Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-stale-07.txt> (Serving Stale Data to Improve DNS Resiliency) to Proposed Standard

Stephane Bortzmeyer <bortzmeyer@nic.fr> Sat, 14 September 2019 12:33 UTC

Return-Path: <stephane@sources.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFB5812008A; Sat, 14 Sep 2019 05:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C_kc8-C_4jbI; Sat, 14 Sep 2019 05:33:09 -0700 (PDT)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fe27:3d3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D4CD120072; Sat, 14 Sep 2019 05:33:09 -0700 (PDT)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id B8D1EA0432; Sat, 14 Sep 2019 14:33:06 +0200 (CEST)
Received: by mail.sources.org (Postfix, from userid 1000) id 139361908BD; Sat, 14 Sep 2019 14:31:14 +0200 (CEST)
Date: Sat, 14 Sep 2019 14:31:14 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: ietf@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-serve-stale@ietf.org
Message-ID: <20190914123113.zxctoepsrxsunzbp@sources.org>
References: <156821841762.13409.15153693738152466982.idtracker@ietfa.amsl.com> <91411A04-4DD6-47D6-A4CC-AD8747B21361@dukhovni.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <91411A04-4DD6-47D6-A4CC-AD8747B21361@dukhovni.org>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 9.9
X-Charlie: Je suis Charlie
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/RuTcC3wY44imVbR14KMfQm530Sk>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-stale-07.txt> (Serving Stale Data to Improve DNS Resiliency) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2019 12:33:12 -0000

On Wed, Sep 11, 2019 at 02:32:35PM -0400,
 Viktor Dukhovni <ietf-dane@dukhovni.org>; wrote 
 a message of 37 lines which said:

> Finally, in security considerations, there's no mention of
> the potential security impact of stale negative responses.

It's not true, the last two paragraphs of section 10 do it. May be, as
reported by an AD, add that an attacker may dDoS authoritative name
servers just to exploit this possibility?