IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt

Davey Song <songlinjian@gmail.com> Wed, 30 September 2015 20:08 UTC

Return-Path: <songlinjian@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 860F91A8993 for <dnsop@ietfa.amsl.com>; Wed, 30 Sep 2015 13:08:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.451
X-Spam-Level:
X-Spam-Status: No, score=0.451 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3RqDvWqogSUn for <dnsop@ietfa.amsl.com>; Wed, 30 Sep 2015 13:08:01 -0700 (PDT)
Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com [IPv6:2607:f8b0:400e:c03::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50F0C1A8A0F for <dnsop@ietf.org>; Wed, 30 Sep 2015 13:08:01 -0700 (PDT)
Received: by padhy16 with SMTP id hy16so49968655pad.1 for <dnsop@ietf.org>; Wed, 30 Sep 2015 13:08:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=ICryrfGEJi9qcyDfNZ7/EqpGUL5Wp2k3xEEXCW0p8vw=; b=tqJd0ns2/HRY75Xus6YCTJ7SYkuTDoWSCZ5mUIBry+QKrwr2PPcZceHJX35Q7V2g0F I2zq/y4Th7GliLfmKQsRB2AJDrJP1Tz6qBWseRgL4qUB0AaANSnn9D34WOCpPjs+XLZJ 7CvqWWwhpYUkSkNqXeX6Vhxy0IdBiJZcoKCTur5jFxlyI+Lb9Ga4DoFWR1q+hCge0Mly UMcwYGqMGmgTLI8omq62RIo/+DPauW5zK0fMFzKdRtDvcZC86fRegYQ4nfMWogh4izS0 FSOT0nTNFPh/KhB36Qk+QBuLcbYrJiYdoEqamZiQIrF55O8k9705MIr3cUfnh5A1TKhf gRUw==
X-Received: by 10.68.90.34 with SMTP id bt2mr1362204pbb.145.1443643680990; Wed, 30 Sep 2015 13:08:00 -0700 (PDT)
Received: from [192.168.1.104] ([106.38.36.123]) by smtp.gmail.com with ESMTPSA id zn9sm2232391pac.48.2015.09.30.13.07.58 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 30 Sep 2015 13:08:00 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_C2B97848-711C-4EC7-B6D1-CD46D1B437F1"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Davey Song <songlinjian@gmail.com>
In-Reply-To: <20150926191551.GA32562@jurassic.l0.malgudi.org>
Date: Thu, 01 Oct 2015 04:02:22 +0800
Message-Id: <A5685F0F-C8F1-40E4-8139-34CC0B32A0D9@gmail.com>
References: <20150926191009.28433.58915.idtracker@ietfa.amsl.com> <20150926191551.GA32562@jurassic.l0.malgudi.org>
To: Mukund Sivaraman <muks@isc.org>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/WplJK8FK7XbVXaBJVOjOUuungmk>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] New Version Notification for draft-muks-dns-message-checksums-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 20:08:04 -0000

Hi Mukund,

I review the problem statement in this draft: the cache poison threat during IP fragmentation. I think we address and try to solve  this problem by application-level fragment draft, right?   I would like to introduce this draft into this thread. Hopefully more people can read this draft and compare the merit of the two approaches. I personally prefer application-lelvel fragment because it is a cure for a broader problems, the old problem related packs size and IP fragmentation.

***********************************************************************
 A New Internet-Draft is available from the on-line Internet-Drafts directories.


       Title           : DNS message fragments
       Authors         : Mukund Sivaraman
                         Shane Kerr
                         Linjian Song
	Filename        : draft-muks-dns-message-fragments-00.txt
	Pages           : 13
	Date            : 2015-07-20

Abstract:
  This document describes a method to transmit DNS messages over
  multiple UDP datagrams by fragmenting them at the application layer.
  The objective is to allow authoriative servers to successfully reply
  to DNS queries via UDP using multiple smaller datagrams, where larger
  datagrams may not pass through the network successfully.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-muks-dns-message-fragments/ <https://datatracker.ietf.org/doc/draft-muks-dns-message-fragments/>

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-muks-dns-message-fragments-00 <https://tools.ietf.org/html/draft-muks-dns-message-fragments-00>


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org <http://tools.ietf.org/>.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/ <ftp://ftp.ietf.org/internet-drafts/>


> 在 2015年9月27日,03:15,Mukund Sivaraman <muks@isc.org <mailto:muks@isc.org>> 写道:
> 
> Hi everybody
> 
> On Sat, Sep 26, 2015 at 12:10:09PM -0700, internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> wrote:
>> 
>> A new version of I-D, draft-muks-dns-message-checksums-00.txt
>> has been successfully submitted by Mukund Sivaraman and posted to the
>> IETF repository.
>> 
>> Name:		draft-muks-dns-message-checksums
>> Revision:	00
>> Title:		DNS message checksums
>> Document date:	2015-09-27
>> Group:		Individual Submission
>> Pages:		7
>> URL:            https://www.ietf.org/internet-drafts/draft-muks-dns-message-checksums-00.txt <https://www.ietf.org/internet-drafts/draft-muks-dns-message-checksums-00.txt>
>> Status:         https://datatracker.ietf.org/doc/draft-muks-dns-message-checksums/ <https://datatracker.ietf.org/doc/draft-muks-dns-message-checksums/>
>> Htmlized:       https://tools.ietf.org/html/draft-muks-dns-message-checksums-00 <https://tools.ietf.org/html/draft-muks-dns-message-checksums-00>
>> 
>> 
>> Abstract:
>>   This document describes a method for a client to be able to verify
>>   that IP-layer PDU fragments of a UDP DNS message have not been
>>   spoofed by an off-path attacker.
> 
> This is a new draft on DNS message checksums. I look forward to hearing
> review comments.
> 
> 		Mukund
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org <mailto:DNSOP@ietf.org>
> https://www.ietf.org/mailman/listinfo/dnsop

------------------------------
Davey Song(宋林健)
BII Lab
songlinjian@gmail.com <mailto:songlinjian@gmail.com>

v2.23.0 | Report a Bug | By Email