[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: section 3.2 of protocol draft

To: namedroppers <namedroppers@ops.ietf.org>
Subject: Re: section 3.2 of protocol draft
From: Jim Reid <jim@rfc1035.com>
Date: Mon, 08 Dec 2003 15:22:45 +0000
In-reply-to: Message from Miek Gieben <miekg@atoom.net> of "Mon, 08 Dec 2003 14:10:59 +0100." <20031208131059.GB20995@atoom.net>

>>>>> "Miek" == Miek Gieben <miekg@atoom.net> writes:

    >>    A security-aware recursive name server MUST NOT attempt
    >> to answer a query by piecing together cached data it
    >> received in response to previous queries that requested
    >> different QNAMEs, QTYPEs, or QCLASSes.  A security-aware
    >> recursive name server MUST NOT use NSEC RRs from one
    >> negative response to synthesize a response for a different
    >> query.  A security-aware recursive name server MUST NOT use
    >> a previous wildcard expansion to generate a response to a
    >> different query.

    Miek> I don't "get" the first sentence. does that really say:
    Miek> "don't use the cache"?  If i'm a cache and i've just
    Miek> validated a DNSKEY in response to another query, I cannot
    Miek> use that validated DNSKEY?

No, it doesn't say "don't use the cache". Well, not to this
mother-tongue English speaker anyway. It says "don't use cached data
to compose or fill out an answer to a query you've not resolved". I
think the intention here is to cover things like glue or partial
responses from an authoritative server. If the resolving server has
previously resolved and validated the glue or other stuff that might
be missing from the authoritative server's response, the resolving
server MUST NOT add these things to the reply it returns to its end
client. That's my interpretation of this bit of the draft.

Perhaps the language could be made less opaque?

    Miek> Further more, if this question is answered negatively (A
    Miek> cache can still be used), i'm wondering why is this put in a
    Miek> protocol draft? Isn't this bordering implementation details?

Some clarification is needed on when and how cached data can and
cannot be used. This is an implementation detail that will be critical
to how the protocol gets implemented. :-)

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: section 3.2 of protocol draft
  - From: Miek Gieben <miekg@atoom.net>

References:
- section 3.2 of protocol draft
  - From: Miek Gieben <miekg@atoom.net>

Prev by Date: Re: section 3.2 of protocol draft
Next by Date: Re: section 3.2 of protocol draft
Previous by thread: Re: section 3.2 of protocol draft
Next by thread: Re: section 3.2 of protocol draft
Index(es):
- Date
- Thread