IETF Logo Mail Archive

Re: [DNSOP] draft-ietf-dnsop-reflectors-are-evil-05.txt

Joe Abley <jabley@ca.afilias.info> Wed, 12 December 2007 17:47 UTC

Return-path: <dnsop-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Vfk-0007e3-3Y; Wed, 12 Dec 2007 12:47:04 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2Vfi-0007dJ-Sn for dnsop@ietf.org; Wed, 12 Dec 2007 12:47:02 -0500
Received: from monster.hopcount.ca ([199.212.90.4]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J2Vfd-0005hV-FH for dnsop@ietf.org; Wed, 12 Dec 2007 12:46:57 -0500
Received: from [199.212.90.26] (helo=yxu1b26.hopcount.ca) by monster.hopcount.ca with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68 (FreeBSD)) (envelope-from <jabley@ca.afilias.info>) id 1J2VfX-0006gE-8L; Wed, 12 Dec 2007 17:46:53 +0000
Message-Id: <A1107A3F-DF06-4A69-B83D-A0ECE38FB672@ca.afilias.info>
From: Joe Abley <jabley@ca.afilias.info>
To: Edward Lewis <Ed.Lewis@neustar.biz>
In-Reply-To: <a06240802c385c7068f80@[192.168.1.101]>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v915)
Subject: Re: [DNSOP] draft-ietf-dnsop-reflectors-are-evil-05.txt
Date: Wed, 12 Dec 2007 12:46:50 -0500
References: <a0624080fc37ba787c4f6@[130.129.67.81]> <Pine.LNX.4.44.0712100857150.18281-100000@citation2.av8.net> <20071210153238.GA435@dul1mcmlarson-l1.verisignlabs.com> <a06240802c385c7068f80@[192.168.1.101]>
X-Mailer: Apple Mail (2.915)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Cc: dnsop@ietf.org
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Errors-To: dnsop-bounces@ietf.org

On 12-Dec-2007, at 12:16, Edward Lewis wrote:

> At 10:32 -0500 12/10/07, Matt Larson wrote:
>
>> repetition of a false claim--that authority servers can be used to
>> mount as large an attack as open servers--
>
> So what if authority servers can be used for attacks?  What does  
> that have to do with the recommendations in the subject document?
>
> (I know Matt wasn't the one who initiated the claim.)

It seems like it might have some relevance to the decision on whether  
this document is worth spending time on in the first place. However,  
since the document is already written and has been already extensively  
reviewed, this seems hardly relevant. (For the record, I think the  
document was worth writing.)

The (tangential!) question of whether recursive resolvers provide a  
simpler mechanism for launching these kinds of attacks than  
authoritative-only servers has been answered by several people,  
several times, I think (one example is <http://www1.ietf.org/mail-archive/web/dnsop/current/msg04457.html 
 >).

> The draft has good recommendations regardless of the events that  
> gave rise to it.

I agree. The sooner it is published, the better.


Joe

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email