Telechat Review of draft-ietf-dnsop-avoid-fragmentation-16
review-ietf-dnsop-avoid-fragmentation-16-artart-telechat-leiba-2023-12-29-00
review-ietf-dnsop-avoid-fragmentation-16-artart-telechat-leiba-2023-12-29-00
Thanks for addressing most comments from my earlier review. One remains, and I didn’t see an email response about it, so I don’t know whether there was a reason not to make a change or if it just got overlooked: — Section 7.2 — If a UDP response packet is dropped (for any reason), it increases the attack window for poisoning the requestor's cache. But Section 3.2 says this: R7. UDP requestors MAY drop fragmented DNS/UDP responses without IP reassembly to avoid cache poisoning attacks. …which seems to be contradictory. Can you clarify this apparent contradiction in one place or both?