<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span style="color: rgb(34, 34, 34); font-family: arial; background-color: rgb(255, 255, 255);">Over and above any other DNS record that already exists...</span><div style="color: rgb(34, 34, 34); font-family: arial;"><br></div><div style="color: rgb(34, 34, 34); font-family: arial;">CAA records are much smaller than DNSSEC records. And the whole amplification attack meme is pretty silly since virtually all network hardware is going to find the overhead of packet processing much higher than payload processing. Sure there might be a DNS server that can saturate its output bandwidth, those certainly existed in the 1990s. But these days its actually quite rare.</div><div style="color: rgb(34, 34, 34); font-family: arial;"><br></div><div style="color: rgb(34, 34, 34); font-family: arial; font-size: small;"><br></div><div><div>On Jul 21, 2014, at 2:11 PM, Rick Andrews <<a href="mailto:Rick_Andrews@symantec.com">Rick_Andrews@symantec.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Siggy, how does the addition of a CAA record make DoS or DNS amplification attacks more problematic?<br><br>-----Original Message-----<br>From: Sigbjørn Vik [<a href="mailto:sigbjorn@opera.com">mailto:sigbjorn@opera.com</a>] <br>Sent: Monday, July 21, 2014 12:21 AM<br>To: Rick Andrews; Geoff Keating; Stephen Davidson<br>Cc: cabfpub<br>Subject: Re: [cabfpub] Pre-Ballot 125 - CAA Records<br><br>On 17-Jul-14 23:51, Rick Andrews wrote:> Siggy,<br><blockquote type="cite"><br>There are a number of Security Considerations in Section 6 of the CAA <br>RFC (_<a href="http://tools.ietf.org/html/rfc6844#page-13_">http://tools.ietf.org/html/rfc6844#page-13_</a>) which detail <br>possible abuse.<br></blockquote><br>I don't see DoS or DNS amplification listed there.<br><br>--<br>Sigbjørn Vik<br>Opera Software<br>_______________________________________________<br>Public mailing list<br><a href="mailto:Public@cabforum.org">Public@cabforum.org</a><br>https://cabforum.org/mailman/listinfo/public<br></blockquote></div><br></body></html>