[DNSOP] Artart telechat review of draft-ietf-dnsop-avoid-fragmentation-16
Barry Leiba via Datatracker <noreply@ietf.org> Sat, 30 December 2023 03:40 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: dnsop@ietf.org
Delivered-To: dnsop@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AF26C151993; Fri, 29 Dec 2023 19:40:52 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba via Datatracker <noreply@ietf.org>
To: art@ietf.org
Cc: dnsop@ietf.org, draft-ietf-dnsop-avoid-fragmentation.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170390765227.35660.13790056130891751625@ietfa.amsl.com>
Reply-To: Barry Leiba <barryleiba@computer.org>
Date: Fri, 29 Dec 2023 19:40:52 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qF54AS66r0Qi8c3fLLD89vfe9Kw>
Subject: [DNSOP] Artart telechat review of draft-ietf-dnsop-avoid-fragmentation-16
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Dec 2023 03:40:52 -0000
Reviewer: Barry Leiba Review result: Ready with Nits Thanks for addressing most comments from my earlier review. One remains, and I didn’t see an email response about it, so I don’t know whether there was a reason not to make a change or if it just got overlooked: — Section 7.2 — If a UDP response packet is dropped (for any reason), it increases the attack window for poisoning the requestor's cache. But Section 3.2 says this: R7. UDP requestors MAY drop fragmented DNS/UDP responses without IP reassembly to avoid cache poisoning attacks. …which seems to be contradictory. Can you clarify this apparent contradiction in one place or both?
- [DNSOP] Artart telechat review of draft-ietf-dnso… Barry Leiba via Datatracker
- Re: [DNSOP] Artart telechat review of draft-ietf-… Paul Vixie