Hi John! > -----Original Message----- > From: iesg <[email protected]> On Behalf Of John Scudder via Datatracker > Sent: Thursday, October 28, 2021 9:42 AM > To: The IESG <[email protected]> > Cc: [email protected]; [email protected]; dnsop- > [email protected]; [email protected] > Subject: John Scudder's No Objection on draft-ietf-dnsop-dns-tcp-requirements- > 13: (with COMMENT) > > John Scudder has entered the following ballot position for > draft-ietf-dnsop-dns-tcp-requirements-13: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/blog/handling-iesg-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-tcp-requirements/ > > > > ---------------------------------------------------------------------- > COMMENT: > ----------------------------------------------------------------------
[snip] > 3. Section 6 says applications should perform “full TCP segment reassembly”. > What does that mean? A quick google search doesn’t suggest it’s a well-known > term of art. I'm guessing that what you mean is that the applications should > capture (and log, etc) the bytestream that was segmented and transmitted by > TCP? I'll let the authors speak to this, but I think this means full TCP stream reassembly -- that is analyze, the reassembled stream, not the individual packets. There is a long history of evasion attacks in network security analysis tools when individual fragments/packets are analyzed instead of the reassembled streams. Roman _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
