Greetings, The current DNS Cookies document (draft-ietf-dnsop-cookies-01) has two similar but distinct protocols described in it: the DNS Cookie option as designed by Donald Eastlake, and the Simple DNS Cookie option designed by Mark Andrews and experimentally implemented (under the name Server Identity Token, or SIT) in BIND 9.10.
The chief difference between the two is the presence of an error code field in Eastlake cookies; Andrews found it redundant/unnecessary (as discussed in https://www.ietf.org/mail-archive/web/dnsop/current/msg13984.html). The hope was that including both mechanisms in the draft would lead to a working group discussion about whether the error code is, in fact, necessary or desirable; unfortunately, not much discussion has happened yet. I would very much like to see this protocol nailed down enough that we can request a code point and start including this feature in BIND without the #ifdef's around it. I'm hoping for WGLC in the Prague timeframe. May I request that people weigh in on the error code issue? Speaking for myself, I agree with Mark: the benefits of including error codes in the option are slim and other mechanisms such as FORMERR work just as well in almost every scenario, so it doesn't justify the cost in additional complexity. Thanks, -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
