(DNS) consensus wording from jg@w3.org on 1996-04-01 (ietf-http-wg@w3.org from April to June 1996)

From: <jg@w3.org>
Date: Mon, 01 Apr 96 12:40:21 -0500
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9604011740.AA31508@zorch.w3.org>
Ted Hardie redrafted my words on DNS.  I like his wording better than
mine.  I added a reference to DNSSEC, which should be issued later
this month.  

Koen Holtman and Dave Morris have expressed concerns about the
requirement being mandantory (Must vs. should), and proposed an
alternate based on a arbitrary timeout (with no defense as to how
that timeout might be chosen), believing that the implementation
is difficult..  Personally, I believe this
requirement not too hard to implement (given the discussion,
and the claim of Phil Hallam-Baker that he's implementing it.),
and believe the requirement should be "must".

However, I've not head much from those in support of the requirement.
(which is how the draft read, afterall; to first order, silence
was taken as agreement).
If you believe this requirement should be a "must" please send
me mail (privately, so we don't get a flurry of messages on the list).

If you believe it should be a "should", then please also send me mail.
If should, please also indicate how you would resolve the timeout
issue which results if the recommendation is not mandantory.
				- Jim Gettys



====================

Section 14 (new subsection to Security Considerations):

DNS Spoofing
------------

Clients using HTTP rely heavily on the Domain Name Service, and are
thus generally prone to security attacks based on the deliberate
mis-association of IP addresses and DNS names.  The deployment of
|DNSSEC[DNSSEC] should help this situation.  In advance of this deployment,
however, clients need to be cautious in assuming the continuing
validity of an IP number/DNS name association.

In particular, HTTP clients should rely on their name resolver for
confirmation of an IP number/DNS name association, rather than caching
the result of previous host name lookups.  Many platforms already can
cache host name lookups locally when appropriate, and they should be
configured to do so.  These lookups should be cached, however, only
when the TTL (Time To Live) information reported by the name server
makes it likely that the cached information will remain useful.

If HTTP clients cache the results of a host name lookups in order to
achieve a performance improvement, they MUST observe the TTL
information reported by the name server

If HTTP clients do not observe this rule, they could be spoofed when a
previously-accessed server's IP address changes.  As renumbering is
expected to become increasingly common [RFC 1900], the possibility of
this form of attack will grow.  Observing this requirement thus
reduces this potential security vulnerability.

This requirement also improves the load-balancing behavior of clients
for replicated servers using the same DNS name and reduces the
likelihood of a user's experiencing failure in accessing sites which
use that strategy.


Addition to 16. References:
[dnssec]	Whatever is appropriate; it is up for a vote at the IESG this
		month, and may be issued as an RFC in time.
[RFC 1900]
B. Carpenter, Y. Rekhter,
<a href="http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1900.txt">
Renumbering Needs Work</a>. RFC 1900, IAB, February 1996.
Received on Monday, 1 April 1996 09:45:38 UTC