IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt

Mukund Sivaraman <muks@isc.org> Sun, 27 September 2015 00:09 UTC

Return-Path: <muks@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF1B11A8A3D for <dnsop@ietfa.amsl.com>; Sat, 26 Sep 2015 17:09:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.664
X-Spam-Level:
X-Spam-Status: No, score=0.664 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VCinqC4Dl7ia for <dnsop@ietfa.amsl.com>; Sat, 26 Sep 2015 17:09:15 -0700 (PDT)
Received: from mail.banu.com (mail.banu.com [IPv6:2a01:4f8:140:644b::225]) by ietfa.amsl.com (Postfix) with ESMTP id C3D6E1A86E3 for <dnsop@ietf.org>; Sat, 26 Sep 2015 17:09:14 -0700 (PDT)
Received: from jurassic.l0.malgudi.org (unknown [115.118.154.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id DB9C62BA0A7E; Sun, 27 Sep 2015 00:09:11 +0000 (GMT)
Date: Sun, 27 Sep 2015 05:39:08 +0530
From: Mukund Sivaraman <muks@isc.org>
To: dnsop@ietf.org
Message-ID: <20150927000908.GA16275@jurassic.l0.malgudi.org>
References: <20150926191009.28433.58915.idtracker@ietfa.amsl.com> <20150926191551.GA32562@jurassic.l0.malgudi.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK"
Content-Disposition: inline
In-Reply-To: <20150926191551.GA32562@jurassic.l0.malgudi.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/WRtar6Rwj3-_p90_IlIDwxZT96Y>
Subject: Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2015 00:09:16 -0000

On Sun, Sep 27, 2015 at 12:45:52AM +0530, Mukund Sivaraman wrote:
> > Abstract:
> >    This document describes a method for a client to be able to verify
> >    that IP-layer PDU fragments of a UDP DNS message have not been
> >    spoofed by an off-path attacker.

The NONCE-COPY field seems redundant now as the checksum computation
includes the NONCE field. It was added in an earlier form of the draft
when the computation didn't include the nonce. Perhaps it can be removed
and the NONCE field doubled in size.

		Mukund

v2.23.0 | Report a Bug | By Email