[DNSOP] Fwd: New Version Notification for draft-sury-toorop-dnsop-server-cookies-00.txt
Willem Toorop <willem@nlnetlabs.nl> Wed, 26 June 2019 12:40 UTC
Return-Path: <willem@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E143120393 for <dnsop@ietfa.amsl.com>; Wed, 26 Jun 2019 05:40:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.999
X-Spam-Level:
X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XCqYCQceDCCj for <dnsop@ietfa.amsl.com>; Wed, 26 Jun 2019 05:40:02 -0700 (PDT)
Received: from dicht.nlnetlabs.nl (dicht.nlnetlabs.nl [IPv6:2a04:b900::1:0:0:10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7270C12013F for <dnsop@ietf.org>; Wed, 26 Jun 2019 05:40:02 -0700 (PDT)
Received: from [IPv6:2a04:b900:0:1:bd41:b937:46b8:a8fd] (unknown [IPv6:2a04:b900:0:1:bd41:b937:46b8:a8fd]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id 93AE917630 for <dnsop@ietf.org>; Wed, 26 Jun 2019 14:39:59 +0200 (CEST)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=pass (p=none dis=none) header.from=nlnetlabs.nl
Authentication-Results: dicht.nlnetlabs.nl; spf=pass smtp.mailfrom=willem@nlnetlabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1561552799; bh=UeqFMV4capQnONt6l0N0BfleERQgjbZ5bh9pfv7/oEM=; h=References:To:From:Subject:Date:In-Reply-To; b=Dem0Rj8JNhX7HEcf8vaYO0iIdPbhyKjqW0chfpuyPvNF3hYuhQxZfKcubTcvHooF1 tVDlEEW7Njk/7LvWW8jDCv/6pXPXOqpNwErUE7f9EgRvB7MAlkHZ988fr/8YKJrwWq DhXa5+3P1rtE0vZijxPupKulq2hC7C1eN2hpMooM=
References: <156154757834.20253.4166386018985264543.idtracker@ietfa.amsl.com>
To: dnsop@ietf.org
From: Willem Toorop <willem@nlnetlabs.nl>
Openpgp: preference=signencrypt
Autocrypt: addr=willem@nlnetlabs.nl; prefer-encrypt=mutual; keydata= mQINBE1s81EBEACuJzGgccrmYEAzHc//vBq66gH7orM0GtKfQZHh4uR1FMxZXl07WevUYNuB ywTpinU9rpY1Q3S4w6QgNklgpsaHXmbOpyFjJ8FpllV8TRPiXiNrNxTpMnlb6InoszopX69t kBVHTP6cJkNgPx6R4BM0ARqEGQmOL8mAcoWyGVzbsamuGRaia54zs/kc3i9yiqEzRkoQmfwr 7sr49n7gOpmaqXvonOSiUvgEziep77emMcqVa/qZxR1r7KUq85qTNTqsQwl2cQdKS7WwOeuG 6ZIJmJ1bakriKzLBYF5xIHKSYJW0ZA20tNFrVKgTkEjiXvAJh4HlJEIi35tqa/IzWUJSc1ai nhBjxbwSl8BRq5aaPgwB+xXiDqY6BrQW1slvl5TF2A6Xr7JJ0rkH3EZgXxABAZ3WJ3RLwq1z 8jnNYj+UW/mSLsbOtgfOiBhFUXMZneHvVVvz6F6XAtyrejDl5sD2gnzm1VDfK6T6bvLtR7zr kWre0lpycDmgmUKgaEiXzfLvwT9RaWk8GdqU2GG+QOiwf+hT0peDieuodjMr59sUbx7GqVe/ 45rJBRSx+HCl2Jm7Th2Xr0kpStCd7ebVoEq9wpMyu+dM9wOTtibA9P3+9u4rAdimpAdQxEbh WbRNCng2EVhThbqRK3cTZLbtqKaWgAJqa/IQVpL9b5ps8Z4JVQARAQABtCNXaWxsZW0gVG9v cm9wIDx3aWxsZW1AbmxuZXRsYWJzLm5sPokCPgQTAQIAKAIbIwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AFAlbUE5oFCRDr7kkACgkQ5fj4IS93pJiGfA/8C1+/M+EaQItVzQ/iPCbagBTq WOSispMzJne9gmimJzPs+lxgnrXOuYlIBywHpWB2Jmz45h+Cc4+di48WQfV9tHENn9MVFkwK zSdcY6v5eot6xSY5FRHS226MPR9UJ8/z5PvlizZUVbbM+Ngxg3Rx045Q0FnQm0o5VasEJ1Po R3CSiELJoZ13ukTk5pQlKyVknUKH1E1ds+Xtg1jpZBqiLiBzcLkKWYqBvrXI6XAEPr+woRgj 3xV8P24Uj232uK7xoe82jWIeZWXt/AbHBSmNOWPIgMd9i3FjdeTDml5sZSy3BlDYMr8hINen hYLhdLpJnXwPcsaj0ivcV+xSjLtSh0mE4gudcVhk5XR1M6emSlATC6+Bqn0M9JNTn4SHhkNS yo87aPwKqWFDlvjAZlRyPym9miJBlzech2uOlYSk6GFuead7MpGAipf5PwNNRKDMDi3y+H47 YG2izbrqj3cOZdqZmErwrzCU8xVkxzY/EY6w/MNMFNeqmXVGxzIZ8y9KAjH6JO96M/AxS4mX HJh1ocfHtSm90Ahy/HPJK+2+5+IgkAymKsvyIbvjs7FccMUo+OiSPWYi+xO/NXA4pBlUuGmV 55Kog7ym1flzo8OD9uHfLPrVORBHgnsITbzf9vgJ0emy8fxMCkzFT334gC1OVhD1ff1frbPX yVbcGI8AO+q5Ag0ETWzzUQEQAKTs4hWz94K66PtsHj/cBtHmJCJx9BsHP8eoUjd4iBR7cWgT Tgt1PGCNBzCPGIuUia808dqxu1L8OWjQpwXDCjXqAibn0mCJMRONVszxJKkjYnZGKGOo8cg7 OmQBZyEd6qrfxVf/dwHLsdQTJZzz9bGOxuYVAAu0q3PHW5gGFc+pp3eN47qzGMxEjsoETj/c laxjqisohG13/hkP6PvDoD7OOdOGdQQP8b4GRBD6rZ/FqMLv4C80zDnzCH1rLpNGQplf1any 06WTAsDL4f6gEALH62TIxOX4U7WxeuvHxyKXOAuN+ex/MvF2az124YbcWC7t1dqVW3ys20zK aememyXSKxV6aMn4KBcJF3CdM1oABZDyviL9el7Q/yQylpZC6El4QowaPIOAuzOdIc6cuM6P TWvBArcKVgQhWfJshfeFmfkxpz/hWc9K40yCjmb+hPZIr3RbXSsQItUUkBqOSMHNroIgX+Ia WMq3e7yMHdMqlKr0lU52lfBbfECjleB/NO4K3SGJBPzTgLtze+LsWxSJQoQMWKv6ISwQrW3r smUjqgQNrSGROX3rRy8Nvuzravs4a3FmdUpHIWw2KfY2M6AsX9HBFuRsimgqFjQm5VbqXA7N tHJCnA1RvqXlg/iJ5w+DElHosxwjHS+UbejDGmVQ+ITqlh3991osPjZq1Iy1ABEBAAGJAiUE GAECAA8CGwwFAlbUE5oFCRDr7kkACgkQ5fj4IS93pJjBwxAAnko5CSFDX/ZqW97satNacACH SAOOM8/jz1p2QtJSwbrbLsJRMpN1mSnjXWPBTmXoP4SGHGtxTVZxrYCpSMEHMqOV4yK3QlUn QXnf+CSvo2Ud3rpCh/lFLVHqG2Sy5Ietf/T+GGsoPd9DIdTHO0aFlW2yRQPxSrbYpv1v2aAC gRO4114qkex2j36diqlLod/OU4OQ51nuSesjTrUM9Fz6ikBJ1UDjakjAXe/HiRxUmdv4LANC mso+Gn17Co5lUdpn3fa8zTwNNAgLm6RBiBSSdaYExM9ir6pHrcWL5N+iZKnVmfE5CBufziZq 7V1E3I4FRuvDN4echbf58c6YxBQDsd9VZMJeFWY60w4JEXpHQdt129GS1FN/2PQ8NmAUXYCk YYk6Lv1tnGJCSLnD3ObLyWm+sjA5yAK2H8WU+nutsDF63yFJujNMpmB3bi9+699TzsyQNVKd 2fH38cgk1gZFb6Nbx9+lrTIwzAJJlOu8UwbR0HgGuRmrWp0EIm3tcy4xqWF3CavnM22BAOKK KH+qnwx8BRrx58coHQFMswW4W7Bo+jpKbQJ4RV2cXUEbmHbYUoXDHZyv/RzOI46dXAoWFc3o CoqLqpsZYZstJ4UJHXB5aHi1zxJDwzKxsflmSKfIUr3glRWCy/ylcPMEXzPBb3qbGFMUboio UjqLuNV4SSY=
X-Forwarded-Message-Id: <156154757834.20253.4166386018985264543.idtracker@ietfa.amsl.com>
Message-ID: <42e9f387-40ca-d413-d68f-22ec85d14f66@nlnetlabs.nl>
Date: Wed, 26 Jun 2019 14:39:59 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1
MIME-Version: 1.0
In-Reply-To: <156154757834.20253.4166386018985264543.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/owKDja2IO7btbNB79Z6xMqGXzT8>
Subject: [DNSOP] Fwd: New Version Notification for draft-sury-toorop-dnsop-server-cookies-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jun 2019 12:40:05 -0000
Dear All, A new draft has been submitted addressing the issue of DNS Cookies in multi-vendor anycast deployments. DNS Cookies are currently impractical in such deployments, because one implementation - even though it shares its secret with another implementation - cannot validate the Server Cookies constructed by that other implementation, because their methods for constructing Server Cookies differ. This draft provides precise directions for creating Server Cookies to align the implementations. This draft introduces a registry for methods suitable for Cookie construction. This draft deprecates all previous methods of creating Server Cookies and introduces an inter-operable method (version 1) employing the SipHash-2.4 pseudorandom function. This is an update on draft-sury-toorop-dns-cookies-algorithms-00 draft based on the experience we gained during the hackathon at IETF105. Mark Andrews and Donald Eastlake are added as co-authors. Willem -------- Forwarded Message -------- Subject: New Version Notification for draft-sury-toorop-dnsop-server-cookies-00.txt Date: Wed, 26 Jun 2019 04:12:58 -0700 From: internet-drafts@ietf.org To: Mark Andrews <marka@isc.org>, Willem Toorop <willem@nlnetlabs.nl>, Donald E. Eastlake 3rd <d3e3e3@gmail.com>, Ondrej Sury <ondrej@isc.org>, Donald Eastlake <d3e3e3@gmail.com> A new version of I-D, draft-sury-toorop-dnsop-server-cookies-00.txt has been successfully submitted by Willem Toorop and posted to the IETF repository. Name: draft-sury-toorop-dnsop-server-cookies Revision: 00 Title: Interoperable Domain Name System (DNS) Server Cookies Document date: 2019-06-26 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/internet-drafts/draft-sury-toorop-dnsop-server-cookies-00.txt Status: https://datatracker.ietf.org/doc/draft-sury-toorop-dnsop-server-cookies/ Htmlized: https://tools.ietf.org/html/draft-sury-toorop-dnsop-server-cookies-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-sury-toorop-dnsop-server-cookies Abstract: DNS cookies, as specified in RFC 7873, are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of denial-of-service and amplification, forgery, or cache poisoning attacks by off-path attackers. This document provides precise directions for creating Server Cookies so that an anycast server set including diverse implementations will interoperate with standard clients. This document updates [RFC7873] Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [DNSOP] Fwd: New Version Notification for draft-s… Willem Toorop