On Thu, Nov 5, 2015 at 11:06 PM, Tim Wicinski <[email protected]> wrote:
> > During the meeting, it appears that this draft is ready for Working Group > Last Call, with one item looking for direction from the working group. > > This starts a Working Group Last Call for > draft-ietf-dnsop-dnssec-roadblock-avoidance > > Current versions of the draft is available here: > > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-roadblock-avoidance/ > > Please review the draft and offer relevant comments. Also, if someone > feels the document is *not* ready for publication, please speak out with > your reasons. > > Because of the issue that needs to be addressed, we’re going to run a four > week Working Group Last Call process. > > The process ends on 5 December 2015. > > In "3.1.1. Supports UDP answers", in the last paragraph, I would also accept a UDP response that had "TC=1", which could occur if the server (using RRL) is under attack with spoofed addresses similar to this client. Perhaps there are other conditions where a resolver will only answer UDP queries with cookies or DTLS or other anti-spoofing assurances, that should also be considered. Also, is there a way for a resolver to indicate that it only responds to TCP queries, and is that acceptable?
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
