Re: [DNSOP] meta issue: WG to discuss DNS innovation (was Re: draft-hzhwm-start-tls-for-dns-00)

joel jaeggli <joelja@bogus.com> Mon, 17 February 2014 16:59 UTC

Return-Path: <joelja@bogus.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D931E1A04C1 for <dnsop@ietfa.amsl.com>; Mon, 17 Feb 2014 08:59:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.148
X-Spam-Level:
X-Spam-Status: No, score=-2.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trLB9HhlAWFW for <dnsop@ietfa.amsl.com>; Mon, 17 Feb 2014 08:58:59 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) by ietfa.amsl.com (Postfix) with ESMTP id A824C1A040C for <dnsop@ietf.org>; Mon, 17 Feb 2014 08:58:59 -0800 (PST)
Received: from mb-aye.local (c-50-174-18-221.hsd1.ca.comcast.net [50.174.18.221]) (authenticated bits=0) by nagasaki.bogus.com (8.14.7/8.14.7) with ESMTP id s1HGwn82051204 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 17 Feb 2014 16:58:49 GMT (envelope-from joelja@bogus.com)
Message-ID: <53023FC3.8060103@bogus.com>
Date: Mon, 17 Feb 2014 08:58:43 -0800
From: joel jaeggli <joelja@bogus.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:27.0) Gecko/20100101 Thunderbird/27.0
MIME-Version: 1.0
To: Joe Abley <jabley@hopcount.ca>, =?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?= <paf@frobbit.se>
References: <CAESS1RPh+UK+r=JzZ9nE_DUqcvNtZiS6TNt1CDN-C0uiU7HP=A@mail.gmail.com> <52FEF407.30405@redbarn.org> <20140215140133.GA6990@sources.org> <alpine.LFD.2.10.1402151449280.23619@bofh.nohats.ca> <D82F49E8-9A06-4F52-8E3E-DF5C8D0B7549@virtualized.org> <53006595.5010207@frobbit.se> <784CF51A-937B-4131-85BC-AED579FA746D@vpnc.org> <5300E9C5.9090702@frobbit.se> <DB47354C-AEBA-4861-8177-94993377E3E8@hopcount.ca>
In-Reply-To: <DB47354C-AEBA-4861-8177-94993377E3E8@hopcount.ca>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="s9T6WtJx9ommgQ3HtKULLgxf5jEgBB4Cc"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (nagasaki.bogus.com [147.28.0.81]); Mon, 17 Feb 2014 16:58:50 +0000 (UTC)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/TA_MOUwfFhlIKSBis5guXJ8ePVw
Cc: dnsop <dnsop@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] meta issue: WG to discuss DNS innovation (was Re: draft-hzhwm-start-tls-for-dns-00)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2014 16:59:03 -0000

On 2/16/14, 8:48 AM, Joe Abley wrote:

> 
> We can't do anything that will cause larger responses, because EDNS
> support is not widespread, and in any case the network can't reliably
> deliver fragments.

in the context of reflection attacks (next paragraph) more packets is
perhaps not the most helpful thing.

> If we believe all these problems are intractable, then we might as
> well just accept that overloading TXT records and reflection attacks
> are a fact of life, and stop worrying about them.
>