Hi All, The only change since the previous version (i.e. draft-sury-toorop-dnsop-server-cookies-00) is that we no longer recommend to include the Client IP address with constructing client cookies:
When implementing DNS Cookies, several DNS vendors found that impractical as the Client Cookie is typically computed before the Client IP address is known. Therefore, the requirement to put Client IP address as input to was removed, and it simply RECOMMENDED to disable the DNS Cookies when privacy is required. herefore, the requirement to put Client IP address as input to was removed, and it simply RECOMMENDED to disable the DNS Cookies when privacy is required. -- Willem On 09-09-19 12:26, internet-dra...@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Domain Name System Operations WG of the IETF. > > Title : Interoperable Domain Name System (DNS) Server > Cookies > Authors : Ondrej Sury > Willem Toorop > Donald E. Eastlake 3rd > Mark Andrews > Filename : draft-ietf-dnsop-server-cookies-00.txt > Pages : 14 > Date : 2019-09-09 > > Abstract: > DNS cookies, as specified in RFC 7873, are a lightweight DNS > transaction security mechanism that provides limited protection to > DNS servers and clients against a variety of denial-of-service and > amplification, forgery, or cache poisoning attacks by off-path > attackers. > > This document provides precise directions for creating Server Cookies > so that an anycast server set including diverse implementations will > interoperate with standard clients. > > This document updates [RFC7873] > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-server-cookies/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-ietf-dnsop-server-cookies-00 > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-server-cookies-00 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
