On 01. 12. 25 18:09, John Levine wrote:
It appears that Philip Homburg <[email protected]> said:
The discussion in this thread is the first step in a pattern. Operational
feedback comes in and is dismissed. Some people don't like it, so there is no
consensus and nothing will change.
I don't see how that follows. If we do nothing, resolvers will have to check
for
keytag collisions, and stop after 2 or 3 collisions. If we make this change,
resolvers
will still have to check for collisions, and perhaps at some time in the future
they
can stop after 1 collision. This strikes me as a great deal of effort for a
trivial
code change in resolvers, potentially requiring a lot of work by people whose
DNS
setups are more complex than one host with a script that generates the keys.
I don't think 'will have to' is the right term. As people already
pointed out in this thread, there is no protocol police. RFC compliance
is voluntary. If implementations jointly conclude some RFC behavior is
not workable anymore they will simply not do it.
If WG constantly refuses to take in implementation feedback RFCs will
become less and less relevant because the text will not match reality
anymore.
FTR this is what is constantly happening in the background for the last
~ three years with all the CVEs we had to handle. KeyTrap is one
example, but there was many more.
On the other hand, I think it would be a fine idea to better document all of the
ways that resolvers need to have limits to avoid accidental or deliberate DoS.
I'm confused. Are you saying a document which describes more limits in
the text, and says 'permissible collisions = 0' would have been okay,
but a different document which would have had _only_ this limit not
acceptable?
--
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
