IETF Logo Mail Archive

Re: [BEHAVE] DNS64 validation

Simon Perreault <simon.perreault@viagenie.ca> Thu, 30 July 2009 08:53 UTC

Return-Path: <simon.perreault@viagenie.ca>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F10B03A718C for <behave@core3.amsl.com>; Thu, 30 Jul 2009 01:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G09-Vsz-I3L9 for <behave@core3.amsl.com>; Thu, 30 Jul 2009 01:53:03 -0700 (PDT)
Received: from jazz.viagenie.ca (jazz.viagenie.ca [IPv6:2620:0:230:8000::2]) by core3.amsl.com (Postfix) with ESMTP id 6716A3A6834 for <behave@ietf.org>; Thu, 30 Jul 2009 01:53:01 -0700 (PDT)
Received: by jazz.viagenie.ca (Postfix, from userid 8) id 39EB729E15E4; Thu, 30 Jul 2009 04:53:01 -0400 (EDT)
Received: from dhcp-13e3.meeting.ietf.org (unknown [IPv6:2001:df8:0:16:20a:95ff:fef7:a2af]) by jazz.viagenie.ca (Postfix) with ESMTP id 6C11829E15DD; Thu, 30 Jul 2009 04:52:59 -0400 (EDT)
Message-ID: <4A715F66.3040600@viagenie.ca>
Date: Thu, 30 Jul 2009 10:52:54 +0200
From: Simon Perreault <simon.perreault@viagenie.ca>
User-Agent: Thunderbird 2.0.0.22 (Macintosh/20090605)
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>
References: <4A703A8A.6060204@viagenie.ca> <20090729163826.GC9895@shinkuro.com> <07db01ca10e2$578c5b70$5f7d150a@cisco.com> <4A714828.5060901@viagenie.ca> <0a5301ca10ea$0db0c240$5f7d150a@cisco.com> <4A7157C0.7010309@viagenie.ca> <0a8501ca10f1$0b961b70$5f7d150a@cisco.com>
In-Reply-To: <0a8501ca10f1$0b961b70$5f7d150a@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: 'Andrew Sullivan' <ajs@shinkuro.com>, behave@ietf.org
Subject: Re: [BEHAVE] DNS64 validation
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2009 08:53:04 -0000

Dan Wing wrote:
> What is gained by validating a negative AAAA,
> other than exercising DNSSEC?

Hmmmm... The only attack vector I see is directing additional domains to
the NAT64 box in the hope of causing a DoS. Not a big deal.

How about making this a SHOULD instead of a MUST?

Simon
-- 
DNS64 open-source   --> http://ecdysis.viagenie.ca
STUN/TURN server    --> http://numb.viagenie.ca
vCard 4.0           --> http://www.vcarddav.org

v2.23.0 | Report a Bug | By Email