IETF Logo Mail Archive

Re: [secdir] [Last-Call] [DNSOP] Secdir last call review of draft-ietf-dnsop-server-cookies-04

Willem Toorop <willem@nlnetlabs.nl> Thu, 03 December 2020 14:29 UTC

Return-Path: <willem@nlnetlabs.nl>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7B3D3A0C3A; Thu, 3 Dec 2020 06:29:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AcGNx88XXyIC; Thu, 3 Dec 2020 06:29:09 -0800 (PST)
Received: from outbound.soverin.net (outbound.soverin.net [IPv6:2a01:4f8:fff0:2d:8::218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24D063A0CC3; Thu, 3 Dec 2020 06:28:46 -0800 (PST)
Received: from smtp.soverin.net (unknown [10.10.3.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id 7A90960199; Thu, 3 Dec 2020 14:28:43 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.138]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1607005722; bh=yiiBaK5Bn+r/eav8uR9kBKEA5ApVZ9eJ1YbO8zKreFk=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=WPxAIyvsgSWmu77b6QcnUOZzhPxR49ds+iweMYGlSM7SvB5l36KHn7+zeZ0QJ+txU FuxywDDpQKUBiXudT4CHPRHBCIqcW8lVT1xZGFQ1GXyzvoClwHVvm5QEVpynoTk8rY UTO7HAyLYoGdmQhA9f7KYX0dL/K7Qn3HHvTCssWNU0sykmwMxzoi46oPi6i3NMdgrT XMYGLJW8FHlvrfbc0HrX7674a9MbctfAhFpCbwCmfO803heHnaiQiJZo+E9mxBTDiN JR1VpqLVctYgjMkV7PiJmvQV3l8m3nsM0NvIRjMvC/i45olulHHe1ACSRCWl/JS1DP I8L9QlFA4wNxQ==
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Ondřej Sur ý <ondrej@isc.org>
Cc: last-call@ietf.org, draft-ietf-dnsop-server-cookies.all@ietf.org, dnsop@ietf.org, secdir@ietf.org
References: <160693121881.9413.5642470305677631145@ietfa.amsl.com> <17AFD6F5-11DA-41BC-8C37-E1893648041D@isc.org> <75c266ba-573a-29e3-621d-aea9b27f195f@cs.tcd.ie> <b23d3f2b-4b4f-f70c-ff53-cbd2c229a887@nlnetlabs.nl> <d263c879-6c85-fbc3-3484-02402b1c52aa@cs.tcd.ie> <9a15fe4b-7850-3558-78d8-7ad7f90fd97d@nlnetlabs.nl> <86e60c0a-58c6-0ef8-d348-ef1f6f72fab9@cs.tcd.ie>
From: Willem Toorop <willem@nlnetlabs.nl>
Message-ID: <4e1fee2b-9584-149b-cc48-e465715ffa87@nlnetlabs.nl>
Date: Thu, 03 Dec 2020 15:28:37 +0100
MIME-Version: 1.0
In-Reply-To: <86e60c0a-58c6-0ef8-d348-ef1f6f72fab9@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/eGSBMIwkaJjOy9EXtw5lqcgrZRM>
Subject: Re: [secdir] [Last-Call] [DNSOP] Secdir last call review of draft-ietf-dnsop-server-cookies-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Dec 2020 14:29:14 -0000

Op 02-12-2020 om 23:31 schreef Stephen Farrell:

<snip>

> FWIW, I'd say it's worth a few more words to try reduce
> the probability of such failures happening, e.g. maybe
> just highlighting the "unsigned/2106" point you made
> above would be enough. But, if the WG don't want to do
> that, that's also fine by me.

Sure, NP. I'll include Brian Dicksen's provided clarification in the
text. Also, I approached Jean-Philippe Aumasson and he fixed the url we
used in the draft for SipHash, but recommends to use this one in the future:

https://www.aumasson.jp/siphash/

So I'll change that too.

Cheers,
-- Willem

v2.23.0 | Report a Bug | By Email