On Aug 4, 2015, at 12:30 PM, Donald Eastlake <d3e...@gmail.com> wrote: > I think Mark was pointing out that if you > are under attack and want to use weak authentication to help resist > that attack, there is no particular reason to push cookie supporting > clients to TCP to provide that authentication. COOKIEs provide weak > authentication roughly equivalent to TCP while continue to use less > burdensome UDP.
I think it’s a fair point that static cookies can be a more effective fallback than TCP, given the way TCP is generally implemented in host operating system stacks. I’m not sure this is the best cure for that problem, however. Essentially, you are fixing a transport layer problem with an app-layer kludge.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
