Re: [DNSOP] Comments on draft-ietf-dnsop-extended-error-08

Paul Hoffman writes: Hi Paul, Thanks for the comments and good suggestions. Responses below inside my todo list of action: 12 Paul Hoffman === Greetings again. The changes here generally help the document, but they also highlight some of the deficiencies. A few comments on the

Re: [DNSOP] I-D Action: draft-ietf-dnsop-extended-error-08.txt

Vittorio Bertola writes: > > Il 10 agosto 2019 20:57 Wes Hardaker ha scritto: > > > > 4) Now that this has had multiple implementations (though they'll need > > to change after the packet format and code changes [that they > > requested]), this is likely ready for last call after passing throug

Re: [DNSOP] Do53 vs DoT vs DoH Page Load Performance Study at ANRW

Hello, Was the source code behind this study published? It seems like it shouldn't be too much effort. After all, the study is already published, so the code can't be changed. thanks, Rob On Thu, Jul 18, 2019 at 10:42 PM Kevin Borgolte wrote: > > > This paper looks interesting. Is the softwa

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

I wrote: >In Section 4.4, the client IP is added to the hash in the creation of the >server cookie. Ah, never mind, that is already in RFC 7873. So a client that wants to (re-)use a server cookie needs to know the source address it previously used to communicate with the server. So if the client

Re: [DNSOP] [TOOLS-DEVELOPMENT] tools issue? was Re: I-D Action: draft-ietf-dnsop-server-cookies-00.txt

On Mon, 9 Sep 2019, Robert Sparks wrote: At https://tools.ietf.org/html/draft-ietf-dnsop-server-cookies-00, I see Versions: (draft-sury-toorop-dnsop-server-cookies) 00 Funny :P Some{thing|one} fixed it. It now shows up properly. Paul ___ DNSOP ma

Re: [DNSOP] [TOOLS-DEVELOPMENT] tools issue? was Re: I-D Action: draft-ietf-dnsop-server-cookies-00.txt

Hi Paul - At https://tools.ietf.org/html/draft-ietf-dnsop-server-cookies-00, I see Versions: (draft-sury-toorop-dnsop-server-cookies ) 00 RjS On 9/9/19 11:29

Re: [DNSOP] [TOOLS-DEVELOPMENT] tools issue? was Re: I-D Action: draft-ietf-dnsop-server-cookies-00.txt

> On Sep 9, 2019, at 12:29 PM, Paul Wouters wrote: > > On Mon, 9 Sep 2019, Robert Sparks wrote: > >> This looks correct to me both on the datatracker and at tools.ietf.org. >> >> If there's still something that's not right, please bring focus to it. > > https://tools.ietf.org/html/draft-ietf

Re: [DNSOP] [TOOLS-DEVELOPMENT] tools issue? was Re: I-D Action: draft-ietf-dnsop-server-cookies-00.txt

On Mon, 9 Sep 2019, Robert Sparks wrote: This looks correct to me both on the datatracker and at tools.ietf.org. If there's still something that's not right, please bring focus to it. https://tools.ietf.org/html/draft-ietf-dnsop-server-cookies-00 In the top bar, there is no mention of the pr

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

>When implementing DNS Cookies, several DNS vendors found that >impractical as the Client Cookie is typically computed before the Client >IP address is known. Therefore, the requirement to put Client IP address >as input to was removed, In Section 4.4, the client IP is added to the hash in the cr

Re: [DNSOP] [TOOLS-DEVELOPMENT] tools issue? was Re: I-D Action: draft-ietf-dnsop-server-cookies-00.txt

This looks correct to me both on the datatracker and at tools.ietf.org. If there's still something that's not right, please bring focus to it. RjS On 9/9/19 9:19 AM, Russ Housley wrote: Paul: The replaces and replaced-by information comes from the submitter. In this case: Set submi

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

>This is true. Including the Client IP in constructing the Client Cookie >was intended to deal with this, but this operation is impractical with >UDP; expensive at best and not suitable for high volume recursive to >authoritative traffic. > >We could recommend it for stub to recursive traffic, for

Re: [DNSOP] [TOOLS-DEVELOPMENT] tools issue? was Re: I-D Action: draft-ietf-dnsop-server-cookies-00.txt

Paul: The replaces and replaced-by information comes from the submitter. In this case: Set submitter to "Willem Toorop ", replaces to draft-sury-toorop-dnsop-server-cookies, draft-eastlake-dnsop-server-cookies >> Oh, sorry. I indicated that it replaced the previous draft (and >> Don

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

On 09-09-19 15:45, Philip Homburg wrote: > In your letter dated Mon, 9 Sep 2019 14:13:01 +0200 you wrote: >> When implementing DNS Cookies, several DNS vendors found that >> impractical as the Client Cookie is typically computed before the Client >> IP address is known. Therefore, the requirement t

[DNSOP] tools issue? was Re: I-D Action: draft-ietf-dnsop-server-cookies-00.txt

On Mon, 9 Sep 2019, Willem Toorop wrote: No, Client IP is still included in *Server* Cookie generation, just not in Client Cookie construction. So the re-user from different network protection is still there. Ohh, I misunderstood that. Perhaps note this down in the to be Security Section :)

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

On 09-09-19 14:52, Paul Wouters wrote: > On Mon, 9 Sep 2019, Willem Toorop wrote: > >> The only change since the previous version (i.e. >> draft-sury-toorop-dnsop-server-cookies-00) is that we no longer >> recommend to include the Client IP address with constructing client >> cookies: >> >> When i

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

In your letter dated Mon, 9 Sep 2019 14:13:01 +0200 you wrote: >When implementing DNS Cookies, several DNS vendors found that >impractical as the Client Cookie is typically computed before the Client >IP address is known. Therefore, the requirement to put Client IP address >as input to was removed,

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

On Mon, 9 Sep 2019, Willem Toorop wrote: The only change since the previous version (i.e. draft-sury-toorop-dnsop-server-cookies-00) is that we no longer recommend to include the Client IP address with constructing client cookies: When implementing DNS Cookies, several DNS vendors found that im

Re: [DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

Hi All, The only change since the previous version (i.e. draft-sury-toorop-dnsop-server-cookies-00) is that we no longer recommend to include the Client IP address with constructing client cookies: When implementing DNS Cookies, several DNS vendors found that impractical as the Client Cookie is t

[DNSOP] I-D Action: draft-ietf-dnsop-server-cookies-00.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : Interoperable Domain Name System (DNS) Server Cookies Authors : Ondrej Sury

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-01.txt

This is a not uncommon problem in 'make this protocol work in future' spec. It could say "for version ZERO of this protocol" and then say "future versions of this protocol should stipulate what other values mean, and how this affects handling of all-zeros state, and other states" Saying "must not

Re: [DNSOP] I-D Action: draft-ietf-dnsop-dns-zone-digest-01.txt

Duane, On 2019-09-06 02:01, Wessels, Duane wrote: With this version the authors feel that it is ready for working group last call. Sorry for a late comment, but I decided to give this one thorough last read-through. I'm a little concerned that the way the Reserved field is described may m