[dns-operations] RRL specified in a stable place?
Andrew Sullivan
ajs at anvilwalrusden.com
Mon Feb 4 19:39:08 UTC 2013
On Mon, Feb 04, 2013 at 10:54:36AM -0800, Paul Hoffman wrote:
> We now have two implementation of response rate limiting (RRL). In order for it to be widely adopted, an Internet-Draft followed by an RFC would be Really Helpful.
>
What track do you expect this to go along? Is this a DNSOP draft?
Because the implementations are really just a way of using existing
parts of the specifications in creative ways. (They're also risky for
some operators. Consider that, if you spoof $ISP's resolver addresses
and perform one of these attacks, then $ISP gets at least degraded
service during the rate limit period. For most of us, that's probably
an acceptable trade off, but not for all operators unfortunately. So
it's not a panacea either, and certainly cannot be considered a BCP
for all use cases.)
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the dns-operations
mailing list