IETF Logo Mail Archive

Re: [Add] New Version Notification for draft-pauly-add-resolver-discovery-01.txt

Ted Lemon <mellon@fugue.com> Tue, 28 July 2020 14:13 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DC5A3A0CB5 for <add@ietfa.amsl.com>; Tue, 28 Jul 2020 07:13:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AYHYTQC0zJkX for <add@ietfa.amsl.com>; Tue, 28 Jul 2020 07:13:24 -0700 (PDT)
Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57A9E3A0CB3 for <add@ietf.org>; Tue, 28 Jul 2020 07:13:24 -0700 (PDT)
Received: by mail-qv1-xf36.google.com with SMTP id u8so9136340qvj.12 for <add@ietf.org>; Tue, 28 Jul 2020 07:13:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=geRKV65H2HKVk0qcCS8Dvw6a1BXzECIDQF6IJvgyAGI=; b=FKhzquOgzsNv6p62n4giINPYw2YxTU3gjpQiH+C4GInUPlq4522Gul6PCNBNSARdgS WHhFGDRsBlLDloHbZ+LoGiGcbpKdL3e+Oxp3kZ4bYacpKLnwyULduSx0Nakf9gDmwX4c jZ31+DvgGEMTZqNUiMvAnL38SQPGu3T02BmaIaHS7V35swiyViJUQ3e6QfM/1Oo2Trv/ LGVOAybsKzQAXHek2ciWwIdBlf2x3zsZZTJ1mDFxg/201sFEUy3wiJ1JUj/uxl2yE4R3 rpYFWWsJx6Z7fevnNEYOyZZauTRsBcDg14zbaBPViOSywkE/qHG2R3ZZ1euNdIio8lHI C9Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=geRKV65H2HKVk0qcCS8Dvw6a1BXzECIDQF6IJvgyAGI=; b=AvSqvj8/4BJhXNsTbC7e5NA6cEqlyYryXiUSiLwQsEbajtjwRIf5xNSB503jVddsCm EuFQ2qJ2KhIONNV8kLs0jnhQ3yDDGF+Jleclc79L+LSR96+Wx+Wzi+EY66xdqErKa8CK cwn3DR1heWVV+O6dXMqRelven5YOzx/1MhXfhg/CUYid+N97ACdTFaIlGG1CyAd28o4p 9TUgtSX/QH/OTVItgYv3L8F3hELUpaULZ5Dro4sf7lF52Xn6fyF7PiXMNnZJ7DcgoM+V phs4oDFHsiepWy3NbMF7WkZVfCSv9DMCA6THajWAQHLt1lX/He2HEZqSeNqUeEKa5S7j hCwA==
X-Gm-Message-State: AOAM531nTh6QTjula2jpyHfXmDF4vw8BAc2X21CHb5BJd0e3jXfE9Trj MjW4/l+fUafnk1iyvp1AyRgxv1H+W6I=
X-Google-Smtp-Source: ABdhPJzmM57fBy50TYsvHAE53AeUblEMl9M3QXOUAi9IuFkhN+ys8ujGmD1EtAn3yDZVQSN+2KxVLg==
X-Received: by 2002:ad4:49b4:: with SMTP id u20mr24614988qvx.73.1595945603335; Tue, 28 Jul 2020 07:13:23 -0700 (PDT)
Received: from ?IPv6:2601:18b:300:36ee:ddf1:72ea:9d69:1b4a? ([2601:18b:300:36ee:ddf1:72ea:9d69:1b4a]) by smtp.gmail.com with ESMTPSA id a3sm22213450qkf.131.2020.07.28.07.13.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 Jul 2020 07:13:22 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <45F2A448-4248-4C14-AA0B-ECBB34FF3AE4@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_D9965C79-6DAA-4B63-BC0C-0EDF852BF349"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
Date: Tue, 28 Jul 2020 10:13:20 -0400
In-Reply-To: <20200728134948.GA24673@nic.fr>
Cc: Paul Vixie <paul@redbarn.org>, add@ietf.org
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
References: <159467169252.16945.8450259386577181707@ietfa.amsl.com> <2354125.1eku6JS2IN@linux-9daj> <11B0750C-EDDE-4956-B6FF-B20BA2E81C2E@fugue.com> <31921523.VjnSb2Omm3@linux-9daj> <20200728134948.GA24673@nic.fr>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/oDeAZiGxY5tIRUegLyyHkcYLohM>
Subject: Re: [Add] New Version Notification for draft-pauly-add-resolver-discovery-01.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2020 14:13:26 -0000

On Jul 28, 2020, at 9:49 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
> We already have it, it seems, with draft-ietf-dnsop-extended-error,
> which is approved and in the RFC Editor queue (state RFC-EDITOR).

This works if the DoH server that sends the error response is the intended server. However, it doesn’t work when the network is blocking the connection to an off-network DoH server. For that I think you need a TLS alert.

On Jul 28, 2020, at 10:02 AM, Vittorio Bertola <vittorio.bertola@open-xchange.com> wrote:
> 
> What is still missing is a standard way for the resolver to communicate a URL to the client in the response, so that the client (if it wants) can use it to retrieve and display a human-readable error message.

That would be an attack surface—now I can intercept your connection and send you to a malware URL (or snooping URL, or whatever). And again would only work if the DoH server sending the response is the one with which the device connecting to it intended to communicate.

v2.23.0 | Report a Bug | By Email