Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

To: Sam Hartman <hartmans-ietf at mit.edu>
Subject: Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
From: Mark Townsley <townsley at cisco.com>
Date: Thu, 17 Aug 2006 10:41:43 +0200
Authentication-results: rtp-dkim-2.cisco.com; header.From=townsley@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: ietf at ietf.org, iesg at ietf.org
Dkim-signature: a=rsa-sha1; q=dns; l=1070; t=1155804109; x=1156668109; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=townsley@cisco.com; z=From:Mark=20Townsley=20<townsley@cisco.com> |Subject:Re=3A=20Last=20Call=3A=20'A=20Lightweight=20UDP=20Transfer=20Protocol=20 for=20the=20the=09Internet=0A=20Registry=20Information=20Service'=20to=20Pr oposed=20Standard=09(draft-ietf-crisp-iris-lwz) |To:Sam=20Hartman=20<hartmans-ietf@mit.edu>; X=v=3Dcisco.com=3B=20h=3DbuhAhONvC7wXjuWlkWakkq/h6SY=3D; b=jHm3QFX+KpM5w8F+iK8obCUkWelRtjIr3MMWJVAPqbZOevdSnmQLqzqsGoHmLJAt5i3YZYiC wFo+NBvMpq7/wuVR0ZxkpiDkq7wRAhdaPi/jhX67hJr1nktReJDrk3Ra;
In-reply-to: <tslwt99tkjq.fsf@cz.mit.edu>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <E1GCknR-0004hD-Jt@stiedprstage1.ietf.org> <tslwt99tkjq.fsf@cz.mit.edu>
User-agent: Thunderbird 1.5.0.5 (Macintosh/20060719)

Sam Hartman wrote:

I notice that this transport provides no authentication of the data
that is retrieved.

The security considerations needs to discuss the potential attacks if
an attacker modifies this public data.  The security considerations
section also needs to point to best practice for avoiding UDP
reflection attacks.  It is not good enough to say "Do what other
people do."

In both cases these may be included by reference.


I noticed this in the draft:

"   1.  If a request requires authentication, confidentiality, or other
       security, use another transfer protocol."

It seems to me that the intent is to not provide authentication here. This seems more fundamental than a fix by reference.

In a different vein, we have:

"  Its message exchange
  pattern is simple: a client sends a request in one UDP packet, and a
  server responds with an answer in one UDP packet."

I see no mention of what to do if the one UDP packet is lost. Resend? After how long? Exponentially backoff?

- Mark

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
  - From: Sam Hartman

References:
- Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)
  - From: Sam Hartman

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Last Call: 'A Lightweight UDP Transfer Protocol for the the Internet Registry Information Service' to Proposed Standard (draft-ietf-crisp-iris-lwz)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.