[core] Re: AD Review: draft-ietf-core-dns-over-coap
Martine Sophie Lenders <martine.lenders@tu-dresden.de> Mon, 16 June 2025 15:07 UTC
Return-Path: <martine.lenders@tu-dresden.de>
X-Original-To: core@mail2.ietf.org
Delivered-To: core@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E82503588974; Mon, 16 Jun 2025 08:07:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cX6EvYfj5fFv; Mon, 16 Jun 2025 08:07:56 -0700 (PDT)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C315C358896A; Mon, 16 Jun 2025 08:07:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:In-Reply-To:From:References:CC:To :Subject:MIME-Version:Date:Message-ID:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=DUH7KYtZL+E7kxByfUdYmpDX2M5LypldIyqgr2tLtoQ=; b=NK3NZhz7NjVGW2GcUbJJz6tjfB vkcVkRBnDSinT1CdZ7448+W1sswxB+7j+XPnyylV0xi2WerZJAQpEzpJX3s8wxPoJkH4yTIBg+bZ5 7tPhipT71teL0/U2/oXpvwrQRuz2J+GHyXm90I1yNpppE5qDhR9wkN5DA8kWOdYReg6nA8Z5qNrok GLWqVLbWhFwGeB5IeHGUhYV5XMLc6a6lEOyZaLK9eOb+Fr0rT4Qz47Y0MRclWE+rFcNF41+alpP7+ s65cAwLPCmQ1cWDCAN8PH4p4ARWNmIVvVjH4pNggax3DQRu8UZp3Gj5k8ONJvCPv1nvCp6rZnRSEq 6KF+nI8A==;
Received: from msx-t421.msx.ad.zih.tu-dresden.de ([172.26.35.138] helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <martine.lenders@tu-dresden.de>) id 1uRBR8-004Y2d-UJ; Mon, 16 Jun 2025 17:07:56 +0200
Received: from [192.168.101.9] (141.76.13.165) by msx-t421.msx.ad.zih.tu-dresden.de (172.26.35.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1748.26; Mon, 16 Jun 2025 17:07:34 +0200
Message-ID: <8ab1b676-4cc7-45bb-8bf8-a4d9967cffef@tu-dresden.de>
Date: Mon, 16 Jun 2025 17:07:34 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Mike Bishop <mbishop@evequefou.be>, "draft-ietf-core-dns-over-coap@ietf.org" <draft-ietf-core-dns-over-coap@ietf.org>
References: <63f3eeb45a7048c5affc3d48b3a0f646@msx-t421.msx.ad.zih.tu-dresden.de>
Content-Language: en-US
From: Martine Sophie Lenders <martine.lenders@tu-dresden.de>
In-Reply-To: <63f3eeb45a7048c5affc3d48b3a0f646@msx-t421.msx.ad.zih.tu-dresden.de>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms010605090002020807010409"
X-ClientProxiedBy: MSX-L422.msx.ad.zih.tu-dresden.de (172.26.34.142) To msx-t421.msx.ad.zih.tu-dresden.de (172.26.35.138)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: 6KIWHBNK57CNYFVR5N5JTKKNAH7ZURMU
X-Message-ID-Hash: 6KIWHBNK57CNYFVR5N5JTKKNAH7ZURMU
X-MailFrom: martine.lenders@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-core.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "core@ietf.org" <core@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [core] Re: AD Review: draft-ietf-core-dns-over-coap
List-Id: "Constrained RESTful Environments (CoRE) Working Group list" <core.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/nhFDiMPe1pHNZ5M_UJYKHG5a8kY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Owner: <mailto:core-owner@ietf.org>
List-Post: <mailto:core@ietf.org>
List-Subscribe: <mailto:core-join@ietf.org>
List-Unsubscribe: <mailto:core-leave@ietf.org>
Hi Mike, thanks for your review. Most changes I address as is (see https://github.com/core-wg/draft-dns-over-coap/pull/45) but here are some comments still up for discussion. On 6/12/25 17:40, Mike Bishop wrote: > Thanks for this work — it looks like a useful addition to the suite of > DoFoo protocols. (Though the identical pronunciation between DoC and DoQ > may lead to some accidental confusion down the road.) > > I have a few high-level notes as well as smaller comments and nits. > > First, I note the normative dependency on draft-ietf-cbor-edn-literals > which was returned to the cbor WG after IETF Last Call. Have the authors > and chairs coordinated on the timeline of that document and whether it > will delay publication of this one? Are the updates in that draft needed > for this work or would a reference to RFC 8949/8610 suffice to unblock this? Since we only reference draft-ietf-cbor-edn-literals to use CBOR string sequences, it should be fine to reference RFC 8949. > Second, this document seems to sidestep discussion of a gap around > discovery: a DoC server which uses OSCORE without transport security. > It's fine to specify the DoC protocol without specifying discovery > mechanisms for every possible mode, particularly when pre-configuration > is a realistic possibility. If there is no current discovery mechanism > for this mode, we should just say that directly. We discuss the discovery of DoC servers using OSCORE in draft-lenders-core-dnr, but I agree it is worth noting that OSCORE discovery is out of scope of this document. > Lastly, a note that may simply be my lack of history with this domain. > Is "CoRE" a term we use in RFCs or simply the name of the WG? If the > latter, it's probably incorrect to refer to FETCH as CoRE-specific in > Section 1. Should this be "CoAP-specific"? Similarly, the title of > Section 5 can simply discuss CoAP. Regarding referring to FETCH as CoRE-specific, I think you are right. Regarding the general usage of CoRE as an umbrella term as we do in the title of section 5, I have to pass the ball to the core WG itself. We wrote CoRE here since, e.g. OSCORE is not necessarily only used over CoAP, right? Is there precedence for this? > ===Other Comments=== > [...] > In Section 3.2: > > * > Consider whether the normative downrefs to [I-D.ietf-core-coap-dtls- > alpn] and [I-D.ietf-cbor-edn-literals] are needed. At first glance, > neither appears to be specifying requirements, but are examples or > implementation possibilities. Could these be informative? Regarding the -edn-literals downref, see above. Since we are using the ALPN defined in -coap-dtls-alpn, we came to the conclusion that the reference should be normative that is also why -coap-dtls-alpn and this draft were given to IESG together. However, if we now decide that the -coap-dlts-alpn reference can be informative, I happily downgrade it. > * [...] > * > Saying that the algorithm "could be as follows" suggests this is > merely illustrative. Are there any normative guidelines on how "MUST > [be] constructed from the SvcParams" gets executed? Note the > informative reference to transport-indication is probably not the > answer. Is it enough that we write something like "A construction algorithm for DoC requests MUST be as follows, [...]" and then specify below "A more generalized construction algorithm for any CoAP request can be found in [transport-indication].". I.e., specifying that this algorithm only considers requests for DoC. > In Section 4.2.2, explain when the SHOULD doesn't apply. Does a forward > reference to Sections 6 and 8 help with that? Apart from losing the benefits of CoAP caching, there is no real harm in keeping an ID, e.g., when the query came from somewhere else. As such maybe adding some sentences such as "Apart from losing these benefits, there is no harm it not setting it to 0, e.g., when the query was received from somewhere else. A DoC server MUST copy the ID from the query in its response." Section 6 and 8 do not provide any guidance on when SHOULD does not apply, as they state that the CoAP token can take the same function when it comes to cache poisoning attacks. > [...] > * > Equating the integrity of the connection (DoQ) and the integrity of > the records (DNSSEC) seems likely to draw fire during IESG Review. > Consider rewording this section to talk about the upstream > connection and the records separately. See https://github.com/core-wg/draft-dns-over-coap/pull/45/commits/2b0f35978ed88e74a08d23cc04a18b9c19a1d0da Best Martine
- [core] Re: AD Review: draft-ietf-core-dns-over-co… Martine Sophie Lenders
- [core] AD Review: draft-ietf-core-dns-over-coap Mike Bishop
- [core] Re: AD Review: draft-ietf-core-dns-over-co… Carsten Bormann
- [core] Re: AD Review: draft-ietf-core-dns-over-co… Mike Bishop
- [core] Re: AD Review: draft-ietf-core-dns-over-co… Martine Sophie Lenders
- [core] Re: AD Review: draft-ietf-core-dns-over-co… Mike Bishop
- [core] Re: AD Review: draft-ietf-core-dns-over-co… Mike Bishop
- [core] Re: AD Review: draft-ietf-core-dns-over-co… Mike Bishop