IETF Logo Mail Archive

Re: [DNSOP] More keys in the DNSKEY RRset at ., and draft-ietf-dnsop-respsize-nn

Tony Finch <dot@dotat.at> Wed, 15 January 2014 11:41 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA1F91AE35E for <dnsop@ietfa.amsl.com>; Wed, 15 Jan 2014 03:41:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.438
X-Spam-Level:
X-Spam-Status: No, score=-2.438 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.538] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MGdP77jwvoML for <dnsop@ietfa.amsl.com>; Wed, 15 Jan 2014 03:41:12 -0800 (PST)
Received: from ppsw-33.csi.cam.ac.uk (ppsw-33.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f33]) by ietfa.amsl.com (Postfix) with ESMTP id 464DB1AE35A for <dnsop@ietf.org>; Wed, 15 Jan 2014 03:41:12 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:48590) by ppsw-33.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.157]:25) with esmtpa (EXTERNAL:fanf2) id 1W3OqC-0005BD-gu (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 15 Jan 2014 11:41:00 +0000
Received: from fanf2 by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1W3OqC-0006Hg-81 (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Wed, 15 Jan 2014 11:41:00 +0000
Date: Wed, 15 Jan 2014 11:41:00 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Andrew Sullivan <ajs@anvilwalrusden.com>
In-Reply-To: <20140114172240.GO17198@mx1.yitter.info>
Message-ID: <alpine.LSU.2.00.1401151130490.13642@hermes-2.csi.cam.ac.uk>
References: <20140114172240.GO17198@mx1.yitter.info>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] More keys in the DNSKEY RRset at ., and draft-ietf-dnsop-respsize-nn
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jan 2014 11:41:13 -0000

Andrew Sullivan <ajs@anvilwalrusden.com> wrote:

> I am not sure I am so sanguine, but this put in my mind the
> draft-ietf-dnsop-respsize draft, which I now realise was never
> published as an RFC.
>
> I'd like this thread to discuss the "so what, use TCP!" remark.

Nice idea.

http://www.potaroo.net/ispcol/2013-09/dnstcp.html

> I'd also like to ask either the chairs or the WG whether
> draft-ietf-dnsop-respsize-14 needs revision and, if so, what revision to
> be publishable, because I think it's needed advice.

It needs to cover the effect of EDNS0 pseudo-records on truncation, and
the extra DNSSEC records that appear in secure referrals. What about the
interaction between EDNS buffer size and MTU and middleboxes? Haya Shulman
has some attacks that could be discussed in the security considerations
section.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

v2.23.0 | Report a Bug | By Email