Re: [DNSOP] Call for Adoption: draft-song-atr-large-resp

Ondřej Surý <ondrej@isc.org> Mon, 21 January 2019 10:26 UTC

Return-Path: <ondrej@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A5C3130EF7 for <dnsop@ietfa.amsl.com>; Mon, 21 Jan 2019 02:26:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.922
X-Spam-Level:
X-Spam-Status: No, score=-5.922 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QODw2lJ4JRmL for <dnsop@ietfa.amsl.com>; Mon, 21 Jan 2019 02:26:16 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AA51128CE4 for <dnsop@ietf.org>; Mon, 21 Jan 2019 02:26:16 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 2D0E93AB044; Mon, 21 Jan 2019 10:26:16 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id EE960160050; Mon, 21 Jan 2019 10:26:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id DD824160066; Mon, 21 Jan 2019 10:26:15 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id xniS2Hl5_RZv; Mon, 21 Jan 2019 10:26:15 +0000 (UTC)
Received: from [10.10.0.196] (40.20.broadband5.iol.cz [88.100.20.40]) by zmx1.isc.org (Postfix) with ESMTPSA id 42A9F160050; Mon, 21 Jan 2019 10:26:15 +0000 (UTC)
From: Ondřej Surý <ondrej@isc.org>
Message-Id: <52CC68F4-231A-4002-A615-12F2F044342E@isc.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_2A2087AA-37F7-4F49-9527-6A3FACE909C0"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
Date: Mon, 21 Jan 2019 11:26:12 +0100
In-Reply-To: <4A75C4E3-F74F-46DB-9A8A-879C0BB79190@powerdns.com>
Cc: dnsop <dnsop@ietf.org>
To: Peter van Dijk <peter.van.dijk@powerdns.com>
References: <BCACF554-8BE6-49BC-B75A-BCED776F5189@NLnetLabs.nl> <4A75C4E3-F74F-46DB-9A8A-879C0BB79190@powerdns.com>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bCjo49d2Lix1IF31AdiLwM3d8ys>
Subject: Re: [DNSOP] Call for Adoption: draft-song-atr-large-resp
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2019 10:26:18 -0000

> On 21 Jan 2019, at 11:22, Peter van Dijk <peter.van.dijk@powerdns.com> wrote:
> 
> Signed PGP part
> Hello,
> 
> On 18 Jan 2019, at 18:55, Benno Overeinder wrote:
> 
>> We discussed this work (draft -01) in Montreal, and different opinions wrt. adoption were expressed.  In the past months, the authors pushed a draft version -02 that addressed and resolved some of these comments.
>> 
>> This starts a Call for Adoption for:
>> draft-song-atr-large-resp
>> 
>> The draft is available here:
>> https://datatracker.ietf.org/doc/draft-song-atr-large-resp/
>> 
>> Please review this draft to see if you think it is suitable for adoption by DNSOP, and comments to the list, clearly stating your view.
>> 
>> Please also indicate if you are willing to contribute text, review, etc.  The WG accepts the document or not, but the WG chairs also expect a commitment from the WG participants who support the document to contribute to the draft, review, etc.
>> 
>> The intended status of the draft is Experimental, but we want to ask developers/vendors if they plan to implement it.
>> 
>> This call for adoption ends: 1 February 2019
> 
> I oppose adoption. Any implementation of this draft will actively hurt the DNS and the Internet, and thus publication as an RFC will actively hurt the DNS and the Internet.
> 
> The draft doubles the number of packets involved in a legitimate exchange; it more than doubles the number of packets involved in a spoofed exchange. About half of these packets are ICMP packets. Without the draft, ICMP packets are useful debugging aids, and in big numbers, indications of attacks or operational problems. With the draft, ICMP becomes another useless source of background noise.
> 
> Meanwhile, we have no indication that the draft solves any existing real world problem in a useful way.
> 
> Please do not adopt.

+1 to everything that Peter said.  I’ve been opposing ATR draft from the very beginning.  We can’t be removing EDNS workarounds and at the same time slap another workaround into the DNS.

Ondrej
--
Ondřej Surý
ondrej@isc.org