Re: [DNSOP] 5011-security-considerations and the safetyMargin
Bob Harold <rharolde@umich.edu> Fri, 17 November 2017 05:27 UTC
Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F0E4127B5A for <dnsop@ietfa.amsl.com>; Thu, 16 Nov 2017 21:27:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K0I_ZAPrfCpH for <dnsop@ietfa.amsl.com>; Thu, 16 Nov 2017 21:27:09 -0800 (PST)
Received: from mail-pf0-x22c.google.com (mail-pf0-x22c.google.com [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74FF81286B2 for <dnsop@ietf.org>; Thu, 16 Nov 2017 21:27:09 -0800 (PST)
Received: by mail-pf0-x22c.google.com with SMTP id u70so1133446pfa.7 for <dnsop@ietf.org>; Thu, 16 Nov 2017 21:27:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Xyieop/eVyzMlE+wqWe4R/61MvVPv8APgOa9KADFROE=; b=jRa+MsJaz1bGFvl1Im1QqzFF7UVQc61lvRx1CIJjWVnBBIpDKVdq3Xn/G/NGBvyHSs v1FhtpzFMx4rFrlBtzl1/7s9uLMJZ9OitD1BauQGuke5ZP56TCnWmlfdeE8GTNeWelPu LrPYPMFPTMW2vxWjW1zgPIONBExfwhfVQpVuSlOIn+yJCFOeaR6ejn/m740p7sbHlBFa TMGIjfSj+cqJlZC9wUQfkZVGUGpDyVXmp5qxn1fOwxP0jAxk69GHtT4X7E+qkcTfqx4E st0fcHY017gnYOJeyxtO9zNHZAEJ56qaHI50cfwOSLg98/6fr8IbNrCTWCJE+d5ySh1Z QuJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Xyieop/eVyzMlE+wqWe4R/61MvVPv8APgOa9KADFROE=; b=dOWzE/au/dZ/TTNserXgTkE3c4IPm1ffamdiugIa2loi+iJ9wpXUTH1EAt88xPYEIS ZH/5VNW6awDrd+FIGqhQHPlL/U+aW1ovbYQbKMCzm4MKWANQ4eytqTBazZfk3u2jSRFi 5ObOP7HLfwxI8qlycqRk1ZwlbhwgRiQIOcyBjiu7sbt1/UPijTK5AFSnp0sHDAobsc+t cWEetWMA8PNWr4BDrIghKL9MNpfgrRtvbY9LwZ5mQ0s3plvZt0Dn9tblIrm7bX8ARKzg 882uUlVRO851RCjrtSvnLsJL06VraYXCDRyo44qCHoJ4oYVGnL0Wa3Ahzw9Fs6Gi9Zs0 ekHA==
X-Gm-Message-State: AJaThX6wX35YhMmHcQlJM7lwbeBs05xmJ1JlFtR+xs1DsSgTYmR+jsuA tn2RUOrF4uJDCh4J4a2Vn6J8+1e3FqPnxhxGX7FAqQ==
X-Google-Smtp-Source: AGs4zMYijJimGsW3IryIwi4mNNiqvlDU7bF6PeFTx2Y1DaK/jKg4hJy3xrvlJMwmQGWO7CmKEHF4+cAqygWpFkm/qq4=
X-Received: by 10.84.217.20 with SMTP id o20mr4076473pli.62.1510896428881; Thu, 16 Nov 2017 21:27:08 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.171.6 with HTTP; Thu, 16 Nov 2017 21:27:08 -0800 (PST)
In-Reply-To: <df6bee9d-c140-995b-e45d-fa12f76103f5@pletterpet.nl>
References: <ybld14kpaz4.fsf@wu.hardakers.net> <df6bee9d-c140-995b-e45d-fa12f76103f5@pletterpet.nl>
From: Bob Harold <rharolde@umich.edu>
Date: Fri, 17 Nov 2017 00:27:08 -0500
Message-ID: <CA+nkc8A=Z2rB7iByow09zFeL45sf6NZcj36KRqDQZ7Cw1kNtUQ@mail.gmail.com>
To: Matthijs Mekking <matthijs@pletterpet.nl>
Cc: IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="f403045c61acefad63055e26fc5a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/4_ctxOg2OzLQgx9Tfk9stfANTy4>
Subject: Re: [DNSOP] 5011-security-considerations and the safetyMargin
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Nov 2017 05:27:12 -0000
On Thu, Nov 16, 2017 at 8:33 AM, Matthijs Mekking <matthijs@pletterpet.nl> wrote: > Wes, > > My preference is to include safetyMargin and have text to explain it > exists because of network delays etcetera, and also reference to RFC 5011's > retryTime. So that's some mix of 1B 1C or 2B I guess :) > > Best regards, > Matthijs > > > On 15-11-17 02:49, Wes Hardaker wrote: > >> >> The discussion has been long with respect to the safetyMargin in the >> 5011 security considerations document. There hasn't been a huge >> conclusion and many different ideas have been floated by, and we're now >> at the point where we need to pick between them. Below, I try to lay >> out the primary and sub-options available based on discussions so far. >> Please provide your opinions on your preference so I can wrap up this >> draft. >> >> Background: This document is not intended to provide operational >> guidance on what you SHOULD do. It's intended to draw the timing line >> below which you MUST NOT venture. The safetyMargin was introduced to >> prevent race conditions based on network delays, eg, which can mean that >> a RFC5011 Resolver operating at the same time as a PEP Publisher making >> a change at exactly at the minimum addWaitTime or addWallClockTime >> values would lead to a failure. So the primary question today is "how >> do we want to deal with this issue of real-world speed-of-light and >> other issues?". To complicate this a bit further, packets are never >> guaranteed to be delivered and network losses can entirely prevent a >> 5011 Resolver from succeeding at all for a given operation. >> >> Option 1. Include a safetyMargin of some value. >> >> 1A) safetyMargin = MAX(2*TTL, 1.5Hr) -- current draft >> >> 1B) safetyMargin = something based on the retryTime, >> (an example solution was suggested by MSJ) >> >> 1C) Your value here >> >> Option 2. Don't include a safetyMargin >> >> 2A) Just ignore the issues entirely >> >> 2B) Explain that this document does not cover operational >> complexities like retries (already in the -07 version), >> network delays and other operational issues. >> >> >> After thinking about this for far far too long, I've now switched my own >> opinion to that of 2C for the principal reason that this is the >> line-in-the-sand document, and to be honest people should be using >> values much larger than this, per MSJ's guidance on how 5011 should be >> used. Thus, it makes more sense to define this as the "MUST NOT go >> below this line" without trying to be precise about a value that can >> never be >> perfectly accurate, by definition. >> >> But, forget my opinion. What's yours? If nothing else, pick one of the >> [12][ABC] options above please, even without any text defining why you >> think so (until someone pokes you). >> >> I prefer 1A since the reasoning is well documented. or MAX(1A,1B), but that is more complex for little gain. -- Bob Harold
- [DNSOP] 5011-security-considerations and the safe… Wes Hardaker
- Re: [DNSOP] 5011-security-considerations and the … Wes Hardaker
- Re: [DNSOP] 5011-security-considerations and the … Matthijs Mekking
- Re: [DNSOP] 5011-security-considerations and the … Bob Harold
- Re: [DNSOP] 5011-security-considerations and the … Michael StJohns
- Re: [DNSOP] 5011-security-considerations and the … Wes Hardaker
- Re: [DNSOP] 5011-security-considerations and the … Michael StJohns
- Re: [DNSOP] 5011-security-considerations and the … Michael StJohns
- Re: [DNSOP] 5011-security-considerations and the … Wes Hardaker