Telechat Review of draft-ietf-dnsop-avoid-fragmentation-16
review-ietf-dnsop-avoid-fragmentation-16-artart-telechat-leiba-2023-12-29-00

Request Review of draft-ietf-dnsop-avoid-fragmentation
Requested revision No specific revision (document currently at 17)
Type Telechat Review
Team ART Area Review Team (artart)
Deadline 2024-01-02
Requested 2023-12-19
Authors Kazunori Fujiwara , Paul A. Vixie
I-D last updated 2023-12-29
Completed reviews Dnsdir Telechat review of -16 by Vladimír Čunát (diff)
Artart Telechat review of -16 by Barry Leiba (diff)
Secdir Telechat review of -16 by Donald E. Eastlake 3rd (diff)
Dnsdir Last Call review of -15 by Vladimír Čunát (diff)
Artart Last Call review of -15 by Barry Leiba (diff)
Tsvart Last Call review of -15 by Mirja Kühlewind (diff)
Dnsdir Last Call review of -13 by Vladimír Čunát (diff)
Secdir Last Call review of -15 by Donald E. Eastlake 3rd (diff)
Genart Last Call review of -15 by Christer Holmberg (diff)
Assignment Reviewer Barry Leiba
State Completed
Request Telechat review on draft-ietf-dnsop-avoid-fragmentation by ART Area Review Team Assigned
Posted at https://mailarchive.ietf.org/arch/msg/art/m3YCKxmXozHi8YmEmhtXjYv3XcY
Reviewed revision 16 (document currently at 17)
Result Ready w/nits
Completed 2023-12-29
review-ietf-dnsop-avoid-fragmentation-16-artart-telechat-leiba-2023-12-29-00
Thanks for addressing most comments from my earlier review.  One remains, and I
didn’t see an email response about it, so I don’t know whether there was a
reason not to make a change or if it just got overlooked:

— Section 7.2 —

   If a UDP response packet is dropped (for any reason), it increases
   the attack window for poisoning the requestor's cache.

But Section 3.2 says this:

   R7.  UDP requestors MAY drop fragmented DNS/UDP responses without IP
   reassembly to avoid cache poisoning attacks.

…which seems to be contradictory.  Can you clarify this apparent contradiction
in one place or both?