IETF Logo Mail Archive

[DNSOP] Seeking discussion of draft-ietf-dnsop-cookies-01

Evan Hunt <each@isc.org> Fri, 01 May 2015 23:21 UTC

Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DF821A6EED for <dnsop@ietfa.amsl.com>; Fri, 1 May 2015 16:21:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xdIIRlsV-iwr for <dnsop@ietfa.amsl.com>; Fri, 1 May 2015 16:21:34 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E4C21A872B for <dnsop@ietf.org>; Fri, 1 May 2015 16:21:34 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 831DE1FCB4F for <dnsop@ietf.org>; Fri, 1 May 2015 23:21:31 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 4B925216C1C; Fri, 1 May 2015 23:21:30 +0000 (UTC)
Date: Fri, 01 May 2015 23:21:30 +0000
From: Evan Hunt <each@isc.org>
To: IETF DNSOP WG <dnsop@ietf.org>
Message-ID: <20150501232130.GA13049@isc.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/phWRcO5nO-Ho1p6X3mX1LbTkr_U>
Subject: [DNSOP] Seeking discussion of draft-ietf-dnsop-cookies-01
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 May 2015 23:21:36 -0000

Greetings,

The current DNS Cookies document (draft-ietf-dnsop-cookies-01) has two
similar but distinct protocols described in it: the DNS Cookie option as
designed by Donald Eastlake, and the Simple DNS Cookie option designed by
Mark Andrews and experimentally implemented (under the name Server Identity
Token, or SIT) in BIND 9.10.

The chief difference between the two is the presence of an error code field
in Eastlake cookies; Andrews found it redundant/unnecessary (as discussed
in https://www.ietf.org/mail-archive/web/dnsop/current/msg13984.html).
The hope was that including both mechanisms in the draft would lead to
a working group discussion about whether the error code is, in fact,
necessary or desirable; unfortunately, not much discussion has happened
yet.

I would very much like to see this protocol nailed down enough that
we can request a code point and start including this feature in BIND
without the #ifdef's around it.  I'm hoping for WGLC in the Prague
timeframe.  May I request that people weigh in on the error code
issue?

Speaking for myself, I agree with Mark: the benefits of including error
codes in the option are slim and other mechanisms such as FORMERR work
just as well in almost every scenario, so it doesn't justify the cost in
additional complexity.

Thanks,

-- 
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.

v2.23.0 | Report a Bug | By Email