realize it actually keeps addresses in their RFC791-era classes (A,B,C,D,E). That is, a class C input address remains in class C in the output, etc.
>
> That surprises me, and might indicate an error in the implementation. Every bit in the input is supposed to be mixed evenly, and it sounds like at least the first set of bits in that implementation is not.
Maybe its something specific to dnsanon, rather than cryptopan, but it is intentional. See the start of scramble_ip4() in scramble_crypt.c.
DW
More information about the rssac-caucus
mailing list