Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

Philip Homburg <> Mon, 09 September 2019 13:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 29C5C120825 for <>; Mon, 9 Sep 2019 06:45:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dMk6U0kHsFO4 for <>; Mon, 9 Sep 2019 06:45:18 -0700 (PDT)
Received: from ( [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2046D120807 for <>; Mon, 9 Sep 2019 06:45:18 -0700 (PDT)
Received: from (localhost [::ffff:]) by with esmtp (TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384) (Smail #157) id m1i7Jym-0000HKC; Mon, 9 Sep 2019 15:45:16 +0200
Message-Id: <>
Cc: Willem Toorop <>
From: Philip Homburg <>
References: <> <>
In-reply-to: Your message of "Mon, 9 Sep 2019 14:13:01 +0200 ." <>
Date: Mon, 09 Sep 2019 15:45:14 +0200
Archived-At: <>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 09 Sep 2019 13:45:20 -0000

In your letter dated Mon, 9 Sep 2019 14:13:01 +0200 you wrote:
>When implementing DNS Cookies, several DNS vendors found that
>impractical as the Client Cookie is typically computed before the Client
>IP address is known. Therefore, the requirement to put Client IP address
>as input to was removed, and it simply RECOMMENDED to disable the DNS
>Cookies when privacy is required. herefore, the requirement to put
>Client IP address as input to was removed, and it simply RECOMMENDED to
>disable the DNS Cookies when privacy is required.

I don't quite understand this.

The proposed way of constructing a client cookie:
	Client-Cookie = MAC_Algorithm(Server IP Address, Client Secret )

means that if a host moves between networks it is quite likely it will
continue to use the same cookie. This allows a host to be tracked across

Neither RFC 7873 nor this draft has text that requires the host to change
the Client Secret when moving to a different link. 

Most DNS client software is general enough that we cannot rule out that it
will be used on a mobile device.

So we reach then end of Section 3, which says '[...] simply RECOMMENDED
to disable the DNS Cookies when privacy is required'

So it seems that this draft implicitly recommends that DNS client
cookies are by default disabled and should only be enabled on hosts that have
stable IP addresses.

If that's the intention, then maybe this can be stated explicitly in the