<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Hi,</div><div><br></div><div>On 26 Mar 2015, at 08:35, Nick Stallman <<a href="mailto:nick@agentpoint.com">nick@agentpoint.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
  
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  
  
    I was refering to stuff like this:<br>
<a class="moz-txt-link-freetext" href="https://isc.sans.edu/forums/diary/New+tricks+that+may+bring+DNS+spoofing+back+or+Why+you+should+enable+DNSSEC+even+if+it+is+a+pain+to+do/16859/">https://isc.sans.edu/forums/diary/New+tricks+that+may+bring+DNS+spoofing+back+or+Why+you+should+enable+DNSSEC+even+if+it+is+a+pain+to+do/16859/</a><br>
    <br>
    It would only be a security issue in certain cases, but if the set
    of ports was consecutive and not pseudo randomised it could reduce
    security of some applications which utilise random source ports.<br></div></blockquote><div><br></div>Ah, of course. I wasn't thinking wide enough. Good point :-).<div><div><br></div><div>Then I guess (hope) the multiple methods described in the RFC, in particular the cryptographic method would help to alleviate some of these concerns.</div><div><br></div><div>Sid</div></div></body></html>