Re: [DNSOP] DNS Grease?
Yep, we are in a much better position than we were in 2019. Most failures are well < 1% when talking to authoritative servers. Broken firewall defaults have been fixed and mostly deployed. > On 27 Feb 2024, at 16:41, George Michaelson wrote: > > so yet again, I voice things which show my ignorance, not yours. I > thank you for the gentle clue-stick hit, it was educational. > > -G > > On Tue, Feb 27, 2024 at 12:24 PM Shumon Huque wrote: >> >> On Tue, Feb 27, 2024 at 12:01 AM Mark Andrews wrote: >>> >>> On 27 Feb 2024, at 15:53, George Michaelson wrote: Not in any way to stop this specific draft, I wonder if this is a more general principle of exercising code points which are not marked "never to be used" and should also be raised cross-area, or in another place? Maybe the best path is to get this proved here, and then embrace-extend. >>> >>> Sure there are a lot of places where this should be done. This is going >>> to cover DNS. >> >> >> Yup, and although Mark and I have been mulling this for DNS for a number >> of years now, the general principle has also been discussed elsewhere (see >> the references to greasing) and RFC 8701 describes greasing for TLS. >> >> We should track that work too, but this draft can focus on the DNS use case. >> >> Shumon. >> -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Grease?
so yet again, I voice things which show my ignorance, not yours. I thank you for the gentle clue-stick hit, it was educational. -G On Tue, Feb 27, 2024 at 12:24 PM Shumon Huque wrote: > > On Tue, Feb 27, 2024 at 12:01 AM Mark Andrews wrote: >> >> >> > On 27 Feb 2024, at 15:53, George Michaelson wrote: >> > >> > Not in any way to stop this specific draft, I wonder if this is a more >> > general principle of exercising code points which are not marked >> > "never to be used" and should also be raised cross-area, or in another >> > place? >> > >> > Maybe the best path is to get this proved here, and then embrace-extend. >> >> Sure there are a lot of places where this should be done. This is going >> to cover DNS. > > > Yup, and although Mark and I have been mulling this for DNS for a number > of years now, the general principle has also been discussed elsewhere (see > the references to greasing) and RFC 8701 describes greasing for TLS. > > We should track that work too, but this draft can focus on the DNS use case. > > Shumon. > ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Grease?
On Tue, Feb 27, 2024 at 12:01 AM Mark Andrews wrote: > > > On 27 Feb 2024, at 15:53, George Michaelson wrote: > > > > Not in any way to stop this specific draft, I wonder if this is a more > > general principle of exercising code points which are not marked > > "never to be used" and should also be raised cross-area, or in another > > place? > > > > Maybe the best path is to get this proved here, and then embrace-extend. > > Sure there are a lot of places where this should be done. This is going > to cover DNS. > Yup, and although Mark and I have been mulling this for DNS for a number of years now, the general principle has also been discussed elsewhere (see the references to greasing) and RFC 8701 describes greasing for TLS. We should track that work too, but this draft can focus on the DNS use case. Shumon. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Grease?
> On 27 Feb 2024, at 15:53, George Michaelson wrote: > > Not in any way to stop this specific draft, I wonder if this is a more > general principle of exercising code points which are not marked > "never to be used" and should also be raised cross-area, or in another > place? > > Maybe the best path is to get this proved here, and then embrace-extend. Sure there are a lot of places where this should be done. This is going to cover DNS. > I tend not to what-if the downsides, but I can imagine there would be > an initially high rate of failure which causes log flows, threat > analysis feeds and some consequent damage. That would have to be a > "lesson learned" and then we pass through to a better understanding of > which bits in a header are mutable and should not be tested as fixed > value fields. Ednscomp.isc.org, as is mentioned in the draft, has been testing this for years now. You don’t need to speculate. You can go view the behaviour patterns. > Nice, small draft. > > -G > On Tue, Feb 27, 2024 at 10:29 AM Shumon Huque wrote: >> >> Hi folks, >> >> Mark Andrews and I have submitted a new draft on 'Greasing Protocol >> Extension Points in the DNS'. >> >>https://www.ietf.org/archive/id/draft-huque-dnsop-grease-00.html >> >>(datatracker link: >> https://datatracker.ietf.org/doc/draft-huque-dnsop-grease/ ) >> >> We'd like to see if there is interest in working on this. On list and >> in-person (IETF119/Brisbane) discussion welcome. >> >> Shumon (and Mark). >> >> ___ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] DNS Grease?
Not in any way to stop this specific draft, I wonder if this is a more general principle of exercising code points which are not marked "never to be used" and should also be raised cross-area, or in another place? Maybe the best path is to get this proved here, and then embrace-extend. I tend not to what-if the downsides, but I can imagine there would be an initially high rate of failure which causes log flows, threat analysis feeds and some consequent damage. That would have to be a "lesson learned" and then we pass through to a better understanding of which bits in a header are mutable and should not be tested as fixed value fields. Nice, small draft. -G On Tue, Feb 27, 2024 at 10:29 AM Shumon Huque wrote: > > Hi folks, > > Mark Andrews and I have submitted a new draft on 'Greasing Protocol Extension > Points in the DNS'. > > https://www.ietf.org/archive/id/draft-huque-dnsop-grease-00.html > > (datatracker link: > https://datatracker.ietf.org/doc/draft-huque-dnsop-grease/ ) > > We'd like to see if there is interest in working on this. On list and > in-person (IETF119/Brisbane) discussion welcome. > > Shumon (and Mark). > > ___ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
[DNSOP] DNS Grease?
Hi folks, Mark Andrews and I have submitted a new draft on 'Greasing Protocol Extension Points in the DNS'. https://www.ietf.org/archive/id/draft-huque-dnsop-grease-00.html (datatracker link: https://datatracker.ietf.org/doc/draft-huque-dnsop-grease/ ) We'd like to see if there is interest in working on this. On list and in-person (IETF119/Brisbane) discussion welcome. Shumon (and Mark). ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] IETF 119 Call for Agenda Items DNSOP WG
Dear WG, Just a friendly reminder to submit your request for agenda time for the upcoming DNSOP WG meeting at IETF 119. For instructions on requesting a time slot during one of the sessions, please refer to the email below. The DNSOP WG has two sessions scheduled as follows: - Monday, March 18th, from 15:30 to 17:00 AEST (5:30-7:00 UTC) - Friday, March 22nd, from 15:00 to 16:30 AEST (5:00-6:30 UTC) The deadline for draft submissions is next Monday, March 4th, 2024. Best regards, Suzanne Tim Benno On 09/02/2024 15:38, Benno Overeinder wrote: Dear WG, This is a Call for Agenda Items for the IETF 119 in Brisbane, Australia. DNSOP has requested two sessions for the IETF 119 so that we have sufficient time to discuss individual drafts. The allocation of two sessions is yet to be confirmed and the preliminary IETF119 agenda will be published next week, 16 February. Please email the chairs with your requests. *Or* drop us a pull request https://github.com/ietf-wg-dnsop/wg-materials/tree/main/dnsop-ietf119 look for dnsop-ietf119-agenda-requests.md. Please Note: Draft Submission Deadline is Monday 3 March 2024. See https://datatracker.ietf.org/meeting/important-dates/: 2024-03-04 Monday Internet-Draft submission cut-off (for all Internet-Drafts, including -00) by UTC 23:59. Upload using the I-D Submission Tool https://datatracker.ietf.org/submit/. Thanks, Suzanne Tim Benno ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop