Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

To: Sam Hartman <hartmans-ietf at mit.edu>
Subject: Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
From: Andrew Newton <andy at hxr.us>
Date: Wed, 16 Aug 2006 12:07:06 -0400
Cc: ietf at ietf.org, iesg at ietf.org
In-reply-to: <tslwt99tkjq.fsf@cz.mit.edu>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <E1GCknR-0004hD-Jt@stiedprstage1.ietf.org> <tslwt99tkjq.fsf@cz.mit.edu>
User-agent: Thunderbird 1.5.0.5 (Windows/20060719)

Sam Hartman wrote:


I notice that this transport provides no authentication of the data
that is retrieved.

The security considerations needs to discuss the potential attacks if
an attacker modifies this public data.  The security considerations
section also needs to point to best practice for avoiding UDP
reflection attacks.  It is not good enough to say "Do what other
people do."

In both cases these may be included by reference.


Sam,

For the second case, you are referring to BCP 38, correct? This was mentioned on the wg list by William Leibzon, and should have been incorporated into the draft. Thanks for noting this.

For the first case, which reference were you thinking about?

-andy


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
  - From: Sam Hartman

References:
- Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
  - From: Sam Hartman

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.