Re: [DNSOP] New Version Notification for draft-ietf-dnsop-edns-client-subnet-01.txt
Warren Kumari <warren@kumari.net> Tue, 26 May 2015 21:07 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE561B31B6 for <dnsop@ietfa.amsl.com>; Tue, 26 May 2015 14:07:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.322
X-Spam-Level:
X-Spam-Status: No, score=0.322 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, MANGLED_TOOL=2.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZsW22jSq_irI for <dnsop@ietfa.amsl.com>; Tue, 26 May 2015 14:07:48 -0700 (PDT)
Received: from mail-wg0-f46.google.com (mail-wg0-f46.google.com [74.125.82.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AF431B31B7 for <dnsop@ietf.org>; Tue, 26 May 2015 14:07:39 -0700 (PDT)
Received: by wgbgq6 with SMTP id gq6so108306949wgb.3 for <dnsop@ietf.org>; Tue, 26 May 2015 14:07:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=8n91Ocx1boZ+soFraUFvtskPaXyDBcJ+GAyolL/+G2w=; b=iYJMakTJNAN05XLrNz0o5J6wZeCcgZdOP+tTyoczpXC6lTnsSnPmvn1SvOu/Saea1a GMBZKZvDQWSd9RNMYLCCyS38ObUuiEWiB9VU3SCTHmbDi1Rr6UFKUW9B/jC6iPtyC9Q5 W3YnB8LxDscBI7XnutZ20jv3OwwPSoR2a+5MjGyHD7lUHC56IYLNbvMUkU4kmODd1wh4 qhZy/iLuHl8rrmqMWfgrOuLkiEQQvjV9BOVOZFleDJMQAxBOjAt3ETTRNMEz+n7Kk2MK /93JDg6pH5McRA1bCR/k/5JxgUz6ByWdJxVAEt3qlLL5/qR4mq+XKzOxq1BehUBATtjb Iavg==
X-Gm-Message-State: ALoCoQkNbnLuC34nzpZRMivlysWkm8DUf3Y7S2IupBl1Y2pHvjLZx+GVz78c4jDdavk4ZsolUtAx
MIME-Version: 1.0
X-Received: by 10.194.104.164 with SMTP id gf4mr14889380wjb.28.1432674457877; Tue, 26 May 2015 14:07:37 -0700 (PDT)
Received: by 10.194.47.36 with HTTP; Tue, 26 May 2015 14:07:37 -0700 (PDT)
In-Reply-To: <20150526204927.27935.59526.idtracker@ietfa.amsl.com>
References: <20150526204927.27935.59526.idtracker@ietfa.amsl.com>
Date: Tue, 26 May 2015 17:07:37 -0400
Message-ID: <CAHw9_iKtFWt9OTsRfcuL8PzaLhP2O=q+H0bnzPUhHFU-RyBDpg@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/LqS4Vdj22kLY_89BqWpM1xg3cAY>
Subject: Re: [DNSOP] New Version Notification for draft-ietf-dnsop-edns-client-subnet-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2015 21:07:50 -0000
This version incorporates a *large* number of comments received, and also reverts the changes made to SCOPE / SOURCE NETMASK, making this document describe how this has actually been implemented in practice. It also clarifies that you cannot hand NXDOMAIN to some clients and not others, some new text describing the birthday attack mitigations, whitelisting some clients. W -00 to -01 (IETF) o <David> Made the document describe how things are actually implmented now. This makes the document be more of a "this is how we are doing things, this provides information on that". There may be a future document that describes additional funcationality. o NETMASK was not a good desription, changed to PREFIX-LENGTH (Jinmei, others). Stole most of the definition for prefix length from RFC4291. o Fixed the "SOURCE PREFIX-LENGTH set to 0" definition to include IPv6 (Tatuya Jinmei) o Comment that ECS cannot be used to hand NXDOMAIN to some clients and not others, primarily because of interoperability issues. (Tatuya Jinmei) o Added text explaining that implmentations need to document thier behavior with overlapping networks. o Soften "optimized reply" language. (Andrew Sullivan). o Fixed some of legacy IPv4 cruft (things like 0.0.0.0/0) o Some more grammar / working cleanups. o Replaced a whole heap of occurances of "edns-client-subnet" with "ECS" for readability. (John Dickinson) o More clearly describe the process from the point of view of each type of nameserver. (John Dickinson) o Birthday attack still possible if attacker floods with ECS-less responses. (Yuri Schaeffer) o Added some open issues directly to the text. On Tue, May 26, 2015 at 4:49 PM, <internet-drafts@ietf.org> wrote: > > A new version of I-D, draft-ietf-dnsop-edns-client-subnet-01.txt > has been successfully submitted by Warren Kumari and posted to the > IETF repository. > > Name: draft-ietf-dnsop-edns-client-subnet > Revision: 01 > Title: Client Subnet in DNS Querys > Document date: 2015-05-26 > Group: dnsop > Pages: 26 > URL: https://www.ietf.org/internet-drafts/draft-ietf-dnsop-edns-client-subnet-01.txt > Status: https://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-client-subnet/ > Htmlized: https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-01 > Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-edns-client-subnet-01 > > Abstract: > This draft defines an EDNS0 extension to carry information about the > network that originated a DNS query, and the network for which the > subsequent response can be cached. > > IESG Note > > [RFC Editor: Please remove this note prior to publication ] > > This informational document describes an existing, implemented and > deployed system. A subset of the operators using this is at > http://www.afasterinternet.com/participants.htm . The authors believe > that it is better to document this system (even if not everyone > agrees with the concept) than leave it undocumented and proprietary. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Re: [DNSOP] New Version Notification for draft-ie… Warren Kumari
- Re: [DNSOP] New Version Notification for draft-ie… joel jaeggli
- Re: [DNSOP] New Version Notification for draft-ie… Warren Kumari