IETF Logo Mail Archive

Re: [Asrg] DNS over SCTP

Francis Dupont <Francis.Dupont@fdupont.fr> Sat, 30 May 2009 20:30 UTC

Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B2E9C28C0E9 for <asrg@core3.amsl.com>; Sat, 30 May 2009 13:30:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.271
X-Spam-Level:
X-Spam-Status: No, score=-2.271 tagged_above=-999 required=5 tests=[AWL=-0.022, BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1RCaUSONCuU for <asrg@core3.amsl.com>; Sat, 30 May 2009 13:30:20 -0700 (PDT)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) by core3.amsl.com (Postfix) with ESMTP id 4EC7028C0DB for <asrg@irtf.org>; Sat, 30 May 2009 13:30:20 -0700 (PDT)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.13.8/8.13.8) with ESMTP id n4UKVxaZ048822; Sat, 30 May 2009 22:32:00 +0200 (CEST) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <200905302032.n4UKVxaZ048822@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: Douglas Otis <dotis@mail-abuse.org>
In-reply-to: Your message of Fri, 29 May 2009 17:24:54 PDT. <E6E4FD71-FAE4-482D-AAC4-FD4E24BB8CD2@mail-abuse.org>
Date: Sat, 30 May 2009 22:31:59 +0200
Sender: Francis.Dupont@fdupont.fr
X-Mailman-Approved-At: Sat, 30 May 2009 16:32:53 -0700
Cc: Anti-Spam Research Group - IRTF <asrg@irtf.org>, ietf@ietf.org
Subject: Re: [Asrg] DNS over SCTP
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 May 2009 20:30:20 -0000

 In your previous mail you wrote:

=> I keep this because your answer is not about this...

   > I don't understand your argument: it seems to apply to UDP over SCTP  
   > but here we have SCTP over UDP.  BTW the easiest way to convert DNS  
   > over UDP into DNS over SCTP is to use an ALG (application layer  
   > gateway) which in the DNS is known as a caching server (such servers  
   > are already used to provide IPv4/IPv6 transport conversion).
   
   The goal is to apply the SCTP protocol as a means to better protect  
   DNS from source spoofing, resource exhaustion, reflected attack  
   exploitation, and increased latency.

=> not only this is very arguable (for instance about the resource
exhaustion) but no hop-by-hop/channel security, even something as
strong as TSIG, can provide what we need, i.e., end-to-end/object
security (*).

Regards

Francis.Dupont@fdupont.fr

PS (*): I use the common meaning of end-to-end, not Masataka Ohta's one.

v2.23.0 | Report a Bug | By Email