IETF Logo Mail Archive

Re: [DNSOP] John Scudder's No Objection on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)

John Scudder <jgs@juniper.net> Thu, 28 October 2021 15:21 UTC

Return-Path: <jgs@juniper.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB17E3A09E5; Thu, 28 Oct 2021 08:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=Mt6v9bw4; dkim=pass (1024-bit key) header.d=juniper.net header.b=ktJv+xgA
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uknaV1TdsmJp; Thu, 28 Oct 2021 08:21:17 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DA8C3A09F9; Thu, 28 Oct 2021 08:21:17 -0700 (PDT)
Received: from pps.filterd (m0108159.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 19SEFU8F012799; Thu, 28 Oct 2021 08:21:12 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=qclf4wIE+hnZyjhTvnqgaoqGpv39JFSFH7KSIi+NOqc=; b=Mt6v9bw4sMk5ETvlltfwUFSmQVTJ5Owp0i8Jp9NsycP5f8rln81P3IMCYUTkko2kWrE+ Utr3gDaLGLIs8Gy0I+x3Ubx1bunH9uZ8yK4nfDdwgrw/WylBmonDcHRQw97uI1ppUMHJ gowOdfse06pnCK3mksHEROQ34tLAP17/71SxfGzoqth/M+K5e/9gWIjUUMPZ4sQr2kjy 3Xvu2tqvoO1l1bQ2KGLxPm2o9B4gZuLWaTGsZw2ES75IGmOXyGhr0FMVw1W4Qwazo5hC Cd/k2LIeEfuwy0Dx0eLoErqU/btabXXZeDE4CXI3nmkR23qaE4G6oMrVTlg/3GZfvXY6 Ww==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1anam02lp2048.outbound.protection.outlook.com [104.47.57.48]) by mx0a-00273201.pphosted.com with ESMTP id 3bywfd059j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 28 Oct 2021 08:21:12 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eYgG5FCLPYYKPfXhMUJVAEjwze4bhEIMYXcHADdp9jfvu2nJoTeHaPu368jfqO4k4wWXeuov6t/bQpdg1HlkrbY6EVmmSLjsrLBEdbVcIVJ1Dyrv+I+1dmm4050dAA5m7BdjypTSBdAn7xXlpamfDcslIwzn9Gjwb5Gf3vIHP2Y4QOkYa7AgIwdqooyILuFky0ZG+kkR8VrLstRcWhun5en79fqxdiQeTeeELWkbiJDYmQKmd4RDZX7OyUdy/8b6/3LmQv6J8kWJ/i9dYgs4eUKMQryJY9JeT0i8XntFjq1/XQtVno6fGjetkOPIGKJeQZuvk+47wstzkSproBhUsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qclf4wIE+hnZyjhTvnqgaoqGpv39JFSFH7KSIi+NOqc=; b=b2MvvQ5xO+L9lH3i6sh9/qlK0ffn53CJc4sm3l5AC/c0L/4TjMSye+Gd+9zE4p07hm2ArrGkbZyCfK5+zMG71R/nKjVeUHFT2Q/Wxvh8/AOf8eecEzn7D1z6JJt9EojqG/uYmbo54WkH7Nyegnqo/zgs3/aVeFlY3UtlHsAOuAk72W3NOhbJBsbWxlFvhO48jJ4DMqRFXLS6DZ9hUJ9ShtbvRM2Sr4kUvtXc7b0VrpoEynrAFDnmNByjQuyL4hkyOoM/9pxXMIRsg3PorlDMvj7rge12nIlEhLPFCeN8haPMj/+I2VO29fctrmX62+wVrQVdIs6/nXWHYGV8fgEkFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qclf4wIE+hnZyjhTvnqgaoqGpv39JFSFH7KSIi+NOqc=; b=ktJv+xgAJriObBI0ciTIabDomq4WrmTZ5JnnhPmUknbE+hX3Dqa4MRvBz+MLp65mbHc0CP+iqD+oPDo9dDocv6a1Y5DJCLp5iDKNoey/fMZ5ET6ayhKiDuipQ+tuJP9EkgRkS/MC9kdQcbpFCWAYfsKfnT9+d77jLr2Ewh751Xg=
Received: from MN2PR05MB6109.namprd05.prod.outlook.com (2603:10b6:208:c4::20) by BLAPR05MB7250.namprd05.prod.outlook.com (2603:10b6:208:298::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4669.4; Thu, 28 Oct 2021 15:21:09 +0000
Received: from MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::10b9:2bb9:11f2:6b4a]) by MN2PR05MB6109.namprd05.prod.outlook.com ([fe80::10b9:2bb9:11f2:6b4a%3]) with mapi id 15.20.4649.014; Thu, 28 Oct 2021 15:21:09 +0000
From: John Scudder <jgs@juniper.net>
To: Roman Danyliw <rdd@cert.org>
CC: The IESG <iesg@ietf.org>, "draft-ietf-dnsop-dns-tcp-requirements@ietf.org" <draft-ietf-dnsop-dns-tcp-requirements@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "suzworldwide@gmail.com" <suzworldwide@gmail.com>
Thread-Topic: John Scudder's No Objection on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)
Thread-Index: AQHXzAGhRRaT8lt3U0irzTaYVUB11avodOQAgAAR9QA=
Date: Thu, 28 Oct 2021 15:21:09 +0000
Message-ID: <F4512856-70F7-451A-8D64-65C47EECC062@juniper.net>
References: <163542852997.21101.3827007220330841514@ietfa.amsl.com> <BN1P110MB0939A01B8AAA4A88C3598A1BDC869@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN1P110MB0939A01B8AAA4A88C3598A1BDC869@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.120.0.1.13)
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=juniper.net;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e7222485-605d-4930-959d-08d99a2691d8
x-ms-traffictypediagnostic: BLAPR05MB7250:
x-microsoft-antispam-prvs: <BLAPR05MB725030E31B3A497EE806E3FAAA869@BLAPR05MB7250.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 8nnHYo8TVc3nDGVxEJ+YkixO7Xz28Qggq/Ljxio9QLNyLoWp5fo+3aaOTNLUzTsvpizIwSREXyaq7KEqgUvZttvBWbmQ4C0QCQxd+s3gHEsH3bZHlAvvgxlBs3SgjGWwdUnWn5IiK9wmvDjLkVn4skC9LNpvHAJK/z1FFB+/Cx4AItuB5G7bRehADLFvAD9WIIAf7KGE4hqmXiG4jXdbNDtsq3fAUkJkYpaPFjWudU49s9R9X2M1zBB5DqGUPuQPg8qa94Ap5YgutcfFynCNXy2k3Du8QKPkV+wG4DWIo6mihJFEY7dh0BmXPL8zrQ10nUtrBPbX/m/2GGZGawjxMsfJwrlZIsZYDvwIqjgiyD9VVVs31iD9C662/KMmsKVfw8YdWBsqdtIE8VGdzD6Q/XMn/Anc4W7A1GvEfTEtwVHceRO88+/7UHQC7BLVuua8xQ6kuhy7yLn27gpd4kqueZh/KrMDPF+QDqJzkuz2VCVWKmGlKFhlNvx1+DmlXCefopgpwFWaSmx/RyU6SbTLIoOAsNVrUWVoqcoD49bRJup5Ibx7UwDUKYui0F4hB0CFFhYHBTNX+kXI2InMGdQp0WzR2SyDyDUBixPv0digO5O2+x408qUzilFVjBPYX2QwKSG82sa2UpvsqA6qc+l5PFeCwPDvGBv6cbdfLp7ak630fopdAlwSz6X5C5+uQAUSjoIz3eiC7YRpWvDfuszNFHp4T1uyggLzSWz0nlLT846YMm70impp1cLQdV0XyLXt
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR05MB6109.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6512007)(33656002)(36756003)(316002)(2906002)(26005)(6916009)(2616005)(186003)(4744005)(4326008)(54906003)(38100700002)(76116006)(6506007)(53546011)(5660300002)(508600001)(66556008)(64756008)(66476007)(66446008)(8936002)(8676002)(71200400001)(122000001)(66946007)(86362001)(38070700005)(83380400001)(6486002)(91956017)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: w8I8XIh0RIWn5eEGQdmpg7RNB9sNQUufYAToahCeJaZ33qrjZvQqqTclawfcO3KROLjf+SA05CDMExpcof5t5M4S+NXgh0Je2uRj8zfdxqSfFS6sReof6ii36noasCzBSEONagVD3sKsGzmF7q39eeVkLW26ZmUQjzlLEcJ9huUJ/lHJAabxBZDLmlFbomeOLPIWQtfJyic5dHHGby89aYmlLHhOr4EpSusiKmpXdtpHUBe+DGq0Xh8FoxMORs9ZfYaGosGu3CJZwbdCZFcg9UO+uIX9MHNI3vdNexNIoYWcBqy39nevqjJpMYCAFILV2vEidgEo1wDHFio5pkyq4HCYuN2vtjYkNltX7AujydXSOwEQCgpaGC0dUxur1OylB2ZeTudgF5JgDIzlSdpE+MSdiP16Z2TFDLrZg/I3d3cruFaPLNvA/tJSEiPTjSlhERfAwNA+wu/wr0zzna3sgZpH02uRCJueoYUf02/ih/nDl0zHnfdF67QJR9ZqkhRogfkHso+yV4eelPwNcUS8zJcW7zherQkapAK0MTkPcvWPZ7bRYa9PCi5yB3GSyzxH47dYWtHAsfVniJc0nBLFbhyAxTOp/iqFKE7uFnoeNbzhtdeHW0LvpCiD+NYNTyROkA/S4uLs62MkurZ2OkGfA6S5izAiUsw9rh9rxD7nx2g2SFQgACKTNYlIaCCqpOupd4EqUYvYyKmpq7l8ReUK1/BGKuJ+5fStRDnbubsnDmPOK1xqeV7PN3RbY2OPVMdNUyw01Ivkoq3ehD7WBQg6TgbyDXWRIKmEoav931ndLzOzWRHRE8dv3b+uHPMvQPsWnO5cSX+K9vujZNPQs9OcTeIGm/H/L+telTkix9V7pHRs7BKXOiafKl3Y7IcfWty01v9JT3uZYReZuHrxalhqVVMqaHV588XKY7Wv9R3biEy9OKdQjcoeIsJuH0mirdEFOrQjT0YQc080uVGQ08yyZl9s6LrkuLmd1X3mw7B63mlqS8FTOZN5LNBO3gWKE4taeYscq31PPeK49x0YBGoKyP8bt1c4RvRAnAoxqRKJDzaa0KyulBhN9Z5hWdTNhSshEvePwdzPQbeWNG/G+hRC/9D05u7/4IolQgV+t+D4bJ2TiwyzNqO+4QMkvPCNvOx3Pw6Qvc7A+WLmgJuRrLi2g1vu3nNDmzwHwRqqtw65jv8mQ9/NzygbKSlDi6tYuDGiby70yNZSMDAbmauumMc6Z0ikUI7Ppa8jGOQAB684+DBCU5LWyM7xD2h81YmUtONWmMwpfRl/X4eddNdS7RHO5Oz+tGk5Og4YkadgftSift4f1rJa49IjwCI6qYGqzDOyRMB081UvkjEXGwYLtpbT7u9G0nC9ttTs330/gkSaBM7iOEpYlM72FJ1EwZ0Kth8lpiDb87MiKyPujU3Fz3qnrsi4HvE4UsyVTYwUEznayw7IwGLsVttsKcIt5xvY7WJZU9elNDf3V1I1PtMkmWLG/XNzxZLN3rTDpqhFqSZaZOiDCfFca6nr0Jn7UHW3Ru55qQikiUBo/zFMKpeCBa7as6B/THyXzL0sQDvn/b0fPwCbrpQVIDqGueCryhJC47Y9
Content-Type: multipart/alternative; boundary="_000_F451285670F7451A8D6465C47EECC062junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR05MB6109.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e7222485-605d-4930-959d-08d99a2691d8
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2021 15:21:09.4032 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QP/XHkIqtUaiJJj2ZWH0V7Cmjld/XWF/UvQEDBuRKeWIGwQ7oCkXeO3Nthyfzh0V
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR05MB7250
X-Proofpoint-GUID: b0h08r7xMgNMWVoWzBXusQ29UROjgK0h
X-Proofpoint-ORIG-GUID: b0h08r7xMgNMWVoWzBXusQ29UROjgK0h
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.425,FMLib:17.0.607.475 definitions=2021-10-28_01,2021-10-26_01,2020-04-07_01
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 bulkscore=0 phishscore=0 mlxscore=0 spamscore=0 adultscore=0 priorityscore=1501 lowpriorityscore=0 suspectscore=0 mlxlogscore=746 impostorscore=0 clxscore=1011 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2110280085
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/PA6MVVYyuboCRdvPvIugr_8VNLE>
Subject: Re: [DNSOP] John Scudder's No Objection on draft-ietf-dnsop-dns-tcp-requirements-13: (with COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Oct 2021 15:21:22 -0000

On Oct 28, 2021, at 10:16 AM, Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>> wrote:

3. Section 6 says applications should perform “full TCP segment reassembly”.
What does that mean? A quick google search doesn’t suggest it’s a well-known
term of art. I'm guessing that what you mean is that the applications should
capture (and log, etc) the bytestream that was segmented and transmitted by
TCP?

I'll let the authors speak to this, but I think this means full TCP stream reassembly -- that is analyze, the reassembled stream, not the individual packets.  There is a long history of evasion attacks in network security analysis tools when individual fragments/packets are analyzed instead of the reassembled streams.

Right, that makes sense. It’s just not at all clear (at least, to me) from the text as written. I think more words will be required in order to make it clear. (Your sentence above seems like a good candidate for cutting and pasting.)

Thanks,

—John

v2.23.0 | Report a Bug | By Email