Dear DNSOP,

I submitted draft-fujiwara-dnsop-avoid-fragmentation-00.

  https://tools.ietf.org/html/draft-fujiwara-dnsop-avoid-fragmentation-00

It proposes avoid IP fragmentation operation in DNS.

I removed details of attack to path MTU discovery and cache poisoning
attacks using IP fragmentation from
draft-fujiwara-dnsop-fragmentation-attack01, and changed as
recommendations.

Details of attacks are written in slides at OARC 30.
https://indico.dns-oarc.net/event/31/contributions/692/attachments/660/1115/fujiwara-5.pdf
  

If the draft is interested, I will request timeslot at IETF 105.

I think it is time to consider to avoid IP Fragmentation in DNS.
It is possible to avoid IP fragmentation as much as possible.

It is not good that DNS is the biggest user of IP fragmentation.

Regards,

--
Kazunori Fujiwara, JPRS <fujiw...@jprs.co.jp>



A new version of I-D, draft-fujiwara-dnsop-avoid-fragmentation-00.txt
has been successfully submitted by Kazunori Fujiwara and posted to the
IETF repository.

Name:           draft-fujiwara-dnsop-avoid-fragmentation
Revision:       00
Title:          Avoid IP fragmentation in DNS
Document date:  2019-07-04
Group:          Individual Submission
Pages:          5
URL:            
https://www.ietf.org/internet-drafts/draft-fujiwara-dnsop-avoid-fragmentation-00.txt
Status:         
https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/
Htmlized:       
https://tools.ietf.org/html/draft-fujiwara-dnsop-avoid-fragmentation-00
Htmlized:       
https://datatracker.ietf.org/doc/html/draft-fujiwara-dnsop-avoid-fragmentation


Abstract:
   Path MTU discovery is vulnerable and IP fragmentation may cause
   protocol weakness.  Currently, DNS is said to be the biggest user of
   IP fragmentation.  However, it is possible to avoid IP fragmentation
   in DNS because TCP transport and truncation work well.  This document
   proposes to avoid IP fragmentation in DNS.

                                                                                
  


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to