Re: [DNSOP] AD review of draft-ietf-dnsop-serve-stale-07

Barry Leiba <barryleiba@computer.org> Wed, 18 September 2019 15:18 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2006C1208E5; Wed, 18 Sep 2019 08:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.026, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wop6ic-CwNV1; Wed, 18 Sep 2019 08:18:49 -0700 (PDT)
Received: from mail-io1-f52.google.com (mail-io1-f52.google.com [209.85.166.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33182120890; Wed, 18 Sep 2019 08:18:49 -0700 (PDT)
Received: by mail-io1-f52.google.com with SMTP id m11so176491ioo.0; Wed, 18 Sep 2019 08:18:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=s2OIdApUNvjN0PNNIaFRj7xOgNkMpsymINA3uFhlaPo=; b=hzKMCM/amUzgv387o3GN6Dm+Y5TLPGaTK0Q/A5stX+phNl1ZwNWw6+jRYMwjyQ858/ oPd7RAuaqw70W95TLfKzr8wYr8q9G6cL7+sm8xd3Wv+8dYmjb2HgpzqBxqnd2FnbfY+f ulCj1p2SWMNk1JDZNcfEm6hj7wLYjHIgDnEsqAVxhAeRxCMWCdWq6CdZ2H/Y02YXpWe4 3Nx+WS2upB1tpXHENfF76fPjTOWKYdosbrHGAgB9O+GEtLMvtLteQXzjYmF1PFi5G+0e JVzhBmq6ClwrH/9/mQX75B55VyqucCm5GVMhBGoxhfj1obq6wHk1Zy7y9uxl5HQV1hBk AfyQ==
X-Gm-Message-State: APjAAAVB2YIn8W7F6+KGPCfQU6o5Btb9PVmKm9Nov6dIAWi4jNuWzlvN eZiJ9dVdM2nzgRqCbhjsZ1UL5QPwWdjvXfgiCCU=
X-Google-Smtp-Source: APXvYqxZWmTN78oySDD9X9xOpoqkzNv1PEPzznk239iXWD40rPQmoGoRkF2Y++cKf/tuJ9uKtkwWm5ZvSxwIPEO5JYs=
X-Received: by 2002:a6b:1787:: with SMTP id 129mr5737089iox.140.1568819928258; Wed, 18 Sep 2019 08:18:48 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJK1kMuOmN-1nXgJKQVvOeF8pvphCJ3sCsyZNbLSANEFng@mail.gmail.com> <20190914122918.oqgl22xzbegajlhw@sources.org> <CALaySJ+x2vMW3R0m+PES-BjqrPQ-wuZWfFO2nrnME-uxHzHptQ@mail.gmail.com> <CA+9_gVvKspAAJe5UgUq_m7-bEb4_AoqocEozV2_uEL2pq_jApg@mail.gmail.com>
In-Reply-To: <CA+9_gVvKspAAJe5UgUq_m7-bEb4_AoqocEozV2_uEL2pq_jApg@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 18 Sep 2019 08:18:34 -0700
Message-ID: <CALaySJJSWeH4AndSS7NfB72-FyXaoaac9cS+T+08wuwXjUOWPg@mail.gmail.com>
To: Puneet Sood <puneets@google.com>
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, draft-ietf-dnsop-serve-stale.all@ietf.org, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8TZ4aVoh3dFA-TVyHawZXdL8b7A>
Subject: Re: [DNSOP] AD review of draft-ietf-dnsop-serve-stale-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 15:18:51 -0000

Puneet, that sounds perfect.  Thanks for reconsidering this.

Barry

On Wed, Sep 18, 2019 at 8:14 AM Puneet Sood <puneets@google.com>; wrote:
>
> On Sat, Sep 14, 2019 at 8:46 AM Barry Leiba <barryleiba@computer.org>; wrote:
> >
> > > > I wonder if it makes sense to be more explicit here that one isn’t
> > > > meant to keep using expired data forever, but is expected to keep
> > > > trying to refresh it.  So, maybe?:
> > > >
> > > > NEW
> > > >       If the data is unable to be
> > > >       authoritatively refreshed when the TTL expires, the record MAY be
> > > >       used as though it is unexpired until an authoritative refresh is
> > > >       successful.
> > > > END
> > >
> > > I think your proposed text is worse since it contradicts the current
> > > draft, which limits the time during which you can serve stale answers
> > > "The maximum stale timer should be configurable, and defines the
> > > length of time after a record expires that it should be retained in
> > > the cache.  The suggested value is between 1 and 3 days. [Even if you
> > > cannot contact the authoritative servers, my note.]"
> >
> > Yes, true.  So maybe add "for a period of time or" before "until" in
> > my suggestion.  Or see if you can come up with better wording.  If you
> > really think it doesn't need to be qualified here because the rest of
> > the document takes care of it, I won't push it further.  I just think
> > it best to say *something* here that doesn't make it sound like an
> > entirely open-ended "MAY".
>
> I would prefer to not make the text in this paragraph too long since
> other sections go into detail on the conditions when the stale data
> can still be used. How about the following?
>
> "If the data is unable to be authoritatively refreshed when the TTL expires,
> the record MAY be used as though it is unexpired as long as certain
> conditions are met. See the Example Method and Implementation
> Considerations sections for details."
>
> >
> > > > Is another possible new security consideration that bad actors could
> > > > DDoS authoritative servers with the explicit intent of having stale
> > > > cached information used for longer, perhaps to extend the life of a
> > > > cache-poisoning attack or some such?
> > >
> > > Yes, seems right. Also reported by Viktor Dukhovni during the last
> > > call. May be add at the end of section 10 "Attackers could be incited
> > > to dDoS authoritative servers with the explicit intent of having stale
> > > cached information used for longer. But if they have this capacity,
> > > they probably could do much worse things than prolongating old data."
> >
> > Other than that "prolongating" isn't a word (use "prolonging the life
> > of"), that's probably OK.  Maybe add that the benefit outweighs the
> > risk, or some such, and then we'll see what the Sec ADs think.
>
> Added wording in the second paragraph of the Security Considerations section.
>
> -Puneet
>
> >
> > Barry
> >
> >
> > Barry