Re: Last Call: draft-ietf-dnsop-reflectors-are-evil (Preventing Use of Recursive Nameservers in Reflector Attacks) to BCP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 02, 2007 at 12:40:31PM -0400,
 Sam Hartman <hartmans-ietf@xxxxxxx> wrote 
 a message of 17 lines which said:

> I'd appreciate it if you took Paul's comments a lot more seriously
> and looked at whether the dnsop view on this issue extends to other
> parts of the ietf.  To the extent that it does not, please engage in
> a discussion designed to build consensus rather than assertions that
> someone who disagrees with you is naive.

OK, since I agree with Joao Damas on this point, let me rephrase it
(again) without harsh words.

Everyone took Paul Hoffman's and John Klensin's comments
seriously. But these comments have a big flaw, they jump from the
(legitimate) use case to a specific (and bad) solution. John Klensin's
message wasted many bytes describing the (well known) problem instead
of trying to see if the current I-D properly describes the solutions.

Everyone agrees that there is a very real and very legitimate use case
for roaming users to *not* use the default DNS resolver of the current
access point (see RFC 4925, section 2.5.2 for a typical reason).

But suggesting ORNS (Open Recursive Name Servers) for the solution to
this issue is, indeed, a bad idea (do note I did not say the N word),
for the reasons explained in
draft-ietf-dnsop-reflectors-are-evil-04.txt (reflections attack).

There are other solutions to this issue and lists have already been
given in this thread *and* in the I-D we discuss. These solutions are
TSIG, local caching resolvers and VPN. May be there is an editorial
problem if they are not well explained but the I-D does completely
cover the issue of romaing users.




_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]