Re: [DNSOP] 答复: Fwd: I-D Action: draft-song-atr-large-resp-00.txt

william manning <chinese.apricot@gmail.com> Sat, 23 September 2017 12:29 UTC

Return-Path: <chinese.apricot@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C2551201F8 for <dnsop@ietfa.amsl.com>; Sat, 23 Sep 2017 05:29:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.301
X-Spam-Level:
X-Spam-Status: No, score=0.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, GB_RUURL=3, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OX5_hXf4kZGG for <dnsop@ietfa.amsl.com>; Sat, 23 Sep 2017 05:29:22 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3486133352 for <dnsop@ietf.org>; Sat, 23 Sep 2017 05:29:21 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id c195so3507270itb.4 for <dnsop@ietf.org>; Sat, 23 Sep 2017 05:29:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=B26+bl0WV8nSnowgaeL+v7v39SZvOdvwRwgefIm9tYg=; b=mGKRoMY/x7ISEXeJammlLY4GJknydo/8xW/u+V3ffx3kfU4rKkzRrJORNsSss2CssG AOi8W6a7DXLEJWH580Uednnivw1VOw3vfwD7io2fQTRnPHeuE8ttMliL7hd430EW7cLx C8euORHzWM8wFUrYu+WNFl890nl9n30QMtK/VL4v/OsacObDrHjAWyhbtC5puvfufRHj iUbl14gCkPkKQQwn+2MIE5U94c/HmRRoJuJIl5C6JWfoh4WWch9+XEEpFCyVrjmaDcae hJRYHeQ7UI2j6MzPXfFLZg4OvI0GIO6SuSdu8OoybxTWus19z+eTTDL9nZ7yPTrE/tsz 64YQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=B26+bl0WV8nSnowgaeL+v7v39SZvOdvwRwgefIm9tYg=; b=pJTiE4+k9pTJS1rWkAU3QvZtmL0L+BJCN9jL8Zzb3DG3yMWFpDQc8R1tdKS2JT0nr7 oPgtmTW9J6UTmMHmqXKid1bdZN4yyL3mAKfjbo8do56PqtwbuuiU+rz4bU4JVPnIPtdZ w6SZh2Ohu4YEFoBChUewGRVXH20MuZsauDXIDvV8QwtZsHZnGdIkV9IOc1hBxbNtF1/T GUrX95O660GfjEkzhAIELVp+Ls0EHlGzUrTX4VEq2pID9cXvcLB7rXhX3b+QxyHNZnBF FaXh96Nse/dpgIoiMiwvofLSOQZ1CxhY+NhKLAO4wMQ0+GFyikzfbxlPpQm0slJVW64p 56Dg==
X-Gm-Message-State: AHPjjUhqiSbiw+7ECSdV8rFJShpjuUfcEhHkjQFHn/K+qujPGOvvW/PD eRs4RuDmGmWgP2hwsCN5brTmpzUlzAgg/iBQ2no=
X-Google-Smtp-Source: AOwi7QB9tvUotttKmQXyS0DQAdi2uXDJrVIvnZ9hT955gSusjNaU5G4JfwhAT8X+Y94r4g3UqVp4NtUz/tuQ7IdNhRw=
X-Received: by 10.36.182.5 with SMTP id g5mr9829246itf.35.1506169761121; Sat, 23 Sep 2017 05:29:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.22.2 with HTTP; Sat, 23 Sep 2017 05:29:20 -0700 (PDT)
In-Reply-To: <59c3307b.1549ca0a.d58f9.40c8SMTPIN_ADDED_BROKEN@mx.google.com>
References: <150509601027.9852.16967877638602485585@ietfa.amsl.com> <CAAObRXJ6wJGCXkbKVkNmQCJ8NccBT63A8-9-LiRVZCFsDicchw@mail.gmail.com> <CACfw2hhaKTyfJfjQ5-_kfqiHX1oX+9P6mUWD06B87y_2ysdztA@mail.gmail.com> <59c3307b.1549ca0a.d58f9.40c8SMTPIN_ADDED_BROKEN@mx.google.com>
From: william manning <chinese.apricot@gmail.com>
Date: Sat, 23 Sep 2017 05:29:20 -0700
Message-ID: <CACfw2hiJ3QVHeQtbBWahZX=DiFwBHPgfXeFJE49vOWyXKDdeVA@mail.gmail.com>
To: =?UTF-8?B?RGF2ZXkgU29uZyjlrovmnpflgaUp?= <ljsong@biigroup.cn>
Cc: Davey Song <songlinjian@gmail.com>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="089e08201c54954bd20559da79d7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dleD4ucew9ZwzWFS_IqEs---MS4>
Subject: Re: [DNSOP] =?utf-8?b?562U5aSNOiAgRndkOiBJLUQgQWN0aW9uOiBkcmFmdC1z?= =?utf-8?q?ong-atr-large-resp-00=2Etxt?=
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Sep 2017 12:29:24 -0000

there is some evidence to suggest that two factors will drive increasingly
large responses.  first is signing with multiple algorithms and second is
increases in key sizes.  in a worst case model, we have to shift to
the McEliece
cryptosystem, post quantum crypto. for a standard selection of parameters,
the public key is 512 kilobits long.  for quantum computing, key sizes must
be increased by a factor of four due to improvements in information set
decoding.  Attacking and defending the *McEliece cryptosystem*
<https://www.google.com/url?url=http://scholar.google.com/scholar_url%3Furl%3Dftp://nozdr.ru/biblio/kolxo3/Cs/CsLn/Post-Quantum%252520Cryptography,%2525202%252520conf.,%252520PQCrypto%2525202008(LNCS5299,%252520Springer,%2525202008)(ISBN%2525209783540884026)(239s).pdf%2523page%253D40%26hl%3Den%26sa%3DX%26scisig%3DAAGBfm0XEERxI9tL9IfgPGaNOklLIG0r1Q%26nossl%3D1%26oi%3Dscholarr&rct=j&q=&esrc=s&sa=X&ved=0ahUKEwiD6ue0pbvWAhVY-GMKHeFKBUIQgAMIJygAMAA&usg=AFQjCNHV1StJs0Pom6FVNA77UEgVzinRbw>
 - ‎Bernstein   ....   so, yes, bigger responses should be planned for.
Anyone for DNS over BitTorrent?  :)

/Wm

On Wed, Sep 20, 2017 at 8:22 PM, Davey Song(宋林健) <ljsong@biigroup.cn> wrote:

> Thank you.
>
>
>
> The large DNS response in IPv6 is a real problem. ATR is one option to adopted in authoritative  server alone. If someone or party have more influence on both resolver and authoritative side (cloud and app provider who can choose their own DNS resolution path),  Mukund’s proposal to fragment the DNS message is a good solution.   https://tools.ietf.org/html/draft-muks-dns-message-fragments-00
>
>
>
> So I do recommend ATR and DNS message fragments should be both considered
>  in a tool box for large DNS response issues.
>
>
>
> Davey
>
>
>
> *发件人:* DNSOP [mailto:dnsop-bounces@ietf.org] *代表 *william manning
> *发送时间:* 2017年9月21日 1:30
> *收件人:* Davey Song
> *抄送:* dnsop
> *主题:* Re: [DNSOP] Fwd: I-D Action: draft-song-atr-large-resp-00.txt
>
>
>
> i think this is a worthy document for consideration.
>
>
>
> /Wm
>
>
>
> On Sun, Sep 10, 2017 at 9:29 PM, Davey Song <songlinjian@gmail.com> wrote:
>
> Hi folks,
>
>
>
> I just submit a draft dealing with issue of large DNS response especially
> in IPv6. Commnets are welcome.
>
>
>
> If chairs think it is in the scope of dnsop wg and encourage us to discuss
> it in this mailing list, I can submit it as a draft listed in dnsop wg.
>
>
>
> Davey
>
>
>
>
>
> ---------- Forwarded message ----------
> From: <internet-drafts@ietf.org>
> Date: 11 September 2017 at 10:13
> Subject: I-D Action: draft-song-atr-large-resp-00.txt
> To: i-d-announce@ietf.org
>
>
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
>
>
>         Title           : ATR: Additional Truncated Response for Large DNS
> Response
>         Author          : Linjian Song
>         Filename        : draft-song-atr-large-resp-00.txt
>         Pages           : 8
>         Date            : 2017-09-10
>
> Abstract:
>    As the increasing use of DNSSEC and IPv6, there are more public
>    evidence and concerns on IPv6 fragmentation issues due to larger DNS
>    payloads over IPv6.  This memo introduces an simple improvement on
>    authoritative server by replying additional truncated response just
>    after the normal large response.
>
>    REMOVE BEFORE PUBLICATION: The source of the document with test
>    script is currently placed at GitHub [ATR-Github].  Comments and pull
>    request are welcome.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-song-atr-large-resp/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-song-atr-large-resp-00
> https://datatracker.ietf.org/doc/html/draft-song-atr-large-resp-00
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> I-D-Announce mailing list
> I-D-Announce@ietf.org
> https://www.ietf.org/mailman/listinfo/i-d-announce
> Internet-Draft directories: http://www.ietf.org/shadow.html
> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
>
>