Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-roadblock-avoidance

Bob Harold <rharolde@umich.edu> Fri, 06 November 2015 17:07 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C23571B2A02 for <dnsop@ietfa.amsl.com>; Fri, 6 Nov 2015 09:07:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqT3oTcYqpnY for <dnsop@ietfa.amsl.com>; Fri, 6 Nov 2015 09:07:56 -0800 (PST)
Received: from mail-yk0-x22f.google.com (mail-yk0-x22f.google.com [IPv6:2607:f8b0:4002:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C72B81B29FA for <dnsop@ietf.org>; Fri, 6 Nov 2015 09:07:56 -0800 (PST)
Received: by ykdv3 with SMTP id v3so100935649ykd.0 for <dnsop@ietf.org>; Fri, 06 Nov 2015 09:07:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich_edu.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=iUJwBaFQme3BHH5r1NKfnZJi7A6sedaSMox1llA40NQ=; b=yLRiLnGSreBZisCEION6GjyUQ8iJAMmR0Xhhgu1zWbpImVgQUdHtjacWBYhhDpcxIa Z8gMpRC2NsB1J3tyo+DTjiFI0wC5KmcTfMS6NdkPqI6VOauT8EpiDYSkEk7w+EgNokNG 2zKpXBe0Bxw+gJ3ugwFrxKtZp1zvguQFmW9X1FLlWlgQNv/AeRsZ0PKwJgkeZdRxS4CQ nngmo6k1dWkG9CiYKIMenq3DLeFnltHM6cwbmOEY9DJQhUFIAkn9cXmMfKztEf//lNbs Kz1KQs17BhaOKeaChu5FGYuPj64TRzd2xui3jzV4+22XgVjMUGaU5poGoVFE1SA0MWEN 5Rzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=iUJwBaFQme3BHH5r1NKfnZJi7A6sedaSMox1llA40NQ=; b=UFzompquiSEQr/GiD0JLyq+cpsOfy7I5z/1TDMAoQQS/A+RVP86bdbJbDwCdBL6JVV LcURwMrvPsyUW/+HHRCkp6eTixSepzGmfB/ZtRsWAn++1PGAuv7xjNmOo+hrZAho5sQC Aoc57ENjst1+Duhwd31DdW1dxL3XGmzE33XZ5QN2Rr5oq53ViBNyV0UGhlEPVKLWZudM e8TgtCpZQSLFo+dyS84fiUbec8a7dyW7iXU48NZp5VHHeGeEDFpiKB2Mnafd5GRDBVdl 4Nz+wo88pb5klmghljn4VFJWYZZ7U2rFzeyi0PyflbC4xMs7JjIUDo2S23GGJVFPLpNu e9tQ==
X-Gm-Message-State: ALoCoQlL3bVwrTnqT4I4hABxxpoKqsZnkMsw8/mE1b6YjjCbHLQbrJ7Bi+NlyGEEXI9qnHTMMmuR
MIME-Version: 1.0
X-Received: by 10.129.93.193 with SMTP id r184mr11841082ywb.115.1446829675623; Fri, 06 Nov 2015 09:07:55 -0800 (PST)
Received: by 10.129.43.136 with HTTP; Fri, 6 Nov 2015 09:07:55 -0800 (PST)
In-Reply-To: <563C2758.6090105@gmail.com>
References: <563C2758.6090105@gmail.com>
Date: Fri, 06 Nov 2015 12:07:55 -0500
Message-ID: <CA+nkc8DX+-nnKKEKMz7wazf26RkqTqx00Os8ZRfSQZPKeK63Zw@mail.gmail.com>
From: Bob Harold <rharolde@umich.edu>
To: Tim Wicinski <tjw.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a114d71d8dde37c0523e248b5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/79fC3cu41oJPF5sGIJ1yKU1gvbw>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Working Group Last Call for draft-ietf-dnsop-dnssec-roadblock-avoidance
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 17:07:59 -0000

On Thu, Nov 5, 2015 at 11:06 PM, Tim Wicinski <tjw.ietf@gmail.com> wrote:

>
> During the meeting, it appears that this draft is ready for Working Group
> Last Call, with one item looking for direction from the working group.
>
> This starts a Working Group Last Call for
>         draft-ietf-dnsop-dnssec-roadblock-avoidance
>
> Current versions of the draft is available here:
>
>
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-roadblock-avoidance/
>
> Please review the draft and offer relevant comments. Also, if someone
> feels the document is *not* ready for publication, please speak out with
> your reasons.
>
> Because of the issue that needs to be addressed, we’re going to run a four
> week  Working Group Last Call process.
>
> The process ends on 5 December 2015.
>
> In "3.1.1. Supports UDP answers", in the last paragraph, I would also
accept a UDP response that had "TC=1", which could occur if the server
(using RRL) is under attack with spoofed addresses similar to this client.
Perhaps there are other conditions where a resolver will only answer UDP
queries with cookies or DTLS or other anti-spoofing assurances, that should
also be considered.  Also, is there a way for a resolver to indicate that
it only responds to TCP queries, and is that acceptable?