Re: [BEHAVE] [Technical Errata Reported] RFC6147 (3236)
Wesley Eddy <wes@mti-systems.com> Sat, 02 June 2012 02:35 UTC
Return-Path: <wes@mti-systems.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A62F611E80BB for <behave@ietfa.amsl.com>; Fri, 1 Jun 2012 19:35:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Go5nPB5OaTRZ for <behave@ietfa.amsl.com>; Fri, 1 Jun 2012 19:35:26 -0700 (PDT)
Received: from omr15.networksolutionsemail.com (omr15.networksolutionsemail.com [205.178.146.65]) by ietfa.amsl.com (Postfix) with ESMTP id C20AF11E80B8 for <behave@ietf.org>; Fri, 1 Jun 2012 19:35:26 -0700 (PDT)
Received: from cm-omr2 (mail.networksolutionsemail.com [205.178.146.50]) by omr15.networksolutionsemail.com (8.13.8/8.13.8) with ESMTP id q522ZQF2024243 for <behave@ietf.org>; Fri, 1 Jun 2012 22:35:26 -0400
Authentication-Results: cm-omr2 smtp.user=wes@mti-systems.com; auth=pass (PLAIN)
X-Authenticated-UID: wes@mti-systems.com
Received: from [69.81.143.202] ([69.81.143.202:41726] helo=[192.168.1.106]) by cm-omr2 (envelope-from <wes@mti-systems.com>) (ecelerity 2.2.2.41 r(31179/31189)) with ESMTPA id 51/22-11572-DEB79CF4; Fri, 01 Jun 2012 22:35:26 -0400
Message-ID: <4FC97BE6.2040502@mti-systems.com>
Date: Fri, 01 Jun 2012 22:35:18 -0400
From: Wesley Eddy <wes@mti-systems.com>
Organization: MTI Systems
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: behave@ietf.org, marka@isc.org
References: <20120531004855.CB703621A0@rfc-editor.org>
In-Reply-To: <20120531004855.CB703621A0@rfc-editor.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [BEHAVE] [Technical Errata Reported] RFC6147 (3236)
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Jun 2012 02:35:27 -0000
While this may be a valid criticism, based on the rules for errata processing, I think the only feasible option we have is to reject it for now. http://www.ietf.org/iesg/statement/errata-processing.html says: Changes that are clearly modifications to the intended consensus, or involve large textual changes, should be Rejected. HOWEVER, it seems to me that if there was consensus around some new text that was simple to plop into that section, then the "Corrected Text" field could be updated with that, and we could make it a "Hold for Document Update" rather than rejecting it. Thoughts? On 5/30/2012 8:48 PM, RFC Errata System wrote: > > The following errata report has been submitted for RFC6147, > "DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers". > > -------------------------------------- > You may review the report below and at: > http://www.rfc-editor.org/errata_search.php?rfc=6147&eid=3236 > > -------------------------------------- > Type: Technical > Reported by: Mark Andrews <marka@isc.org> > > Section: 5.5 > > Original Text > ------------- > An application that wants to perform validation on its own should use the CD bit. > > Corrected Text > -------------- > Section 5.5 needs to be completely re analysed, > > Notes > ----- > Section 5.5 is written around the assumption that a validating stub resolver will be setting CD=1 as well as DO=1. There is no such requirement RFC 4035 and in fact setting both CD=1 and DO=1 leaves the stub resolver vulnerable to answers from authoritative servers for the zone that are serving a stale copy of the zone and spoofed answers being sent to the DNS64 server. > > Non CD=1 queries result in the DNS64 server in its recursive roll, filtering out, cryptographically bad answers. > > DO=1 alone should disable synthesis. > > Instructions: > ------------- > This errata is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party (IESG) > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC6147 (draft-ietf-behave-dns64-11) > -------------------------------------- > Title : DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers > Publication Date : April 2011 > Author(s) : M. Bagnulo, A. Sullivan, P. Matthews, I. van Beijnum > Category : PROPOSED STANDARD > Source : Behavior Engineering for Hindrance Avoidance > Area : Transport > Stream : IETF > Verifying Party : IESG > _______________________________________________ > Behave mailing list > Behave@ietf.org > https://www.ietf.org/mailman/listinfo/behave > > -- Wes Eddy MTI Systems