W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

(DNS) consensus wording resolution.

From: <jg@w3.org>
Date: Mon, 08 Apr 96 11:40:27 -0400
Message-Id: <9604081540.AA07781@zorch.w3.org>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Koen Holtman and Dave Morris have expressed concerns about the
requirement being mandantory (Must vs. should), and proposed an
alternate based on a arbitrary timeout (with no defense as to how
that timeout might be chosen), believing that the implementation
is difficult.

I talked to both Don Eastlake (Mr. DNS security) and Paul Vixie (Mr. Bind),
about the implementation difficulty and the MUST issue.  Don's comment
was that this requirement "should be a MUST".  Paul also believed this should
be a MUST, and that the implementation effort to do a DNS query to
get the TTL was "60 lines of code" (I'm not sure I believe this number,
but it is clearly not a large amount of coding effort, though it may
be more effort in terms of learning about DNS). 

Those who I believe I have data on include:
	MUST		Should
Jim Gettys		Koen Holtman
Paul Leach		Dave Morris
Paul Vixie		Anawat Chankhunthod
Don Eastlake
Maurizio Codogno
Phill Hallam-Baker
Henryk Frystyk

Let me know if I am mis-representing your opinion.

Given that:
	o the current usage of DNS by many web clients is violating
		mandantory parts of the DNS specification,
	o the Web now represents the bulk of the network traffic and DNS lookups,
	o the implementation difficulty does not look too large,
	o the opinions of those most familiar with DNS both agree 
		this should be a MUST,
	o that several people are already implementing code to perform
		this function that will become publically availabile, 
	o clear majority believe this should be a mandantory requirement,
I am proceeding with incorporating the requirement as previously circulated.
			- Jim

====================

Section 14 (new subsection to Security Considerations):

DNS Spoofing
------------

Clients using HTTP rely heavily on the Domain Name Service, and are
thus generally prone to security attacks based on the deliberate
mis-association of IP addresses and DNS names.  The deployment of
DNSSEC[DNSSEC] should help this situation.  In advance of this deployment,
however, clients need to be cautious in assuming the continuing
validity of an IP number/DNS name association.

In particular, HTTP clients should rely on their name resolver for
confirmation of an IP number/DNS name association, rather than caching
the result of previous host name lookups.  Many platforms already can
cache host name lookups locally when appropriate, and they should be
configured to do so.  These lookups should be cached, however, only
when the TTL (Time To Live) information reported by the name server
makes it likely that the cached information will remain useful.

If HTTP clients cache the results of a host name lookups in order to
achieve a performance improvement, they MUST observe the TTL
information reported by DNS.

If HTTP clients do not observe this rule, they could be spoofed when a
previously-accessed server's IP address changes.  As renumbering is
expected to become increasingly common [RFC 1900], the possibility of
this form of attack will grow.  Observing this requirement thus
reduces this potential security vulnerability.

This requirement also improves the load-balancing behavior of clients
for replicated servers using the same DNS name and reduces the
likelihood of a user's experiencing failure in accessing sites which
use that strategy.


Addition to 16. References:
[dnssec]	Whatever is appropriate; it is up for a vote at the IESG this
		month, and may be issued as an RFC in time.
[RFC 1900]
B. Carpenter, Y. Rekhter,
<a href="http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1900.txt">
Renumbering Needs Work</a>. RFC 1900, IAB, February 1996.
Received on Monday, 8 April 1996 11:06:24 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:50 EDT