Re: [DNSOP] Asking for TCP and/or cookies: a trend? (Was: my lone hum against draft-wkumari-dnsop-multiple-responses

2016-07-22 Thread Paul Wouters
On Thu, 21 Jul 2016, Mukund Sivaraman wrote: On Thu, Jul 21, 2016 at 11:10:10AM -0400, Paul Wouters wrote: And I have been wondering if we should allow for a DNS padding in the query packet to ensure answer packets (over UDP) are going to be smaller then the query packet. And therefore prevents

Re: [DNSOP] Asking for TCP and/or cookies: a trend? (Was: my lone hum against draft-wkumari-dnsop-multiple-responses

2016-07-22 Thread Stephane Bortzmeyer
On Thu, Jul 21, 2016 at 11:10:10AM -0400, Paul Wouters wrote a message of 33 lines which said: > And I have been wondering if we should allow for a DNS padding in > the query packet to ensure answer packets (over UDP) are going to be > smaller then the query packet. And therefore prevents DDOS

Re: [DNSOP] Asking for TCP and/or cookies: a trend? (Was: my lone hum against draft-wkumari-dnsop-multiple-responses

2016-07-22 Thread Mukund Sivaraman
Hi Paul On Fri, Jul 22, 2016 at 06:45:16AM -0400, Paul Wouters wrote: > > DJB's curveCP comes to mind about how it prevents amplification for the > > initial handshake. > > some googling only finds marketing material, not a specification I can > read :P Here it is: http://curvecp.org/packets.htm

Re: [DNSOP] Asking for TCP and/or cookies: a trend? (Was: my lone hum against draft-wkumari-dnsop-multiple-responses

2016-07-22 Thread Mukund Sivaraman
On Fri, Jul 22, 2016 at 01:21:09PM +0200, Stephane Bortzmeyer wrote: > Funny, it has been proposed on this blog (French only) > two months ago > but I don't remember a discussion about this possibility on dnsop. I vaguely remembered mentioning i

Re: [DNSOP] I-D Action: draft-bellis-dnsop-session-signal-01.txt

2016-07-22 Thread Jan Komissar (jkomissa)
Hi, Here's my comments to version 1 of this draft. 3.1 Message Format I'm a little hesitant about going to the 4-octet header. Are we certain that most existing DNS servers will respond with NOTIMP rather than FORMERR upon receipt of a ses-sig message? Some servers may not even respond to packet

[DNSOP] Call for Adoption: draft-bellis-dnsop-session-signal

2016-07-22 Thread Tim Wicinski
I know we've just started talking about this, and the authors are still sorting out a few things, but the sense of the room we received was to adopt it, work on it, etc. It appears they have simplified it in the -01 version. This starts a Call for Adoption for draft-bellis-dnsop-session-signa

[DNSOP] Review of draft-ietf-dprive-dtls-and-tls-profiles-03

2016-07-22 Thread Paul Hoffman
This document seems ready for WG Last Call. The comments I have hear can be dealt with before or during WG Last Call. --Paul Hoffman = The following text from section 4.2 still seems wrong: Since Strict Privacy provides the strongest privacy guarantees it is preferable to Opportunist