Re: [DNSOP] 5011-security-considerations and the safetyMargin
Michael StJohns <msj@nthpermutation.com> Mon, 20 November 2017 19:47 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D509C120713 for <dnsop@ietfa.amsl.com>; Mon, 20 Nov 2017 11:47:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bsoIIQUp0HLh for <dnsop@ietfa.amsl.com>; Mon, 20 Nov 2017 11:47:53 -0800 (PST)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAD2712EA8D for <dnsop@ietf.org>; Mon, 20 Nov 2017 11:47:52 -0800 (PST)
Received: by mail-qt0-x22f.google.com with SMTP id r39so16157197qtr.13 for <dnsop@ietf.org>; Mon, 20 Nov 2017 11:47:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=QGlog9L5crfjXjG6wMpCysXJB8P55XQT/XgIs23C2Gg=; b=NuQXhsqqyxvhBR3lGorWj8+uhOnmpOYdGmgqllFv6hBIQqWiC5AA2eXPHH9b5AutgH mniJ1fwYE7H863MvWUUNe97p505xdBuRRiR1uhvJdTt2Ooozlrms4fbDEgAAs6CRrVF6 hKx7IBUFhkz71a3tO+CWewAuRm/OarTGVFELhJRG9JmU0BvhZeQan8tRM430a4QdJH1l Bbbl0SrWzcdY6bnbj4ZXlakODA3taFrL4r2oCj86zfxdnrZ3yIvhWXa8f8UyhtEPcrbk fS4EnMc0E2aVhNqvXLcKBxoJnI7o5LYfBlM8HU9sZB5dSgyqdw9tK2eSVtQBTJC2E7pb ObWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=QGlog9L5crfjXjG6wMpCysXJB8P55XQT/XgIs23C2Gg=; b=jEqlIKe6m4YwnhDHdsSh4G04zOSOSYh10QGyK0yW3b0t7xoIh/pFpebpeFFtB1TmKd Nk8YsRmgUYQEBfzK7N29tQgtd9Itq+vDNjyybX9wxqfSo18ypmBQSQ7EXLqiJD0jaGP9 Z8sdmR3E6dshV3fD8ZVmolJ33rXjjSJWAOEYHWvhk0d4oCpc6Rw0LZoMjQ0HWtNH62/h ipm/fv1eBKwfaibR1RVLEDEF9/xeM2suV72/6frXkwHvaJ01z07bQjAkPEwp670z96ji BsBMgo+uTE1AAzGorVnVOPGDsoN+Mzm0OPlqyZpDbf3ByZlD9zpLnzf7OUbz9KXvOVf9 OMOw==
X-Gm-Message-State: AJaThX4WS7pXWsxqsmEIqXioNuhPtvsGWxXgBnia68u9T2OpbMRi+k6+ 1P5Ub1AAGyS+N7p0LDIGCKbC0PQM
X-Google-Smtp-Source: AGs4zMbUYjaCWwOV9zftdFOQszrt4SAOOy9C2feta20q1G/fgKeAk//hJDK/fv5x0E3PHU7ukFsVsw==
X-Received: by 10.200.26.33 with SMTP id v30mr22391266qtj.250.1511207271396; Mon, 20 Nov 2017 11:47:51 -0800 (PST)
Received: from [192.168.1.117] (c-69-140-114-191.hsd1.md.comcast.net. [69.140.114.191]) by smtp.gmail.com with ESMTPSA id v51sm7654628qtb.7.2017.11.20.11.47.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Nov 2017 11:47:50 -0800 (PST)
To: Wes Hardaker <wjhns1@hardakers.net>
Cc: IETF DNSOP WG <dnsop@ietf.org>
References: <ybld14kpaz4.fsf@wu.hardakers.net> <df6bee9d-c140-995b-e45d-fa12f76103f5@pletterpet.nl> <CA+nkc8A=Z2rB7iByow09zFeL45sf6NZcj36KRqDQZ7Cw1kNtUQ@mail.gmail.com> <CANeU+ZC7fVrodoRC60CJ3z9MSsoPxbNRJPPaQFNphPeGzPd=Qw@mail.gmail.com> <yblwp2kgblr.fsf@w7.hardakers.net>
From: Michael StJohns <msj@nthpermutation.com>
Message-ID: <53d210a2-b4dc-f2ce-33a8-4964cba64c4c@nthpermutation.com>
Date: Mon, 20 Nov 2017 14:47:48 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <yblwp2kgblr.fsf@w7.hardakers.net>
Content-Type: multipart/alternative; boundary="------------55DAEDF6F9807F7410D88CCB"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MfzNPiFm5seTIsAuHPfMSdcU-K0>
Subject: Re: [DNSOP] 5011-security-considerations and the safetyMargin
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Nov 2017 19:47:55 -0000
On 11/20/2017 11:26 AM, Wes Hardaker wrote: > Michael StJohns <msj@nthpermutation.com> writes: > >> 1 something. > I think that the consensus is clearly something like that. Are you > (MSJ) interested in supplying a suggested final equation for it? > Ok - after thinking about it, it turns out to be fairly simple. 1) Initially, ignore the outliers - the servers that are down and will be down throughout the entire safety period. It's probable that most of them were down during the original uptake period. 2) Assume a success rate of p per retry. I'm going to use .01 - or for each retry period only 1 of 100 entities completes the last query. 3) Calculate Log.x(M) where M is the number of clients - arbitrarily chosen at 10M and where x is (1/(1-p)) - the failure rate (or put another way, the proportion of servers still waiting to complete after the previous retry interval). Log.x(M) gives the number of intervals to reduce the set of uncompleted servers to 0 assuming normal probability. That gives you 1603 fast retry intervals. Setting p and M to different values gets you a range of answers: Number of Resolvers 10,000 100,000 1,000,000 10,000,000 100,000,000 Probability of Success Per Retry Interval 0.01 916.4212 1145.526 1374.632 1603.737 1832.84231 0.05 179.5623 224.4528 269.3434 314.23397 359.12454 0.1 87.41738 109.2717 131.1261 152.98042 174.834763 0.15 56.67242 70.84052 85.00862 99.176728 113.344832 0.25 32.01569 40.01961 48.02354 56.027459 64.0313822 0.5 13.28771 16.60964 19.93157 23.253497 26.5754248 0.9 4 5 6 7 8 (Think of it this way. Pretend you have 1000 resolvers and each has a 10% chance of completing in each interval. After the first interval, 900 are left. After the second 810, after the third...729 etc. Ignoring rounding you need about 65 retries to get down to < 1 left which is Log1.11111(1000). This doesn't account for the servers who are offline, but see (1) above for why its probably safe to ignore them. So a publisher can pick an M and x (or p) that is their best guess from the data they have and calculate: safetyInterval ::= Log.x(M) * fastRetryInterval Or simply make some worst case assumptions (.01 success rate, 10M clients) and use a number from the table. Mike
- [DNSOP] 5011-security-considerations and the safe… Wes Hardaker
- Re: [DNSOP] 5011-security-considerations and the … Wes Hardaker
- Re: [DNSOP] 5011-security-considerations and the … Matthijs Mekking
- Re: [DNSOP] 5011-security-considerations and the … Bob Harold
- Re: [DNSOP] 5011-security-considerations and the … Michael StJohns
- Re: [DNSOP] 5011-security-considerations and the … Wes Hardaker
- Re: [DNSOP] 5011-security-considerations and the … Michael StJohns
- Re: [DNSOP] 5011-security-considerations and the … Michael StJohns
- Re: [DNSOP] 5011-security-considerations and the … Wes Hardaker