Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-error and combinations of EDEs and RCODEs

Wes Hardaker <> Wed, 11 September 2019 23:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1623A1202DD for <>; Wed, 11 Sep 2019 16:02:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YC7p8V2QYwFg for <>; Wed, 11 Sep 2019 16:02:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A94DA12008D for <>; Wed, 11 Sep 2019 16:02:20 -0700 (PDT)
Received: from localhost (unknown []) by (Postfix) with ESMTPA id 94119281DB; Wed, 11 Sep 2019 16:02:18 -0700 (PDT)
From: Wes Hardaker <>
To: Tim Wicinski <>
Cc: Paul Hoffman <>, Wes Hardaker <>, IETF DNSOP WG <>
References: <> <> <> <> <> <>
Date: Wed, 11 Sep 2019 16:02:18 -0700
In-Reply-To: <> (Tim Wicinski's message of "Tue, 10 Sep 2019 20:58:25 -0400")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [DNSOP] [Ext] Re: draft-ietf-dnsop-extended-error and combinations of EDEs and RCODEs
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 Sep 2019 23:02:23 -0000

Tim Wicinski <> writes:

> it sounds to me that a discussion on assumptions with EDEs and RCODES
> would be useful in the security considerations section as well. 

I'll look at wording along those lines.

Note, however, that EDE codes are specifically meant as supplemental
information and shouldn't be "acted" upon.  Hence

Paul> A developer writes code that assumes that EDE X must go with RCODE Y
Paul> because the text for EDE X indicates that. The get a response with EDE
Paul> X and RCODE Z. The code rejects that, and does not act on RCODE Z.

"does not act on RCODE Z" is already the right approach, since it's
unauthenticated in the first place (which is discussed in the

> and Wes, it should be "Receivers MUST be" and not "Receives MUST be" in your
> last sentence. 

Yeah, fixed that already (and multiple people have pointed that one out
at this point...  you folks have good eyes)
Wes Hardaker