Re: [DNSOP] [Ext] Re: Processing error codes in draft-ietf-dnsop-extended-error-10

Wes Hardaker <wjhns1@hardakers.net> Tue, 01 October 2019 23:39 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1348212012C for <dnsop@ietfa.amsl.com>; Tue, 1 Oct 2019 16:39:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LLBpAgUap08Y for <dnsop@ietfa.amsl.com>; Tue, 1 Oct 2019 16:39:39 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B631C120089 for <dnsop@ietf.org>; Tue, 1 Oct 2019 16:39:39 -0700 (PDT)
Received: from localhost (unknown [10.0.0.3]) by mail.hardakers.net (Postfix) with ESMTPA id 4789F29D85; Tue, 1 Oct 2019 16:39:39 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Bob Harold <rharolde@umich.edu>
Cc: Paul Hoffman <paul.hoffman@icann.org>, "dnsop\@ietf.org" <dnsop@ietf.org>
References: <CAMOjQcEtDBR29yKmOTvnx-7B7SmC9pox_kzOCKs4jBMQr1VSTA@mail.gmail.com> <yblblv15wv0.fsf@w7.hardakers.net> <6419da25-924e-8d54-0700-48a4cd6d4d34@icann.org> <yblimp92xgc.fsf@w7.hardakers.net> <0dff410f-4218-1d3a-3037-2b43fc64a86c@icann.org> <CA+nkc8C824AWbduK0=RYnbtrAU9fcUq78psnk3UG8QEqK9Oc5Q@mail.gmail.com>
Date: Tue, 01 Oct 2019 16:39:39 -0700
In-Reply-To: <CA+nkc8C824AWbduK0=RYnbtrAU9fcUq78psnk3UG8QEqK9Oc5Q@mail.gmail.com> (Bob Harold's message of "Tue, 1 Oct 2019 15:01:02 -0400")
Message-ID: <yblftkchw78.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ghLijDfvoSEuVNbp3h4SqSBBbeg>
Subject: Re: [DNSOP] [Ext] Re: Processing error codes in draft-ietf-dnsop-extended-error-10
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 23:39:41 -0000

Bob Harold <rharolde@umich.edu> writes:

>     > Did you read the new replacement sentence?
>     >
>     >        Applications MUST continue to follow requirements from applicable
>     >        specs on how to process RCODEs no matter what EDE values is also
>     >        received.
>     >
>     > Is that sufficient?
>    
>     Yes, thank you.
>    
>     --Paul Hoffman
> 
> Just a note. The original draft had a 'retry' code that was intended
> to change how the client reacted. That has been removed, but there
> are still some that would like to 'act on' the EDE.  One reason given
> for not doing that is that is can be spoofed or changed by attackers,
> so it cannot be trusted. I was hoping that this could improve some
> cases where the client is not acting in an optimal way, but I can
> understand why that would be discouraged.  Should we warn implementers
> of the issues, but still not forbid acting on them?

Well, I think the new text tries to do this, no?  Specifically, we're
now saying "follow other specs", but we don't specifically prohibit
not-acting if there are no other specs that intervene.
-- 
Wes Hardaker
USC/ISI