On Aug 5, 2015, at 2:05 PM, Ted Lemon <ted.le...@nominum.com> wrote: >> Actually there are good reasons for clients to implement cookies. >> They reduce the amount of port randomisation that needs to happen >> in a recursive server (if the server supports cookies you don't >> need to randomise the source port) and client cookies work even >> when the NATs undoes port randomisation. > > The isn’t mentioned in the draft.
Actually it is mentioned in the draft—my stupid search just didn’t find it. Sorry about that. The discussion in the draft assumes that an attacker on the wire would be unable to snoop and then use a legitimate client’s cookie. This isn’t a valid assumption.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
