IETF Logo Mail Archive

Re: [dispatch] Initial version of draft-hoffman-dispatch-dns-over-https

Mark Nottingham <mnot@mnot.net> Wed, 28 June 2017 01:05 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CE40129B22 for <dispatch@ietfa.amsl.com>; Tue, 27 Jun 2017 18:05:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=JzpelF71; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=nQZpKmR9
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7TbC7iwIuiCU for <dispatch@ietfa.amsl.com>; Tue, 27 Jun 2017 18:05:54 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8561F129B42 for <dispatch@ietf.org>; Tue, 27 Jun 2017 18:05:54 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id A3BB320975; Tue, 27 Jun 2017 21:05:50 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Tue, 27 Jun 2017 21:05:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=3I+1FgPMJ2o0urWbXx A1HQT7ZSOfJr5ttyq+4qZnk2k=; b=JzpelF71PZ0TwKRWBWNs2465YFCt5SIr16 KAFZY1AyNBDNWiyALYK7qoT7/3YlgY8KYO97mimrdxKPcusKdpy7XZasLzA39J+C +uuQzfvFL/mUc/+vnSiOUTymD0hrfM5LcNQZDOvNR1OzaKn23DgI0EdutwPudiZv dNn+LQjvRLH99stTpRrbHdicrRL11SqttlSwsf9Wwo71WhQprg1ChmY31xGVzYCP VRBqwi4gJVH95pu8O3JHXn7RnwE4t2P5JHENZqbNi2BXfs27xzyKJiniYgBfvZap LyjEZW56CYgxF2ZCI7WrJGxhq2xjBJ+mH42vvO+4SSJYxcvVXgtA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=3I+1FgPMJ2o0urWbXxA1HQT7ZSOfJr5ttyq+4qZnk2k=; b=nQZpKmR9 MQwIbI2FrHBh5ZSRDXVpdDDzgL4zTsZ2basXtTDxn35OGlkEcVAsyR7Z8h2UlEti 7ibyUbyaq0H7FJ1vz6Uyfl6YSSQlpghm0JOxlLqSJo/c97f7taaak8x2IwD9dCcw 4/HVHtClImqSc5Hw1whBonZ5RXw9bsttUSf9ixp0hrIH9MpXMBeiGiLvN+Lks1Xy 5YOM4aWYcpVGRiJLPB7XKNU6VuN3q3+mXnHcTX2GkwySnFt/3t5VsWAujWww9Ubz whYrfmRacH52++3GQYjv+t/+RtBHohF+ulnZE7TZZX78+3OSMmfAiGj+SngKM9gw xN5PnlPdKIG3vw==
X-ME-Sender: <xms:7gBTWWZMhhVApw5yx4bjOfzJXeT57m1JjiUx-nVRy1H8jdvT21Q80A>
X-Sasl-enc: sa+3s6nCmQVej64scrcq+Bp1jEmTnzjgCNEWsO9HnYRM 1498611950
Received: from [192.168.1.18] (cpe-124-188-19-231.hdbq1.win.bigpond.net.au [124.188.19.231]) by mail.messagingengine.com (Postfix) with ESMTPA id 199747E794; Tue, 27 Jun 2017 21:05:48 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CAOdDvNouCJHJngOQvvqxpH52Umg5Ztw_58nzjfhLODM0bmLKGw@mail.gmail.com>
Date: Wed, 28 Jun 2017 11:05:45 +1000
Cc: Paul Hoffman <paul.hoffman@icann.org>, Patrick McManus <mcmanus@ducksong.com>, "dispatch@ietf.org" <dispatch@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <089A78D5-F98A-4D89-A94A-3F94C1BE87EC@mnot.net>
References: <88C327F9-3124-40CE-B1CB-4A8F8870746D@icann.org> <4CC73563-67A5-4683-851C-9E2A4B8F8032@mnot.net> <CAOdDvNouCJHJngOQvvqxpH52Umg5Ztw_58nzjfhLODM0bmLKGw@mail.gmail.com>
To: Patrick McManus <pmcmanus@mozilla.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/9DpUaKIgavcUOi1yNdbSfNVVHKE>
Subject: Re: [dispatch] Initial version of draft-hoffman-dispatch-dns-over-https
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Jun 2017 01:05:57 -0000

> On 28 Jun 2017, at 1:50 am, Patrick McManus <pmcmanus@mozilla.com> wrote:

>> The GET-style request in your example (which I think is pretty representative) uses 44 octets to encode the body; the POST serialisation is 33 octets. However, with HPACK's huffman encoding (remember, you're requiring HTTP/2), that goes down to 34 bytes.
>> 
>> Are we really that sensitive to on-the-wire size? To me, the cache efficiency gains as well as simplicity more than make up for a 3% difference. The statement that "POST-ed requests are smaller" isn't going to be true, in pathological cases.
> 
> So size is one concern that motivates the POST definition but there are others that should probably be articulated. Most significantly request header mechanisms that apply to the request message body don't apply well to GET other than the content-type encoded into the GET URI (which is a rather unfortunate wart without adding more such warts on). From a size perspective obviously compression might be a win for POST but not for GET but I'm also trying to be a pragmatist when thinking about whether 415 applies naturally to the GET mode.
> 
> If we were to have only one, and that is a reasonable thing to at least discuss about a standard (the current situation is definitely a tradeoff, though one I support), I'd actually be inclined to go POST only to more naturally delineate the messages in each direction. That of course leads to the cache discussion - and we know as spec-heads that there's nothing wrong with caching POST in this model - but we also know that it won't happen. Thus this flavor of  pragmatism while acknowledging there are 30 other flavors available on the menu.

If it's just Content-Type, I think putting it in the URL is fine, and would prefer a GET-only solution.

If it's going to be more complex than that, I'd recommend that the well-known resource actually be a "directory" / "map" / "home page" document that explains how to interact with the DNS API server, rather than baking everything into the URI. It'll give you far more flexibility for future changes, and AIUI in the use cases for this, it's not onerous to do a single up-front discovery RT.

BTW - If I were to nit-pick here, I'd say that you don't need a well-known URI for this; there's no reason that a DNS API server couldn't be configured with a full URI, instead of a hostname / port pair. 


>>  Why shouldn't DNS API servers be able to generate ETags based upon their internal state, to reduce outbound bandwidth?
> 
> we should give it a full airing wherever this gets dispatched to, but 2 thoughts:
> 1 - iirc this boils down to an interaction between the DNS TTL embedded in the response and the 304.. you really do conceptually need a new DNS entry, but if its byte-for-byte the same I agree the server could 304 that with appropriate cache controls. we should figure out the right language to thread that needle.
> 
> 2 - these responses are good candidates for immutable

Fair enough. Just didn't want to discount validation out of the gate.


--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email