Re: [DNSOP] Call for Adoption: draft-song-atr-large-resp

"Peter van Dijk" <peter.van.dijk@powerdns.com> Mon, 21 January 2019 10:22 UTC

Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D61F130EF7 for <dnsop@ietfa.amsl.com>; Mon, 21 Jan 2019 02:22:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l7QIDcVzZoGS for <dnsop@ietfa.amsl.com>; Mon, 21 Jan 2019 02:22:10 -0800 (PST)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8960C128CE4 for <dnsop@ietf.org>; Mon, 21 Jan 2019 02:22:10 -0800 (PST)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx4.open-xchange.com (Postfix) with ESMTPS id 2C5266A273; Mon, 21 Jan 2019 11:22:08 +0100 (CET)
Received: from [10.242.2.48] (unknown [10.242.2.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 917423C1E52; Mon, 21 Jan 2019 11:22:07 +0100 (CET)
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: dnsop <dnsop@ietf.org>
Date: Mon, 21 Jan 2019 11:22:00 +0100
X-Mailer: MailMate (1.12.3r5579)
Message-ID: <4A75C4E3-F74F-46DB-9A8A-879C0BB79190@powerdns.com>
In-Reply-To: <BCACF554-8BE6-49BC-B75A-BCED776F5189@NLnetLabs.nl>
References: <BCACF554-8BE6-49BC-B75A-BCED776F5189@NLnetLabs.nl>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=_MailMate_1BEBF427-8C2B-4F0E-B925-CEE051C96F19_="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2GywgN5ivokBQg_PBacUnYmLgvI>
Subject: Re: [DNSOP] Call for Adoption: draft-song-atr-large-resp
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 10:22:13 -0000

Hello,

On 18 Jan 2019, at 18:55, Benno Overeinder wrote:

> We discussed this work (draft -01) in Montreal, and different opinions wrt. adoption were expressed.  In the past months, the authors pushed a draft version -02 that addressed and resolved some of these comments.
>
> This starts a Call for Adoption for:
> draft-song-atr-large-resp
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-song-atr-large-resp/
>
> Please review this draft to see if you think it is suitable for adoption by DNSOP, and comments to the list, clearly stating your view.
>
> Please also indicate if you are willing to contribute text, review, etc.  The WG accepts the document or not, but the WG chairs also expect a commitment from the WG participants who support the document to contribute to the draft, review, etc.
>
> The intended status of the draft is Experimental, but we want to ask developers/vendors if they plan to implement it.
>
> This call for adoption ends: 1 February 2019

I oppose adoption. Any implementation of this draft will actively hurt the DNS and the Internet, and thus publication as an RFC will actively hurt the DNS and the Internet.

The draft doubles the number of packets involved in a legitimate exchange; it more than doubles the number of packets involved in a spoofed exchange. About half of these packets are ICMP packets. Without the draft, ICMP packets are useful debugging aids, and in big numbers, indications of attacks or operational problems. With the draft, ICMP becomes another useless source of background noise.

Meanwhile, we have no indication that the draft solves any existing real world problem in a useful way.

Please do not adopt.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/