Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-01.txt
Paul Vixie <paul@redbarn.org> Sat, 02 March 2019 02:33 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA91212D4EA for <dnsop@ietfa.amsl.com>; Fri, 1 Mar 2019 18:33:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1r2-1uYYZWz for <dnsop@ietfa.amsl.com>; Fri, 1 Mar 2019 18:33:24 -0800 (PST)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4036E129284 for <dnsop@ietf.org>; Fri, 1 Mar 2019 18:33:24 -0800 (PST)
Received: from [IPv6:2001:df0:eb:2f00:560:293b:9a4f:1cf2] (unknown [IPv6:2001:df0:eb:2f00:560:293b:9a4f:1cf2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id E27E8892C8; Sat, 2 Mar 2019 02:33:22 +0000 (UTC)
To: Mark Andrews <marka@isc.org>
Cc: fujiwara@jprs.co.jp, dnsop@ietf.org
References: <20190301.211448.2262229485785576167.fujiwara@jprs.co.jp> <8E7BCFB9-4578-4EAB-8CE7-B1C3BEF5B0C4@isc.org>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <56fa471b-f6aa-77e8-61ec-420dc6ebb781@redbarn.org>
Date: Fri, 01 Mar 2019 18:33:20 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/6.1.10
MIME-Version: 1.0
In-Reply-To: <8E7BCFB9-4578-4EAB-8CE7-B1C3BEF5B0C4@isc.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/AL6jRMCWRoRQpMOKbf7I2xeENmc>
Subject: Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Mar 2019 02:33:26 -0000
Mark Andrews wrote on 2019-03-01 12:00: > Or one can use TSIG with a well known key to get a cryptograph hash > of the response. ... i prefer this approach. no matter how bad fragmentation was in V4 and no matter how much worse it is in V6, we must not lock ourselves into packets whose size is computed from the analog properties of 10Mbit ethernet (1500) minus a whole bunch of witch-craft fudge factors. i expect to live until around 2050, and by that time i'd like to use a LAN max packet size that's only 1/15000th of capacity (as 10Mbit ethernet had), and to either use smaller packets when forwarding through a WAN gateway, or make fragmentation possible, which V6 has unintentionally made presently impossible. -- P Vixie
- [DNSOP] draft-fujiwara-dnsop-fragment-attack-01.t… fujiwara
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… Mark Andrews
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… 神明達哉
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… Paul Vixie
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… fujiwara
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… fujiwara
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… 神明達哉
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… Mark Andrews
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… Daisuke HIGASHI
- Re: [DNSOP] draft-fujiwara-dnsop-fragment-attack-… Florian Weimer