IETF Logo Mail Archive

Re: [DNSOP] 5011-security-considerations and the safetyMargin

Wes Hardaker <wjhns1@hardakers.net> Wed, 29 November 2017 22:15 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 011D8126D3F for <dnsop@ietfa.amsl.com>; Wed, 29 Nov 2017 14:15:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rirr969-kxBq for <dnsop@ietfa.amsl.com>; Wed, 29 Nov 2017 14:15:32 -0800 (PST)
Received: from mail.hardakers.net (dawn.hardakers.net [IPv6:2001:470:1f00:187::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B977124BE8 for <dnsop@ietf.org>; Wed, 29 Nov 2017 14:15:32 -0800 (PST)
Received: from localhost (50-1-20-198.dsl.static.fusionbroadband.com [50.1.20.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.hardakers.net (Postfix) with ESMTPSA id 8AA5023156; Wed, 29 Nov 2017 14:15:30 -0800 (PST)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Michael StJohns <msj@nthpermutation.com>
Cc: Wes Hardaker <wjhns1@hardakers.net>, IETF DNSOP WG <dnsop@ietf.org>
References: <ybld14kpaz4.fsf@wu.hardakers.net> <df6bee9d-c140-995b-e45d-fa12f76103f5@pletterpet.nl> <CA+nkc8A=Z2rB7iByow09zFeL45sf6NZcj36KRqDQZ7Cw1kNtUQ@mail.gmail.com> <CANeU+ZC7fVrodoRC60CJ3z9MSsoPxbNRJPPaQFNphPeGzPd=Qw@mail.gmail.com> <yblwp2kgblr.fsf@w7.hardakers.net> <53d210a2-b4dc-f2ce-33a8-4964cba64c4c@nthpermutation.com>
Date: Wed, 29 Nov 2017 14:15:30 -0800
In-Reply-To: <53d210a2-b4dc-f2ce-33a8-4964cba64c4c@nthpermutation.com> (Michael StJohns's message of "Mon, 20 Nov 2017 14:47:48 -0500")
Message-ID: <ybl8teoivel.fsf@wu.hardakers.net>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mpmGtYJ1tE4CpfLMbC0-lsBhTeE>
Subject: Re: [DNSOP] 5011-security-considerations and the safetyMargin
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2017 22:15:34 -0000

Michael StJohns <msj@nthpermutation.com> writes:

> Ok - after thinking about it, it turns out to be fairly simple.

Thanks for the math and text.  Based on your text, I've added (back) the
section on safetyMargin.  Can you check the -08 version to see if I
mis-spoke you at all?  Note that I added a few more lines and rounded
all the numbers up, since resolvers won't query in a fraction of an
increment.

-- 
Wes Hardaker
USC/ISI

v2.30.2 | Report a Bug | By Email | System Status