Hi Tony,
At 14:11 03-05-2013, Tony Hain wrote:
See the thread about Re: call for ideas: tail-heavy IETF process for
discussion about wider review at an earlier point in the process. Also, just
because there is a discussion on issue-tracker does not mean the document is
'high quality'. If there is an explicit trade-off being made, the main
document needs to address that directly so subsequent reviewers and
implementers know what and why.
Yes.
I have not followed this discussion, but my cursory read of the tracker
ticket shows the WG blew off the issue by claiming that historical
unsophisticated attacks can be easily thwarted, while completely ignoring
the case where the target domains exist. Aborting an amplification attack on
failures does not do anything about the case where an attacker goes to the
trouble to make sure all the quires will return valid answers. Either the
issue-tracker discussion is inadequate, or this is exactly the kind of thing
that adds excess delay and workload to the IESG review process.
It seems that the above is related to Issue #24 [1]. I posted a
rough summary of the initial discussion [2]. I took a look at the
IETF 83 minutes and I found "DNS amplification attacks" [3]
mentioned. There was a message from Andrew Sullivan [4].
A working group may decide to blow off the issue if it wants. The
issue can be listed in the write-up.
Regards,
S. Moonesamy
1. http://www.ietf.org/mail-archive/web/spfbis/current/msg00906.html
2. http://www.ietf.org/mail-archive/web/spfbis/current/msg00847.html
3. http://www.ietf.org/proceedings/83/minutes/minutes-83-spfbis.txt
4. http://www.ietf.org/mail-archive/web/spfbis/current/msg00944.html