Hi, thanks for the review! [draft-ietf-alto-xdom-disc-04] On Wed, Nov 28, 2018 at 07:07:02PM -0800, Liang Xia wrote: > Reviewer: Liang Xia > Review result: Ready > In general, this draft is in good shape, including the security > considerations part. > > I just have some general comments or confusions for discussion as below: > > 1. I don't see the content about the authorization policy for alto server > information distribution, is it necessary? Sorry, I'm not completely sure what that question means. In section 6.3 we state that in all use cases we have studied so far, the mapping from an IP address to the URI of an ALTO server (that can give information related to that IP address) is public information. Therefore, we do not need authentication/authorization/access control for the XDOM procedure as such. Once the URI is discovered and the ALTO client has sent a query to the ALTO server, the ALTO server may do some kind of access control and refuse to return information to the ALTO client. Or is it about an ISP that puts the wrong NAPTR records into their subdomain of in-addr.arpa., thus pointing to the wrong (sombody else's) ALTO server? That would cause some extra load on that other ALTO server, but the ISP would hurt himself most, as traffic distribution in his network could become worse and/or more unpredictable. If I completely missed your point, please clarify. > 2. If the replied alto server > information message is much larger than the request message, the attack can > trigger the reflection DDoS attack using it. Does it need to be considered? The replies with NAPTR records are somewhat larger than the queries, but so are the replies with PTR records in the "normal" usage scenario for in-addr.arpa. I don't think that XDOM will make the current situation much worse. How could we analyze this in more detail? Thanks Sebastian
