Re: [DNSOP] Mirja Kühlewind's Yes on draft-ietf-dnsop-refuse-any-07: (with COMMENT)

Ólafur Guðmundsson <olafur@cloudflare.com> Wed, 12 September 2018 22:02 UTC

Return-Path: <olafur@cloudflare.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20CE9130ECA for <dnsop@ietfa.amsl.com>; Wed, 12 Sep 2018 15:02:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.031
X-Spam-Level:
X-Spam-Status: No, score=-1.031 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fzSIZ8rsrpuR for <dnsop@ietfa.amsl.com>; Wed, 12 Sep 2018 15:02:25 -0700 (PDT)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BFF1130DFA for <dnsop@ietf.org>; Wed, 12 Sep 2018 15:02:24 -0700 (PDT)
Received: by mail-wm0-x230.google.com with SMTP id n11-v6so4008253wmc.2 for <dnsop@ietf.org>; Wed, 12 Sep 2018 15:02:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=N6XOltz7VUsmHfgZU5nOcGkquddkzfKC7739oaWcOPM=; b=wBt/Pdzbq5KeYPxaZ1swdHNa1spIJd4RyymptN2fht4DSATjee5j9ZZsIqPk3N9PfJ /EmGGJnPQNBq80xpyJJud4v/gz5E9eLZqSBrbDmRqapo/iNyZTaZSTTqd6s1ioJPQChw FZD3N52DBrmJkmUZKr/O4KH6pH9WunDbmPZ0M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=N6XOltz7VUsmHfgZU5nOcGkquddkzfKC7739oaWcOPM=; b=CPT8BafEWrAXIBlQh7p8Cvy1McOPIGCOnTysaxsVcwehDBrxL1YpfqQncXflFkYLsg 9LVsHaBJVhBI3y7CBMdfvUoWKU/yXuY41EHpwRjqzzKMzIUR3ViTDFmzGXd8g60cGa/q oJsJanygajK57EYzOHpmZt3n0dTxUohj8oG1nzOqnJmgtaxmCK3sRka2FDe8nwBmCilz p6ishdlzVOtUAJV/Q1uokM0khmLfxdKJMjwRuYm+BIrr1tO9mHvg3ZJuVFP20qEj9KT+ eAGDpndayciSIFmLl7l3nL4oZWz0n5doHYmjeuiy/vYw3v0Z325QO2XVh2qJA8vFYyin gfxg==
X-Gm-Message-State: APzg51Dg5ITabJOMRjb+I0JesPVL4BZOq/vdJLeTWKEFDxgDGbxHojlb GPzVeKJNhhBSILRmNNA+yBXyfZaGnMTMoPm0k+K1LA==
X-Google-Smtp-Source: ANB0VdaGZtGiHae5cHgDM4hzauuuKAWmyxneXjq3fUMaYsa4/mfXGoEWp2yyiRQwMCOczozN2ME2lmevboqVcc8k4kU=
X-Received: by 2002:a1c:d0c7:: with SMTP id h190-v6mr2998242wmg.107.1536789742929; Wed, 12 Sep 2018 15:02:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:e451:0:0:0:0:0 with HTTP; Wed, 12 Sep 2018 15:02:22 -0700 (PDT)
In-Reply-To: <153658244644.26649.463764101726763839.idtracker@ietfa.amsl.com>
References: <153658244644.26649.463764101726763839.idtracker@ietfa.amsl.com>
From: =?UTF-8?B?w5NsYWZ1ciBHdcOwbXVuZHNzb24=?= <olafur@cloudflare.com>
Date: Thu, 13 Sep 2018 09:02:22 +1100
Message-ID: <CAN6NTqwTt5SZ=_69kAd31qEtFKnZsOu7sShy26uOoShZtyJkkQ@mail.gmail.com>
To: =?UTF-8?Q?Mirja_K=C3=BChlewind?= <ietf@kuehlewind.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dnsop-refuse-any@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dnsop-chairs <dnsop-chairs@ietf.org>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b8d8ed0575b3be38"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ImYpVa5zbhRF8lmZGY7FzlC8EVQ>
Subject: Re: [DNSOP] =?utf-8?q?Mirja_K=C3=BChlewind=27s_Yes_on_draft-ietf-dns?= =?utf-8?q?op-refuse-any-07=3A_=28with_COMMENT=29?=
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2018 22:02:28 -0000

On Mon, Sep 10, 2018 at 11:27 PM, Mirja Kühlewind <ietf@kuehlewind.net>;
wrote:

> Mirja Kühlewind has entered the following ballot position for
> draft-ietf-dnsop-refuse-any-07: Yes
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-refuse-any/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> I'm wondering if it would make sense to provide stronger guidance that the
> conventional ANY response SHOULD be provided if TCP is used as TCP already
> provides a retrun routability proof...? Also maybe provide a refernce to
> RFC7766?


This has nothing to do with "retrun routability"  if big answers are given
to resolver via TCP then the resolver can be used as amplifier and there
Millions of those on the net.

IMHO the only time big ANY answer CAN be returned is when the connection is
authenticated and approved.


> And one smallish comment: Would it make sense to refer
> draft-ietf-dnsop-terminology-bis-09 (or actually the soon to be new RFC)
> instead of RFC7719?
>
>
Hope this happens by RFC-editor or in AUth48

Olafur




-- 
Ólafur Gudmundsson | Engineering Director
www.cloudflare.com blog.cloudflare.com