[DNSOP] RFC 2136 pre-requisite checks before client authorization checks
Mukund Sivaraman <muks@mukund.org> Thu, 06 December 2018 14:45 UTC
Return-Path: <muks@mukund.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09D851271FF for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 06:45:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZDaTyP9Aao4e for <dnsop@ietfa.amsl.com>; Thu, 6 Dec 2018 06:45:10 -0800 (PST)
Received: from mail.banu.com (mail.banu.com [46.4.129.225]) by ietfa.amsl.com (Postfix) with ESMTP id C7CDF126CB6 for <dnsop@ietf.org>; Thu, 6 Dec 2018 06:45:09 -0800 (PST)
Received: from jurassic.lan.banu.com (unknown [27.5.150.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 0875132C00D5; Thu, 6 Dec 2018 14:45:07 +0000 (UTC)
Date: Thu, 06 Dec 2018 20:15:04 +0530
From: Mukund Sivaraman <muks@mukund.org>
To: dnsop@ietf.org
Message-ID: <20181206144504.GA17780@jurassic.lan.banu.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/RX6cK3UVJARqEiGdlnfyESB1N0U>
Subject: [DNSOP] RFC 2136 pre-requisite checks before client authorization checks
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 14:45:13 -0000
Hi all Does anyone know why RFC 2136 sequences pre-requisite checks (section 3.2) to be performed before client permission checks (section 3.3)? It seems weird to sequence them in this way, especially as it is cheaper to perform client IP address checks (and some zone permission checks) earlier in order. Section 3.3.2 talks about why the client permissions check is in that position previous to subsequent actions, but not why it can't be performed earlier. Mukund
- [DNSOP] RFC 2136 pre-requisite checks before clie… Mukund Sivaraman
- Re: [DNSOP] RFC 2136 pre-requisite checks before … Ted Lemon
- Re: [DNSOP] RFC 2136 pre-requisite checks before … p vixie
- Re: [DNSOP] RFC 2136 pre-requisite checks before … Mukund Sivaraman
- Re: [DNSOP] RFC 2136 pre-requisite checks before … Mukund Sivaraman
- Re: [DNSOP] RFC 2136 pre-requisite checks before … Chris Thompson