Re: [Last-Call] [Add] [EXTERNAL] Re: Artart last call review of draft-ietf-add-ddr-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Il 30/06/2022 19:24 Tommy Jensen <jensen.thomas=40microsoft.com@xxxxxxxxxxxxxx> ha scritto:


Hey Vittorio,


>each implementation will define on its own what constitutes "some sort of validation" to an acceptable level


Agreed, client policy is out of DDR scope. See this text immediately preceding the text previously quoted: “A client MAY additionally use a discovered Designated Resolver without either of these methods, based on implementation-specific policy or user input. Details of such policy are out of scope of this document.”


The point being made by the MUST NOT is that if a client chooses to use a designation not validated by a mechanism defined in DDR, it is opting out of the security model provided by DDR and is therefore not a fully compliant DDR client. Resolvers which do not allow validation by DDR mechanisms should expect fully-DDR-compliant clients to fail to use their designations.

Well, this is not what the specification says. To quote the full text again:

"A client MAY additionally use a discovered Designated Resolver without either of these methods, based on implementation-specific policy or user input. Details of such policy are out of scope of this document. Clients SHOULD NOT automatically use a Designated Resolver without some sort of validation, such as the two methods defined in this document or a future mechanism."

Therefore, and even with MUST NOT, any client doing "some sort of validation", even if different from "the two methods defined in this document or a future mechanism", would be fully DDR compliant; "such as" only implies a non-exhaustive list of examples. On the other hand, there is nothing in the specification that prevents clients to be more restrictive than that and only accept some validation mechanisms (e.g. the two defined in the document) and not others. This would also be fully DDR compliant.

Exactly because policy is out of scope, a client will be compliant whatever its policy is.

-- 

Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
vittorio.bertola@xxxxxxxxxxxxxxxx 
Office @ Via Treviso 12, 10144 Torino, Italy
-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux