Re: [DNSOP] Suresh Krishnan's No Objection on draft-ietf-dnsop-dns-capture-format-08: (with COMMENT)
Jim Hague <jim@sinodun.com> Thu, 29 November 2018 12:57 UTC
Return-Path: <jim@sinodun.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 258BD130DC8; Thu, 29 Nov 2018 04:57:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1oKGKsG6Qj0o; Thu, 29 Nov 2018 04:57:54 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7BBD12F295; Thu, 29 Nov 2018 04:57:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=balrog-2018; h=Date:To:From:Subject; bh=lRJ4sVUG0+DzCXkOLvd2T8/lhC0b0TikDhJ4069Qseg=; b=VaVPm8Uq67VL0EpMDcAU1D4UKr Vu1ZUqaHPl4CzzHB4Mc7qPu83cW9hUnR+iDO4PYiop1NA3wjdzrfiAt7njmxiqmtQ2dR7S4QGxTGb 8up/mPDb4yF7tCMf0sH92tc7flTQFW91jBb+zolwhuw9tsRS6kMlOYlcMNRX482gEfq1O/f853iro 6ROKvs8aLIloS8aqzwPq0+169aY8yS6vVdSxmOsamGjIZ7an/nOZCJiCnIwiMzcA5phk33VrlwlZI Rlmlp5JqJea25UikbLuS9TF9b5Bydh52dmGb88Ip4B714G+9+KWe2IetMCMSKOZefg1I6rogoAqX5 2FiQ0lfg==;
Received: from [2001:b98:204:102:fff1::11] (port=52043 helo=Jims-iMac.local) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <jim@sinodun.com>) id 1gSLt5-0007EE-PT; Thu, 29 Nov 2018 12:57:52 +0000
From: Jim Hague <jim@sinodun.com>
To: Suresh Krishnan <suresh@kaloom.com>, The IESG <iesg@ietf.org>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dnsop@ietf.org, dnsop-chairs@ietf.org, draft-ietf-dnsop-dns-capture-format@ietf.org
References: <154281142792.11466.13031799522956020256.idtracker@ietfa.amsl.com> <17073c5d-667a-6de9-9226-d628c5e559ab@sinodun.com>
Openpgp: preference=signencrypt
Autocrypt: addr=jim@sinodun.com; prefer-encrypt=mutual; keydata= xsFNBFjma08BEADHz5x1FKpV7GGMzaXlnC88O+f9iJjkajqdk8YJFS9GBB4X0RnJvew5Ek/Q yTbalhhg8lkMcDkJlW6/l+XPuwTeChLdF83c8yUW49gJ1xN2YP0pew38JzXUpeHC/JLY1FYb canohDqWojY/chE4tscGKehmmHRkneTdtZgreCNMi4cpqu4PsWiJkbBLwRlTTtq0eIUBLCcF 3/Q8Um3SXuKcXhO9XVSNIP/wHUKkZcIBJ2ZWIQYHefuos56BAZOuaV5lPkgaAcb/o72hyU+l yKF87J/srK0PIXK9WcyOYW77N8XDjr9z9W9YIPVrYfX/9DuwibJd9KfdN36T7MbYZW4sensn FsJ9SRhv7cCAcpYCLQtzVYaJ8d8OY4UJSpV3uXH/TZ0lmIH2h0M9m+5LxjyFkoeR1Dbb+OO5 P7X+lx+7kNz34fbwFoXgSWqCPOtJLHR4qejUG3oXGgfi4rBC2336Fv26og27j7TVwRlLeYF1 79/drAcsNS2SiH4v2/Frf44nKh0f6GlufcZVJSnXviMzubDedgTWsqqf8t2pjHDwWTfcGa1s plQ5rClRv43aa/QLC4+lid1MA3bHgtufPDZWz1kFmEMm+lAuFNzoQakcWm8OweN5s/MgkUFj lV/VtvmsrIt9D3BL4F5fxDG9hWwOOIwUXiCRAg57XYdTqTwa6wARAQABzRxKaW0gSGFndWUg PGppbUBsdW5jaC5vcmcudWs+wsF6BBMBCgAkAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA BQJY5mwQAhkBAAoJEO4RoliWIemRZnEQAJMfSE1ylcKl22uaFKyE2Yg5sH0FyEdTiA8cFr2w 3Xc05Aqpv2MDko39iUfqR9AROPZNyHJtVrWrG4xicEVI/ZVHq5ujtFgllHWeoTD9X3LzvvJr 6Xogh6ZHtuJkRW05sA6dz0J/eD1bGAi7vcE0/hUo7+zpaUxNMXhn9eSjMLcSNPTfCRbeLSZb 1ooe88jNzJ5oDHz8+rCckTe38Qea+jGI0+EeG5fZkRGZiNcOV7xEcjJPRRsANX71oufj+7ZH rYAF0zSst+W29siAxL/rpMcZzqakt8bt25uMvbLlqgusLYeyKKkNRPaGYmqVzekWL2OceaLf yKr05X2LsZqcvgDfnpK0XJqOqztHudQdgutyhuzsla1JEV8TBg0Siqv7i7/osGo36EO5+FTr BQmX8tqQUiGTAOuEowr9UxznBlflGTrwd1Nfln6bNeGaAFs9k9yPQSlbnnY+VAU0fuffGYt/ Yyp3r3R+EyBWsejbXiba0/wBNczDqaJPJAhnswel1qSV1Aw6UyvG673ewLwqPdI+qz67x7yO K0MRTDW/5Vec3MyTBHjcycbkvP9gr1hyNZhHLUiK3/vfzhocMUGzRYpFuF82r/ouPuFgRsC7 KHVh2LKJk7tKvxB3ozpnHv8GAgQ3GvFVrGIzzYxF3ZL3mVJO1JNH+cJU84F9RRgErdcVzsFN BFjma08BEADxnGIWD0IRk/SMBL/nIebJN2i86SNLmjGWBbzM/DAIFylRrxzGL3eewsPd15Va IToMb7OsxK22aAXv/CqoTQFpLvNIV3gKuSvUiUun2Aas9V3yKFWnjyvmJpSzWIfhr+IsBdC5 StlQtgVlk9jcFoIpqaVTgPK8DUZzrWKEHObqeUQde9rbqlbL3wUiYaAsC9R2JQrdoSEG8fhS jdmDGicTFJPJdyoaHQz/YhyqpH5aEs5eLTgtWMeNRkgBH7wgJmH0Gn8oSHEf4JVmSdz+TgWK DaHvoP9KgoLOZEK3Q1pCDT6/EQgo9B07nej1e22ld7JGEbVCWy9IeQrOZ95YHypWiqXyQsi4 vYTp4bYhLqW4aHZJeF2Ic+3sTng53OrV5oqL4ExuIYbNbG/6To7xxvcnVlQme5x7bNbPuiZy rPyj8Cid0xI0FuWiGOh9v0nEC0zVTaAwjX82h5f9f0USYRfdYTIkoQiVE57kCQdNF7aJnJdB lxWIxKlrsfN2WgMVv4NBSgQCbq6uZF3bHPfAhF82j47JeC1sFkRnJf5y7EsKNkvT++1J6bRJ 0qD6WC+1v53iMh3Nx63/F4a7L3iBY6Q/4ITUPzA0OkVqw4oqHHgIsqx18pIzeDgCYMK7d/Vx awWiFsNNExtIpTjsSYJyxB9rOJO3yccVjxO1C1pExwMXTQARAQABwsFfBBgBCgAJBQJY5mtP AhsMAAoJEO4RoliWIemRBRUP/3LMVCCtcvHUAd61nkr2LTSPQW7Y9+he/BU672mUp3OPrtL/ wF3Cg+JQR30bJC6ztY5wAWrKoB8A380GmhhBa4havapzfp+vXvHxU4LW+ie/lE0sGneRDN1t wGkvhLRH6NGhjOEd5zWDm4D/zOzubBB5FZ4E70yadzZmzsQC7XIk28WfGDHysHJTEMmOklWy UEMF6oWvygaEMHC/lgxXYORYDA5LeElOtPbvHeRaazX74yUCTaA7w4810Dxd7aXMS+7yK3/e 2qucM6VVWb5O7bdKckJBrBxAe7BpzH2in+nA2TDoMQRCukGsnOQreQX8ulQVDC3ZEmvHmErd NHVBrcbxb5hBrnykNHy7jkNqxsS5xNJqfdo0Xa0NdD5QIZGydF4Q2J102f1eB3FpzGCugx+z sPdMFv0YKEBfS00GwCZepv/2TS0fMRwgVsjKuxkTFWklIgOWIiDrq8taSS5VXiOzxWmG0/CK XUXRviyrZ7ATwI+CqJvnbKVat1Tzu2AjtsY/jtCOpDsfwNrESQllrh4LIclNi5EojBC+h5H9 6bByZCh2/UszlhlEewHglNXSAXElQJRmC/R8ON0uHU30ZcWTzS1ohTTz1Rzo2Y27A54OxXRM IjMZr6g+IfF9Ya5kMWMIK/+c7y0Q2YWmpCO0cAWQjYN0TPWSQ0H08pfNFG9P
Organization: Sinodun Internet Technologies Ltd.
Message-ID: <ccfc15db-77a2-d658-55a8-b1ae0cc626bf@sinodun.com>
Date: Thu, 29 Nov 2018 12:57:43 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <17073c5d-667a-6de9-9226-d628c5e559ab@sinodun.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-BlackCat-Spam-Score: 0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Fkz0olgUeKC-8SmspsLMcdSJYbg>
Subject: Re: [DNSOP] Suresh Krishnan's No Objection on draft-ietf-dnsop-dns-capture-format-08: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Nov 2018 12:57:56 -0000
On 22/11/2018 12:53, Jim Hague wrote:
> On 21/11/2018 14:43, Suresh Krishnan wrote:
>> * Section 7.4.1.1.
>>
>> Looks like you can limit the
{client,server}-address-prefix-{ipv4,ipv6} fields
>> to one byte to restrict the range. e.g.
>>
>> client-address-prefix-ipv6 => uint .size 1
>>
>> Similar restrictions can be used for port (2) and TTL/hop limit (1)
fields.
>[....]
>
> As to whether there is value in applying size or range restrictions
> throughout the rest of the fields, we're not so sure. As well as port
> and hoplimit, many of the DNS items (e.g. opcode, rcode) could also be
> allocated a maximum size. Or possibly we should only put a range on
> user-specified items such as VLAN IDs or opcodes to capture.
>
> We'll ask the CBOR WG mailing list if there is a preferred CDDL style
> for these cases.
The CBOR WG report there is as yet no received style, or in this case
right answer.
In the context of C-DNS, I am inclined to express ranges where values
stored are generated by the C-DNS application, but not for values of DNS
traffic items. C-DNS is storing traffic collected by one means or
another, and I think it should be storing what's reported. Expressing
validity ranges moves towards C-DNS being required to validate the
traffic. We intend C-DNS to be a storage mechanism, not a validation one.
So I suggest we specify validity ranges only for the following
configuration items:
StorageParameters:
* IPv6 prefix length. 1..32.
* IPv4 prefix length. 1..128.
* OPCODE (in list of OPCODEs to collect). 0..15.
* RR TYPE (in list of RR TYPEs to collect). 0..65535 or uint .size 2.
CollectionParameters:
* Promiscuous mode. Make this a boolean, holding CBOR true or false.
* VLAN ID (in list of VLAN IDs to collect). 1..0xffe.
--
Jim Hague - jim@sinodun.com Never trust a computer you can't lift.
- [DNSOP] Suresh Krishnan's No Objection on draft-i… Suresh Krishnan
- Re: [DNSOP] Suresh Krishnan's No Objection on dra… Jim Hague
- Re: [DNSOP] Suresh Krishnan's No Objection on dra… Jim Hague
- Re: [DNSOP] Suresh Krishnan's No Objection on dra… Suresh Krishnan