Re: [auth48] AUTH48: RFC-to-be 9539 <draft-ietf-dprive-unilateral-probing-13> for your review
rfc-editor@rfc-editor.org Mon, 12 February 2024 19:54 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4A27C15108C; Mon, 12 Feb 2024 11:54:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.657
X-Spam-Level:
X-Spam-Status: No, score=-6.657 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CTE_8BIT_MISMATCH=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DqSYfCpJKtEv; Mon, 12 Feb 2024 11:54:06 -0800 (PST)
Received: from rfcpa.amsl.com (rfcpa.amsl.com [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A565C15155B; Mon, 12 Feb 2024 11:54:06 -0800 (PST)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 5C04DE7C0C; Mon, 12 Feb 2024 11:54:06 -0800 (PST)
To: dkg@fifthhorseman.net, joeygsal@gmail.com, paul.hoffman@icann.org
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, dprive-ads@ietf.org, dprive-chairs@ietf.org, brian@innovationslab.net, evyncke@cisco.com, auth48archive@rfc-editor.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20240212195406.5C04DE7C0C@rfcpa.amsl.com>
Date: Mon, 12 Feb 2024 11:54:06 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/DT_sd1adMbpXBqXk4Qf-FIKv6JU>
Subject: Re: [auth48] AUTH48: RFC-to-be 9539 <draft-ietf-dprive-unilateral-probing-13> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2024 19:54:10 -0000
Authors, While reviewing this document during AUTH48, please resolve (as necessary) the following questions, which are also in the XML file. 1) <!--[rfced] Please insert any keywords (beyond those that appear in the title) for use on https://www.rfc-editor.org/search. --> 2) <!--[rfced] How can "steps" be defeated? Perhaps a rephrase for this text would be beneficial (e.g., "The protections provided by following the steps in this document")? Original: The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. --> 3) <!--[rfced] We had a few questions regarding the Terminology section: a) Would the following update to the Do53 entry be agreeable to clarify the 1:1 relationship between the initialism and expansion? Perhaps: Unilateral: Capable of opportunistic probing without external coordination with any of the other parties. Do53: DNS over port 53 ([RFC1035]) for traditional cleartext. DoQ: DNS over QUIC ([RFC9250]). DoT: DNS over TLS ([RFC7858]). Encrypted transports: DoQ and DoT, collectively. b) We note that some of the conventions used in the document are described in sections other than the Terminology section. Please confirm that they should remain where they are or consider if consolidating them to some kind of "Terminology and Conventions" section would be helpful to the reader. Examples below: Original (Section 4.3): This document uses the notation <transport>-foo to refer to the foo parameter for the encrypted transport <transport>. Original (Section 4.5): This document uses the notation E-foo[X] to indicate the value of field foo for encrypted transport E to IP address X.--> 4) <!--[rfced] We had a few questions related to the following text: Original: 2. Priorities This document aims to mitigate potential impacts of the described protocol and to aid implementors in selecting between possible DNS protocol choices. 2.1. Minimizing Negative Impacts The protocol described in this document aims to minimize potentially negative impacts caused by the probing of encrypted transports for the systems that adopt these guidelines, for the parties that they communicate with, and for uninvolved third parties. a) Please review these two sentences that appear in close proximity for redundancy and/or consistency (i.e., the document aims or the protocol in the document aims?). Note that similar text also appears in the Introduction as well. b) This document has several occurrences similar to "The protocol described in this document" or "the described protocol" (e.g., see the first paragraph of Section 3) and later there are many mentions of "This guidance" or "The guidance provided in this document". Is a name of the protocol available to use instead for some of these instances? c) In the second sentence, will it be clear to the reader what "these guidelines" refers to? Also, we assume "they" refers to "systems". Perhaps some clarification of this sentence would make this text easier to get through in a single read. --> 5) <!--[rfced] In the following, should TC be expanded? Original: ...and flags (e.g., TC bit) might vary based on the transport. FYI: We see the following used in past RFCs: "TrunCation" (TC) bit and Truncation (TC) bit Traffic Class (TC) bits --> 6) <!--[rfced] May we update this sentence as follows to avoid the "either"/"concurrently" matchup? Original: In addition to querying on Do53, the recursive resolver will try either or both of DoT and DoQ concurrently. Perhaps: In addition to querying on Do53, the recursive resolver will try DoT, DoQ, or both concurrently. --> 7) <!--[rfced] FYI - We have changed "non-compatible" to "incompatible" in the following text. Please review and let us know if this alters your intended meaning. Original: When any encrypted transport fails, the recursive resolver remembers that failure for a reasonable amount of time to avoid flooding a non-compatible server with requests that it cannot accept. Current: When any encrypted transport fails, the recursive resolver remembers that failure for a reasonable amount of time to avoid flooding an incompatible server with requests that it cannot accept. --> 8) <!--[rfced] May we reformat the "Descriptions" in Table 1 to read as sentences rather than questions, to match the format of the other table in this document? Originals: persistence - How long should the recursive resolver remember successful encrypted transport connections? damping - How long should the recursive resolver remember unsuccessful encrypted transport connections? timeout - How long should the recursive resolver wait for an initiated encrypted connection to complete? Perhaps: persistence - How long the recursive resolver remembers successful encrypted transport connections damping - How long the recursive resolver remembers unsuccessful encrypted transport connections timeout - How long the recursive resolver waits for an initiated encrypted connection to complete --> 9) <!--[rfced] We wanted to clarify a few demonstrative adjectives in Section 4.4: a) Will the reader understand what "this guidance" is referring to as this is the first paragraph in the section? Original: 4.4. Recursive Resolver Requirements To follow this guidance, a recursive resolver MUST implement at least one of either DoT or DoQ in its capacity as a client of authoritative nameservers. A recursive resolver SHOULD implement the client side of DoT. b) Perhaps "the strategies in this document" or "the strategies herein" would be a good replacement for "these strategies"? Original: While this document focuses on the recursive-to-authoritative hop, a recursive resolver implementing these strategies SHOULD also accept queries from its clients over some encrypted transport unless it only accepts queries from localhost. --> 10) <!--[rfced] We had a few questions regarding this text in Section 4.6: Original: The subsections that follow offer pseudocode that corresponds roughly to an asynchronous programming model for a recursive resolver's interactions with authoritative servers. The following subsections also presume that the time of the discovery of the need for lookup is time T0. a) Is pseudocode in every subsection? Or should the text read "Some of the subsections that follow" or the like? b) May we update the second use of "The following subsections" to instead read "These same subsections" or "Subsections 4.6.1-..."? --> 11) <!--[rfced] Please review this use of "any". Original: The recursive resolver must decide whether to initially send a query over Do53, or over any of the supported encrypted transports (DoT or DoQ). Perhaps A: The recursive resolver must decide whether to initially send a query over Do53 or over either of the other supported encrypted transports (DoT or DoQ). Perhaps B: The recursive resolver must decide whether to initially send a query over Do53 or over any of the supported encrypted transports (those using DoT or DoQ). --> 12) <!--[rfced] FYI - We have reformatted the steps below to read as a bulleted list. Please let us know any objections. Original: When sending a query to an authoritative server over encrypted transport at time T4, the recursive resolver should take a few reasonable steps to ensure privacy and efficiency. After sending query Q, the recursive resolver should ensure that Q's state in E-queries[X] is set to sent. The recursive resolver also sets E-last-activity[X] to T4. In addition, the recursive resolver should consider the guidance in the following sections. Current: When sending a query to an authoritative server over encrypted transport at time T4, the recursive resolver should take a few reasonable steps to ensure privacy and efficiency. * The recursive resolver should ensure that Q's state in E-queries[X] is set to sent after sending query Q. * The recursive resolver should set E-last-activity[X] to T4. * The recursive resolver should consider the guidance in the following sections. --> 13) <!--[rfced] As the list below only contains one item, may we reformat this text to read as a sentence? Original: One reasonable prioritization scheme would be: * close outstanding established sessions based on E-last-activity[X] (oldest timestamp gets closed first) Perhaps: One reasonable prioritization scheme would be to close outstanding established sessions based on E-last-activity[X] (i.e., the oldest timestamp gets closed first). --> 14) <!--[rfced] Would you like the references to be alphabetized or left in their current order? --> 15) <!--[rfced] We have the following questions and updates regarding the terms below. Please review and let us know any guidance or objections. a. We see both EDNS0 and EDNS(0) used in this document. Please review and let us know which format you would prefer. b. FYI - We have adjusted the format of Encrypted Client Hello and Client Hello to Encrypted ClientHello and ClientHello for consistency with previous RFCs. c. FYI - We have removed hyphens from the following terms for consistency with cited RFCs 8484, 9250, and 7858. DNS-over-HTTPS DNS-over-QUIC DNS-over-TLS d. FYI - We have added expansions for abbreviations upon first use per Section 3.6 of RFC 7322 ("RFC Style Guide"). Please review this expansion in the document to ensure correctness. DNS-Based Authentication of Named Entities (DANE) --> 16) <!--[rfced] Please review the following questions regarding this document's use of the <tt> element: a. In the html and pdf outputs, the text enclosed in <tt> is output in fixed-width font. In the txt output, there are no changes to the font, and these terms do not appear in quotation marks. Please review the output files and let us know if quotation marks should be added anywhere for the ease of the reader or if the document should remain as is. For example, would it be more clear to add quotations to the following as so? Original: E-status[X] is success Perhaps: E-status[X] is "success" b. The terms below appear both with and without the <tt> format. Please review and let us know if any of these instances need to be updated. i. IP address Examples with the <tt> element: ...the authoritative server's IP address <tt>X</tt>. ...to authoritative servers from IP addresses <tt>2001:db8::100</tt> and <tt>2001:db8::200</tt>... But without: ... when the most recent DoT connection packet was sent to IP address 192.0.2.4. ii. NS Example with the <tt> element: A recursive client who associates state with the <tt>NS</tt> name and... But without: When doing so, the identity would presumably be based on the NS name used for a given query or the IP address of the server. iii. DoT and DoQ --> 17) <!--[rfced] Please review the "Inclusive Language" portion of the online Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let us know if any changes are needed. In addition, please consider whether "tradition" should be updated for clarity. While the NIST website <https://www.nist.gov/nist-research-library/nist-technical-series-publications-author-instructions#table1> indicates that this term is potentially biased, it is also ambiguous. "Tradition" is a subjective term, as it is not the same for everyone. --> Thank you. RFC Editor/kf/mf *****IMPORTANT***** Updated 2024/02/12 RFC Author(s): -------------- Instructions for Completing AUTH48 Your document has now entered AUTH48. Once it has been reviewed and approved by you and all coauthors, it will be published as an RFC. If an author is no longer available, there are several remedies available as listed in the FAQ (https://www.rfc-editor.org/faq/). You and you coauthors are responsible for engaging other parties (e.g., Contributors or Working Group) as necessary before providing your approval. Planning your review --------------------- Please review the following aspects of your document: * RFC Editor questions Please review and resolve any questions raised by the RFC Editor that have been included in the XML file as comments marked as follows: <!-- [rfced] ... --> These questions will also be sent in a subsequent email. * Changes submitted by coauthors Please ensure that you review any changes submitted by your coauthors. We assume that if you do not speak up that you agree to changes submitted by your coauthors. * Content Please review the full content of the document, as this cannot change once the RFC is published. Please pay particular attention to: - IANA considerations updates (if applicable) - contact information - references * Copyright notices and legends Please review the copyright notice and legends as defined in RFC 5378 and the Trust Legal Provisions (TLP – https://trustee.ietf.org/license-info/). * Semantic markup Please review the markup in the XML file to ensure that elements of content are correctly tagged. For example, ensure that <sourcecode> and <artwork> are set correctly. See details at <https://authors.ietf.org/rfcxml-vocabulary>. * Formatted output Please review the PDF, HTML, and TXT files to ensure that the formatted output, as generated from the markup in the XML file, is reasonable. Please note that the TXT will have formatting limitations compared to the PDF and HTML. Submitting changes ------------------ To submit changes, please reply to this email using ‘REPLY ALL’ as all the parties CCed on this message need to see your changes. The parties include: * your coauthors * rfc-editor@rfc-editor.org (the RPC team) * other document participants, depending on the stream (e.g., IETF Stream participants are your working group chairs, the responsible ADs, and the document shepherd). * auth48archive@rfc-editor.org, which is a new archival mailing list to preserve AUTH48 conversations; it is not an active discussion list: * More info: https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc * The archive itself: https://mailarchive.ietf.org/arch/browse/auth48archive/ * Note: If only absolutely necessary, you may temporarily opt out of the archiving of messages (e.g., to discuss a sensitive matter). If needed, please add a note at the top of the message that you have dropped the address. When the discussion is concluded, auth48archive@rfc-editor.org will be re-added to the CC list and its addition will be noted at the top of the message. You may submit your changes in one of two ways: An update to the provided XML file — OR — An explicit list of changes in this format Section # (or indicate Global) OLD: old text NEW: new text You do not need to reply with both an updated XML file and an explicit list of changes, as either form is sufficient. We will ask a stream manager to review and approve any changes that seem beyond editorial in nature, e.g., addition of new text, deletion of text, and technical changes. Information about stream managers can be found in the FAQ. Editorial changes do not require approval from a stream manager. Approving for publication -------------------------- To approve your RFC for publication, please reply to this email stating that you approve this RFC for publication. Please use ‘REPLY ALL’, as all the parties CCed on this message need to see your approval. Files ----- The files are available here: https://www.rfc-editor.org/authors/rfc9539.xml https://www.rfc-editor.org/authors/rfc9539.html https://www.rfc-editor.org/authors/rfc9539.pdf https://www.rfc-editor.org/authors/rfc9539.txt Diff file of the text: https://www.rfc-editor.org/authors/rfc9539-diff.html https://www.rfc-editor.org/authors/rfc9539-rfcdiff.html (side by side) Diff of the XML: https://www.rfc-editor.org/authors/rfc9539-xmldiff1.html The following files are provided to facilitate creation of your own diff files of the XML. Initial XMLv3 created using XMLv2 as input: https://www.rfc-editor.org/authors/rfc9539.original.v2v3.xml XMLv3 file that is a best effort to capture v3-related format updates only: https://www.rfc-editor.org/authors/rfc9539.form.xml Tracking progress ----------------- The details of the AUTH48 status of your document are here: https://www.rfc-editor.org/auth48/rfc9539 Please let us know if you have any questions. Thank you for your cooperation, RFC Editor -------------------------------------- RFC9539 (draft-ietf-dprive-unilateral-probing-13) Title : Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS Author(s) : D. Gillmor, Ed., J. Salazar, Ed., P. Hoffman, Ed. WG Chair(s) : Brian Haberman, Tim Wicinski Area Director(s) : Erik Kline, Éric Vyncke
- [auth48] AUTH48: RFC-to-be 9539 <draft-ietf-dpriv… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9539 <draft-ietf-d… rfc-editor
- Re: [auth48] [Ext] AUTH48: RFC-to-be 9539 <draft-… Paul Hoffman
- Re: [auth48] [Ext] AUTH48: RFC-to-be 9539 <draft-… Megan Ferguson
- Re: [auth48] [Ext] AUTH48: RFC-to-be 9539 <draft-… Paul Hoffman
- Re: [auth48] [Ext] AUTH48: RFC-to-be 9539 <draft-… Daniel Kahn Gillmor
- Re: [auth48] [Ext] AUTH48: RFC-to-be 9539 <draft-… Joey Salazar
- Re: [auth48] [Ext] AUTH48: RFC-to-be 9539 <draft-… Paul Hoffman
- Re: [auth48] [Ext] AUTH48: RFC-to-be 9539 <draft-… Sandy Ginoza
- Re: [auth48] [Ext] AUTH48: RFC-to-be 9539 <draft-… Joey Salazar