Re: [DNSOP] AD review of draft-ietf-dnsop-serve-stale-07
Barry Leiba <barryleiba@computer.org> Wed, 18 September 2019 15:18 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2006C1208E5; Wed, 18 Sep 2019 08:18:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.922
X-Spam-Level:
X-Spam-Status: No, score=-1.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.026, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wop6ic-CwNV1; Wed, 18 Sep 2019 08:18:49 -0700 (PDT)
Received: from mail-io1-f52.google.com (mail-io1-f52.google.com [209.85.166.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 33182120890; Wed, 18 Sep 2019 08:18:49 -0700 (PDT)
Received: by mail-io1-f52.google.com with SMTP id m11so176491ioo.0; Wed, 18 Sep 2019 08:18:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=s2OIdApUNvjN0PNNIaFRj7xOgNkMpsymINA3uFhlaPo=; b=hzKMCM/amUzgv387o3GN6Dm+Y5TLPGaTK0Q/A5stX+phNl1ZwNWw6+jRYMwjyQ858/ oPd7RAuaqw70W95TLfKzr8wYr8q9G6cL7+sm8xd3Wv+8dYmjb2HgpzqBxqnd2FnbfY+f ulCj1p2SWMNk1JDZNcfEm6hj7wLYjHIgDnEsqAVxhAeRxCMWCdWq6CdZ2H/Y02YXpWe4 3Nx+WS2upB1tpXHENfF76fPjTOWKYdosbrHGAgB9O+GEtLMvtLteQXzjYmF1PFi5G+0e JVzhBmq6ClwrH/9/mQX75B55VyqucCm5GVMhBGoxhfj1obq6wHk1Zy7y9uxl5HQV1hBk AfyQ==
X-Gm-Message-State: APjAAAVB2YIn8W7F6+KGPCfQU6o5Btb9PVmKm9Nov6dIAWi4jNuWzlvN eZiJ9dVdM2nzgRqCbhjsZ1UL5QPwWdjvXfgiCCU=
X-Google-Smtp-Source: APXvYqxZWmTN78oySDD9X9xOpoqkzNv1PEPzznk239iXWD40rPQmoGoRkF2Y++cKf/tuJ9uKtkwWm5ZvSxwIPEO5JYs=
X-Received: by 2002:a6b:1787:: with SMTP id 129mr5737089iox.140.1568819928258; Wed, 18 Sep 2019 08:18:48 -0700 (PDT)
MIME-Version: 1.0
References: <CALaySJK1kMuOmN-1nXgJKQVvOeF8pvphCJ3sCsyZNbLSANEFng@mail.gmail.com> <20190914122918.oqgl22xzbegajlhw@sources.org> <CALaySJ+x2vMW3R0m+PES-BjqrPQ-wuZWfFO2nrnME-uxHzHptQ@mail.gmail.com> <CA+9_gVvKspAAJe5UgUq_m7-bEb4_AoqocEozV2_uEL2pq_jApg@mail.gmail.com>
In-Reply-To: <CA+9_gVvKspAAJe5UgUq_m7-bEb4_AoqocEozV2_uEL2pq_jApg@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 18 Sep 2019 08:18:34 -0700
Message-ID: <CALaySJJSWeH4AndSS7NfB72-FyXaoaac9cS+T+08wuwXjUOWPg@mail.gmail.com>
To: Puneet Sood <puneets@google.com>
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, draft-ietf-dnsop-serve-stale.all@ietf.org, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8TZ4aVoh3dFA-TVyHawZXdL8b7A>
Subject: Re: [DNSOP] AD review of draft-ietf-dnsop-serve-stale-07
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2019 15:18:51 -0000
Puneet, that sounds perfect. Thanks for reconsidering this. Barry On Wed, Sep 18, 2019 at 8:14 AM Puneet Sood <puneets@google.com> wrote: > > On Sat, Sep 14, 2019 at 8:46 AM Barry Leiba <barryleiba@computer.org> wrote: > > > > > > I wonder if it makes sense to be more explicit here that one isn’t > > > > meant to keep using expired data forever, but is expected to keep > > > > trying to refresh it. So, maybe?: > > > > > > > > NEW > > > > If the data is unable to be > > > > authoritatively refreshed when the TTL expires, the record MAY be > > > > used as though it is unexpired until an authoritative refresh is > > > > successful. > > > > END > > > > > > I think your proposed text is worse since it contradicts the current > > > draft, which limits the time during which you can serve stale answers > > > "The maximum stale timer should be configurable, and defines the > > > length of time after a record expires that it should be retained in > > > the cache. The suggested value is between 1 and 3 days. [Even if you > > > cannot contact the authoritative servers, my note.]" > > > > Yes, true. So maybe add "for a period of time or" before "until" in > > my suggestion. Or see if you can come up with better wording. If you > > really think it doesn't need to be qualified here because the rest of > > the document takes care of it, I won't push it further. I just think > > it best to say *something* here that doesn't make it sound like an > > entirely open-ended "MAY". > > I would prefer to not make the text in this paragraph too long since > other sections go into detail on the conditions when the stale data > can still be used. How about the following? > > "If the data is unable to be authoritatively refreshed when the TTL expires, > the record MAY be used as though it is unexpired as long as certain > conditions are met. See the Example Method and Implementation > Considerations sections for details." > > > > > > > Is another possible new security consideration that bad actors could > > > > DDoS authoritative servers with the explicit intent of having stale > > > > cached information used for longer, perhaps to extend the life of a > > > > cache-poisoning attack or some such? > > > > > > Yes, seems right. Also reported by Viktor Dukhovni during the last > > > call. May be add at the end of section 10 "Attackers could be incited > > > to dDoS authoritative servers with the explicit intent of having stale > > > cached information used for longer. But if they have this capacity, > > > they probably could do much worse things than prolongating old data." > > > > Other than that "prolongating" isn't a word (use "prolonging the life > > of"), that's probably OK. Maybe add that the benefit outweighs the > > risk, or some such, and then we'll see what the Sec ADs think. > > Added wording in the second paragraph of the Security Considerations section. > > -Puneet > > > > > Barry > > > > > > Barry
- [DNSOP] AD review of draft-ietf-dnsop-serve-stale… Barry Leiba
- Re: [DNSOP] AD review of draft-ietf-dnsop-serve-s… Stephane Bortzmeyer
- Re: [DNSOP] AD review of draft-ietf-dnsop-serve-s… Barry Leiba
- Re: [DNSOP] AD review of draft-ietf-dnsop-serve-s… Puneet Sood
- Re: [DNSOP] AD review of draft-ietf-dnsop-serve-s… Puneet Sood
- Re: [DNSOP] AD review of draft-ietf-dnsop-serve-s… Barry Leiba