Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt
Wes Hardaker <wjhns1@hardakers.net> Tue, 12 December 2017 21:04 UTC
Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F6B712896F for <dnsop@ietfa.amsl.com>; Tue, 12 Dec 2017 13:04:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cUziVMp3BXZ for <dnsop@ietfa.amsl.com>; Tue, 12 Dec 2017 13:03:49 -0800 (PST)
Received: from mail.hardakers.net (unknown [168.150.192.181]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 457501279E5 for <dnsop@ietf.org>; Tue, 12 Dec 2017 13:03:49 -0800 (PST)
Received: from localhost (50-1-20-198.dsl.static.fusionbroadband.com [50.1.20.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.hardakers.net (Postfix) with ESMTPSA id 7D36220E09; Tue, 12 Dec 2017 13:03:47 -0800 (PST)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Michael StJohns <msj@nthpermutation.com>
Cc: Wes Hardaker <wjhns1@hardakers.net>, dnsop@ietf.org
References: <151199364931.4845.3034001091375154653@ietfa.amsl.com> <yblvahshg6z.fsf@wu.hardakers.net> <9c71768d-4807-3d0a-b4b1-0ac8d066fe9f@nthpermutation.com> <yblindiavlm.fsf@w7.hardakers.net> <6d239b9a-fd1e-46a3-c705-6851dd8ffe0a@nthpermutation.com> <ybl8te8kbaq.fsf@wu.hardakers.net> <142cad85-1e0e-b4c9-1561-ad590984739a@nthpermutation.com> <yblshcfhnai.fsf@wu.hardakers.net> <1ca3daed-d521-0fcd-d1e7-eef2b781707b@nthpermutation.com>
Date: Tue, 12 Dec 2017 13:03:47 -0800
In-Reply-To: <1ca3daed-d521-0fcd-d1e7-eef2b781707b@nthpermutation.com> (Michael StJohns's message of "Tue, 12 Dec 2017 14:34:38 -0500")
Message-ID: <ybl8te7fyks.fsf@wu.hardakers.net>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Lc5FphjcKZUCQqUdY-iuWXOwrLc>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Dec 2017 21:04:01 -0000
Michael StJohns <msj@nthpermutation.com> writes: > A "perfect" system will behave the way you've described - but adding a > safety factor while ignoring the phase shift brought on by retransmits > within the addHoldDown interval will not characterize the actual > system. Ah ha! So, you do actually agree that my description of the perfect case is true, which means we really have been in violent agreement about the "perfect" line in the sand. [as I've said: I absolutely understand the point your making about real world issues, such as timing drifts] And as I said in the last message, I agreed that a delay/phase-shift made sense and I'd be happy to produce a new term for it. Ideally I'd like to add that into the safetyMargin because it reflects real-world conditions, and I was trying to contain that to just one particular term. But I understand you don't want it buried in there, so I'll create a new term to deal with timing phase shifts and add that before the existing safetyMargin. > Can we stop now? I think so as I believe I can add words that we'll both agree to. But I've said that before, so... The only remaining questions, just to double double be sure: 1) "is one activeRefresh period long enough to account for the slop associated with time clock drifts?" I'd argue yes, as any clock that drifted longer than an activeRefresh (min = 1hr) is a seriously broken clock. I think you agree. 2) "is one activeRefresh period long enough to account for network delays and other elements, aside from 'retries and missing queries'?" I think you and I agree on this too, that one should be sufficient to cover network delays too. -- Wes Hardaker USC/ISI
- [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-secu… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Wes Hardaker
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Michael StJohns
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Wes Hardaker
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Michael StJohns
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Michael StJohns
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Wes Hardaker
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Michael StJohns
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Wes Hardaker
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Wes Hardaker
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Michael StJohns
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Wes Hardaker
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Michael StJohns
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Michael StJohns
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Wes Hardaker
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Michael StJohns
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-… Wes Hardaker