Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt
Evan Hunt <each@isc.org> Mon, 28 September 2015 17:40 UTC
Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 630521AD37B for <dnsop@ietfa.amsl.com>; Mon, 28 Sep 2015 10:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LsqS-eZfl19Y for <dnsop@ietfa.amsl.com>; Mon, 28 Sep 2015 10:40:40 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 560B91AD378 for <dnsop@ietf.org>; Mon, 28 Sep 2015 10:40:40 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id B1D7A1FCAB7; Mon, 28 Sep 2015 17:40:37 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 3CB26216C57; Mon, 28 Sep 2015 17:40:36 +0000 (UTC)
Date: Mon, 28 Sep 2015 17:40:36 +0000
From: Evan Hunt <each@isc.org>
To: Paul Vixie <paul@redbarn.org>
Message-ID: <20150928174036.GA15052@isc.org>
References: <20150926191009.28433.58915.idtracker@ietfa.amsl.com> <20150926191551.GA32562@jurassic.l0.malgudi.org> <6944DF48-2A47-4E75-801F-37BEA19A1CCD@vpnc.org> <20150927000309.GA17973@jurassic.l0.malgudi.org> <F53FA522-E92B-420B-9C12-6D64AC9DD5D4@vpnc.org> <20150927025914.GA31910@jurassic.l0.malgudi.org> <alpine.LFD.2.20.1509281034040.25357@bofh.nohats.ca> <20150928154852.GA19077@jurassic.l0.malgudi.org> <56097146.3060208@redbarn.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <56097146.3060208@redbarn.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/5IQAKXRowifsiqwJiFiw6ICEaMk>
Cc: dnsop <dnsop@ietf.org>, Mukund Sivaraman <muks@isc.org>, Paul Wouters <paul@nohats.ca>
Subject: Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2015 17:40:41 -0000
On Mon, Sep 28, 2015 at 09:56:38AM -0700, Paul Vixie wrote: > so i think there's good cause to add a DNS-level checksum even as we add > DNS-level cookies. +1 I would prefer to use checksum and cookies in parallel rather than have the checksum option recapitulate cookie functionality, though. Unless I'm overlooking something, the NONCE field in Mukund's proposal becomes unnecessary if cookies are in use. Otherwise it seems like a very good idea. (It's a pity there's no version field in the COOKIE option format; COOKIE version 1 could have been extended to include a checksum.) -- Evan Hunt -- each@isc.org Internet Systems Consortium, Inc.
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-mu… Robert Edmonds
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Evan Hunt
- Re: [DNSOP] New Version Notification for draft-mu… Robert Edmonds
- Re: [DNSOP] New Version Notification for draft-mu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-mu… Paul Hoffman
- Re: [DNSOP] New Version Notification for draft-mu… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Paul Wouters
- Re: [DNSOP] New Version Notification for draft-mu… Mukund Sivaraman
- Re: [DNSOP] New Version Notification for draft-mu… Davey Song
- Re: [DNSOP] New Version Notification for draft-mu… Ólafur Guðmundsson