IETF Logo Mail Archive

Re: [dns-privacy] I-D Action: draft-ietf-dprive-dns-over-tls-00.txt

Stephane Bortzmeyer <bortzmeyer@nic.fr> Mon, 21 September 2015 14:48 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A54921B325A for <dns-privacy@ietfa.amsl.com>; Mon, 21 Sep 2015 07:48:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.56
X-Spam-Level:
X-Spam-Status: No, score=-1.56 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5rsLm20aOp3Q for <dns-privacy@ietfa.amsl.com>; Mon, 21 Sep 2015 07:48:45 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A0171B3259 for <dns-privacy@ietf.org>; Mon, 21 Sep 2015 07:48:45 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id ECF49285BBD; Mon, 21 Sep 2015 16:48:42 +0200 (CEST)
Received: from relay2.nic.fr (relay2.nic.fr [192.134.4.163]) by mx4.nic.fr (Postfix) with ESMTP id E760F285BBB; Mon, 21 Sep 2015 16:48:42 +0200 (CEST)
Received: from bortzmeyer.nic.fr (unknown [IPv6:2001:67c:1348:7::86:133]) by relay2.nic.fr (Postfix) with ESMTP id E54F7B38025; Mon, 21 Sep 2015 16:48:12 +0200 (CEST)
Date: Mon, 21 Sep 2015 16:48:12 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Warren Kumari <warren@kumari.net>
Message-ID: <20150921144812.GA24170@nic.fr>
References: <20150918202150.7868.46636.idtracker@ietfa.amsl.com> <ED605611-C613-415B-B46A-C31CDA693218@verisign.com> <CAHw9_iLGk+qowdAHd9rea9jdDwQ0mmyHghDs_z6VY=+ZV2JM-g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAHw9_iLGk+qowdAHd9rea9jdDwQ0mmyHghDs_z6VY=+ZV2JM-g@mail.gmail.com>
X-Operating-System: Debian GNU/Linux 8.2
X-Kernel: Linux 3.16.0-4-686-pae i686
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/FGofF8JBv-WM86iasrqf1mCyE2w>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>, "Wessels, Duane" <dwessels@verisign.com>
Subject: Re: [dns-privacy] I-D Action: draft-ietf-dprive-dns-over-tls-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2015 14:48:46 -0000

On Fri, Sep 18, 2015 at 05:03:58PM -0400,
 Warren Kumari <warren@kumari.net> wrote 
 a message of 97 lines which said:

> We would appreciate it if the WG could do a careful review of this
> document and point out the issues, inconsistencies, errors and
> omissions.

I did not find a serious problem. I have one question and one
criticism.

> Since pipelined responses can arrive out-of-order, clients MUST
> match responses to outstanding queries using the ID field and port
> number.

I do not understand how this works. All replies on a given TCP
connection will have the same source port (the new well-known port)
and the same destination port (the one used to open the TCP
connection). So, how do you use the port number for demultiplexing?
Why not using the QNAME instead? (The query ID may be unsufficient if
there are a lot of outstanding queries + the birthday paradox.)

> For DNS clients that use library functions such as
> "gethostbyname()",

This was replaced by a better function in RFC 2133, in 1997...

v2.41.0 | Report a Bug | By Email | System Status