Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

To: ietf at ietf.org
Subject: Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Tue, 15 Aug 2006 23:40:41 -0400
Cc: iesg at ietf.org
In-reply-to: <E1GCknR-0004hD-Jt@stiedprstage1.ietf.org> (The IESG's message of "Mon, 14 Aug 2006 18:20:33 -0400")
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <E1GCknR-0004hD-Jt@stiedprstage1.ietf.org>
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)


I notice that this transport provides no authentication of the data
that is retrieved.

The security considerations needs to discuss the potential attacks if
an attacker modifies this public data.  The security considerations
section also needs to point to best practice for avoiding UDP
reflection attacks.  It is not good enough to say "Do what other
people do."


In both cases these may be included by reference.


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
  - From: Mark Townsley
- Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
  - From: Andrew Newton

Prev by Date: RFP and BCP addition - receipt needs to be generated & RFC's that revise IETF process.
Next by Date: Re: RFC 4612 - historic status
Previous by thread: RFP and BCP addition - receipt needs to be generated & RFC's that revise IETF process.
Next by thread: Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.