Re: deprecating dangerous bit patterns and non-TC non-AXFR
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Fri, 22 August 2008 01:03 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE02D3A6A8C; Thu, 21 Aug 2008 18:03:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.05
X-Spam-Level: ***
X-Spam-Status: No, score=3.05 tagged_above=-999 required=5 tests=[AWL=0.995, BAYES_20=-0.74, FH_RELAY_NODNS=1.451, HELO_EQ_JP=1.244, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0J1TcXvN7e9p; Thu, 21 Aug 2008 18:03:20 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E3D863A68A4; Thu, 21 Aug 2008 18:03:19 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KWKx3-000GoY-Av for namedroppers-data@psg.com; Fri, 22 Aug 2008 00:56:29 +0000
Received: from [131.112.32.132] (helo=necom830.hpcl.titech.ac.jp) by psg.com with smtp (Exim 4.69 (FreeBSD)) (envelope-from <mohta@necom830.hpcl.titech.ac.jp>) id 1KWKwy-000Gnl-LF for namedroppers@ops.ietf.org; Fri, 22 Aug 2008 00:56:26 +0000
Received: (qmail 6448 invoked from network); 22 Aug 2008 01:02:21 -0000
Received: from softbank219001188017.bbtec.net (HELO necom830.hpcl.titech.ac.jp) (219.1.188.17) by necom830.hpcl.titech.ac.jp with SMTP; 22 Aug 2008 01:02:21 -0000
Message-ID: <48AE0EA6.5030607@necom830.hpcl.titech.ac.jp>
Date: Fri, 22 Aug 2008 09:56:06 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: ja, en
MIME-Version: 1.0
To: Mohsen Souissi <mohsen.souissi@nic.fr>
CC: Paul Vixie <vixie@vix.com>, namedroppers@ops.ietf.org
Subject: Re: deprecating dangerous bit patterns and non-TC non-AXFR
References: <g3od3qnuy1.fsf@nsa.vix.com> <82myj85dt4.fsf@mid.bfk.de> <72546.1219243301@nsa.vix.com> <82bpzn3etu.fsf@mid.bfk.de> <81795.1219246023@nsa.vix.com> <20080820172800.GF95996@kerkenna.nic.fr> <56470.1219266519@nsa.vix.com> <20080821171619.GA68008@kerkenna.nic.fr>
In-Reply-To: <20080821171619.GA68008@kerkenna.nic.fr>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
Mohsen Souissi wrote: > | i worry about > | <http://tools.ietf.org/html/draft-heffner-frag-harmful-02> and > | <http://tools.ietf.org/html/rfc4963>. An inappropriate assumption in them is reassembly timeout of 15 second. > ==> Hmm, I can see. Otoh, nobody could imagine at that time (and even > 10 years ago) how the network-layer would become complex and its > components (often) misbehaving (magic combination of NATs, Firewalls, Load > Balancers...). So don't blame yourself ;-) More than 20 years ago when IPv4 was designed, it was considered that packet transit time can be as long as several or tens of seconds. For example, TTL of IPv4 is a transit time upper limit measured in seconds. Then, 15 seconds of reassembly timeout was reasonable. Today, though TTL could be more than 1 second, which is already quite unlikely, jitter of packet transit time is a lot less than 1 second that 0.4~0.2 second of reassembly timeout is enough, which requires several lines of kernel modification. It solves the reassembly problem, at least for the time being. Masataka Ohta -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Re: deprecating dangerous bit patterns and non-TC… Paul Vixie
- Re: deprecating dangerous bit patterns and non-TC… Florian Weimer
- Re: deprecating dangerous bit patterns and non-TC… Mohsen Souissi
- Re: deprecating dangerous bit patterns and non-TC… Paul Vixie
- Re: deprecating dangerous bit patterns and non-TC… Olafur Gudmundsson
- Re: deprecating dangerous bit patterns and non-TC… Ray.Bellis
- Re: deprecating dangerous bit patterns and non-TC… Mark Andrews
- Re: deprecating dangerous bit patterns and non-TC… Mark Andrews
- Re: deprecating dangerous bit patterns and non-TC… Francis Dupont
- SCTP (and DCCP) Paul Vixie
- Re: SCTP (and DCCP) bert hubert
- Re: deprecating dangerous bit patterns and non-TC… Mohsen Souissi
- Re: SCTP (and DCCP) Paul Vixie
- Re: SCTP (and DCCP) Nicholas Weaver
- Agile countermeasures bert hubert
- how to spoof . by Kaminsky's method (Re: Agile co… JINMEI Tatuya / 神明達哉
- Re: Agile countermeasures Ted Lemon
- Re: how to spoof . by Kaminsky's method (Re: Agil… bert hubert
- Re: Agile countermeasures bert hubert
- Re: how to spoof . by Kaminsky's method (Re: Agil… JINMEI Tatuya / 神明達哉
- Re: how to spoof . by Kaminsky's method (Re: Agil… bert hubert
- Re: how to spoof . by Kaminsky's method (Re: Agil… JINMEI Tatuya / 神明達哉
- Re: how to spoof . by Kaminsky's method (Re: Agil… Nicholas Weaver
- Re: Agile countermeasures Ted Lemon
- Re: how to spoof . by Kaminsky's method (Re: Agil… Nicholas Weaver
- Re: how to spoof . by Kaminsky's method (Re: Agil… JINMEI Tatuya / 神明達哉
- Re: how to spoof . by Kaminsky's method (Re: Agil… Nicholas Weaver
- Re: how to spoof . by Kaminsky's method (Re: Agil… JINMEI Tatuya / 神明達哉
- Re: SCTP (and DCCP) Michael Renner
- Re: SCTP (and DCCP) Douglas Otis
- Re: deprecating dangerous bit patterns and non-TC… Masataka Ohta
- Re: deprecating dangerous bit patterns and non-TC… Ted Lemon
- Re: deprecating dangerous bit patterns and non-TC… Mark Andrews
- Re: deprecating dangerous bit patterns and non-TC… Masataka Ohta
- Re: deprecating dangerous bit patterns and non-TC… Ted Lemon
- Re: SCTP (and DCCP) Mark Andrews
- Re: SCTP (and DCCP) bert hubert
- Re: SCTP (and DCCP) Mark Andrews
- Re: SCTP (and DCCP) Wouter Wijngaards
- Re: SCTP (and DCCP) Paul Vixie
- Active countermeasures (threat or danger?) Ted Lemon
- Re: how to spoof . by Kaminsky's method (Re: Agil… JINMEI Tatuya / 神明達哉
- Re: Active countermeasures (threat or danger?) Nicholas Weaver
- Re: Agile countermeasures bert hubert
- Re: Agile countermeasures Paul Vixie
- Re: Agile countermeasures bert hubert
- Re: Agile countermeasures Paul Vixie
- Re: SCTP (and DCCP) Francis Dupont
- Re: SCTP (and DCCP) Paul Vixie
- Re: Agile countermeasures Brian Dickson
- Re: Agile countermeasures Paul Vixie
- Re: Agile countermeasures Florian Weimer
- Re: SCTP (and DCCP) Francis Dupont
- Re: deprecating dangerous bit patterns and non-TC… Danny Mayer
- [dnsext] Re: SCTP (and DCCP) Douglas Otis