Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-stale-07.txt> (Serving Stale Data to Improve DNS Resiliency) to Proposed Standard
Stephane Bortzmeyer <bortzmeyer@nic.fr> Sat, 14 September 2019 12:33 UTC
Return-Path: <stephane@sources.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFB5812008A; Sat, 14 Sep 2019 05:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C_kc8-C_4jbI; Sat, 14 Sep 2019 05:33:09 -0700 (PDT)
Received: from ayla.bortzmeyer.org (ayla.bortzmeyer.org [IPv6:2001:4b98:dc0:41:216:3eff:fe27:3d3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D4CD120072; Sat, 14 Sep 2019 05:33:09 -0700 (PDT)
Received: by ayla.bortzmeyer.org (Postfix, from userid 10) id B8D1EA0432; Sat, 14 Sep 2019 14:33:06 +0200 (CEST)
Received: by mail.sources.org (Postfix, from userid 1000) id 139361908BD; Sat, 14 Sep 2019 14:31:14 +0200 (CEST)
Date: Sat, 14 Sep 2019 14:31:14 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: ietf@ietf.org, dnsop@ietf.org, draft-ietf-dnsop-serve-stale@ietf.org
Message-ID: <20190914123113.zxctoepsrxsunzbp@sources.org>
References: <156821841762.13409.15153693738152466982.idtracker@ietfa.amsl.com> <91411A04-4DD6-47D6-A4CC-AD8747B21361@dukhovni.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <91411A04-4DD6-47D6-A4CC-AD8747B21361@dukhovni.org>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 9.9
X-Charlie: Je suis Charlie
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/RuTcC3wY44imVbR14KMfQm530Sk>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-stale-07.txt> (Serving Stale Data to Improve DNS Resiliency) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2019 12:33:12 -0000
On Wed, Sep 11, 2019 at 02:32:35PM -0400, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote a message of 37 lines which said: > Finally, in security considerations, there's no mention of > the potential security impact of stale negative responses. It's not true, the last two paragraphs of section 10 do it. May be, as reported by an AD, add that an attacker may dDoS authoritative name servers just to exploit this possibility?
- [DNSOP] Last Call: <draft-ietf-dnsop-serve-stale-… The IESG
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-st… Viktor Dukhovni
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-st… Tony Finch
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-st… Viktor Dukhovni
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-st… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-st… Viktor Dukhovni
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-serve-st… Puneet Sood