Algorithms for Domain Name System (DNS) Cookies construction
draft-sury-toorop-dns-cookies-algorithms-00

Document Type Replaced Internet-Draft (individual)
Last updated 2019-03-11
Replaced by draft-sury-toorop-dnsop-server-cookies
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-sury-toorop-dnsop-server-cookies
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-sury-toorop-dns-cookies-algorithms-00.txt

Abstract

[RFC7873] left the construction of Server Cookies to the discretion of the DNS Server (implementer) which has resulted in a gallimaufry of different implementations. As a result, DNS Cookies are impractical to deploy on multi-vendor anycast networks, because the Server Cookie constructed by one implementation cannot be validated by another. This document provides precise directions for creating Server Cookies to address this issue. Furthermore, [FNV] is obsoleted as a suitable Hash function for calculating DNS Cookies. [SipHash-2.4] is introduced as a new REQUIRED Hash function for calculating DNS Cookies. This document updates [RFC7873]

Authors

Ondřej Surý (ondrej@isc.org)
Willem Toorop (willem@nlnetlabs.nl)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)