[DNSOP] Artart telechat review of draft-ietf-dnsop-avoid-fragmentation-16

Barry Leiba via Datatracker <noreply@ietf.org> Sat, 30 December 2023 03:40 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Barry Leiba via Datatracker <noreply@ietf.org>
To: art@ietf.org
Cc: dnsop@ietf.org, draft-ietf-dnsop-avoid-fragmentation.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170390765227.35660.13790056130891751625@ietfa.amsl.com>
Reply-To: Barry Leiba <barryleiba@computer.org>
Date: Fri, 29 Dec 2023 19:40:52 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/qF54AS66r0Qi8c3fLLD89vfe9Kw>
Subject: [DNSOP] Artart telechat review of draft-ietf-dnsop-avoid-fragmentation-16

Reviewer: Barry Leiba
Review result: Ready with Nits

Thanks for addressing most comments from my earlier review.  One remains, and I
didn’t see an email response about it, so I don’t know whether there was a
reason not to make a change or if it just got overlooked:

— Section 7.2 —

   If a UDP response packet is dropped (for any reason), it increases
   the attack window for poisoning the requestor's cache.

But Section 3.2 says this:

   R7.  UDP requestors MAY drop fragmented DNS/UDP responses without IP
   reassembly to avoid cache poisoning attacks.

…which seems to be contradictory.  Can you clarify this apparent contradiction
in one place or both?

[DNSOP] Artart telechat review of draft-ietf-dnso… Barry Leiba via Datatracker
Re: [DNSOP] Artart telechat review of draft-ietf-… Paul Vixie