On Thu, Mar 26, 2015 at 06:33:18PM -0500, Ted Lemon wrote: > > what we should say in the spec is "determinative, and > > non-information-leaking", and let implementers scratch their heads > > about how to do that. we should not try to invent it here, or specify > > it in an ietf document. > > I don't see how you can do that without maintaining state. So this may > be a nice general thing to specify, but is it a _good_ thing to specify?
"Determinate" is necessary, for reasons stated earlier. As long as the authority doesn't change the content of a node, the ANY response should stay the same. But if the node content does change (e.g., there's an A rrset that wasn't there before), then the ANY response may change, and I don't think we need to contort ourselves to prevent that. So IMHO it's not necessary to emphasize "non-information-leaking" with the same level of urgency, though it's desirable. It *might* be kinda vaguely desirable to offer guidance on the selection method to use, so that people get the same predictable ANY answers from BIND, NSD, etc. Otherwise, you could characterize it as an information leak if someone were running multiple implementations on different servers, and one of them returns AAAA and another one MX, etc. However, it can't possibly be any worse of a leak than merely running an old server that doesn't implement ANY minimization, so on balance I agree with Paul that it would be an overspecification. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
