IETF Logo Mail Archive

Re: [dispatch] Initial version of draft-hoffman-dispatch-dns-over-https

Mark Nottingham <mnot@mnot.net> Tue, 27 June 2017 04:17 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7233128B8E for <dispatch@ietfa.amsl.com>; Mon, 26 Jun 2017 21:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mnot.net header.b=Jd0U+ngR; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Wmomg1Re
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eiRj-_GCuLYT for <dispatch@ietfa.amsl.com>; Mon, 26 Jun 2017 21:17:35 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B7B6128B88 for <dispatch@ietf.org>; Mon, 26 Jun 2017 21:17:35 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id DA93320DAD; Tue, 27 Jun 2017 00:17:34 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute3.internal (MEProxy); Tue, 27 Jun 2017 00:17:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=YMjFQEVH0IcJwAYW4a 4PP18SY6IPgCZ8eh0O1wY6AS8=; b=Jd0U+ngRrPVgUumhpxtCeD5BC3ZuNUhW9X wFOVFRrvWDanAbSgc/d/x+bcwleeSe2Bo9I9lJHl9wlmxH51G2MrsJvcnJ+byq+I ZHIYkOkA3hN5PaqgQA/WXDmg61jw9yEGm1XOEMdhMViOnlT9M14Jq77Sya+TWV9P /0ezmmIsW2rKrNiDzLdYuzYErvlLOkkALib1lOrlIR1vV/JGCnhmngg83xL19Fqf Mvr3xy9Y1BUGaRWaaACzkN2q0ju8esEAl1UqR3D9SdKXIMwrCBQZc9Wa7t/GANwl Vdz2PU5zSpUCwgosMXgALw/VtU6RJB0HzKV5xCBuIhCwvhPABjFQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=YMjFQEVH0IcJwAYW4a4PP18SY6IPgCZ8eh0O1wY6AS8=; b=Wmomg1Re ypyAm+DRJQLRQy8nPGRTipbJd8NhxhhrN5agtxk3KRbjDRpWcXWWUle3pe7kmDE1 ZwF3Rc3gSn4gfC4UiIG9FxXPHqEO5JvlE3ugnNSe+pEAhPjAQ/P2afV8yeBRPGAA OI0zqODMmQlVl6LHYR4vVzJNcAoEFOxo99CdPqJu0Pj/KUojl3Lrr7TikwQ2tYGk pyARUtLwksSqEtcyyaVYWY0DI0SidV4WZq7w0KQEkZ9j6itkxl24H0UZaLgvy4Hh A5LxSFyXxOsaRDZr9DLiRibkjTyUsXpZaSI/doROmKvmY6p7SFfQXkCIQFjc9jna OyjbeK07iBnlBg==
X-ME-Sender: <xms:XtxRWQbBMFQKhZi0rPkFwQayOS0cG_ybw3RJZZp62P8SZd3oQQ31Vw>
X-Sasl-enc: aUEaVUa0AyzF7s6kllJzZ49z0qJJnF0tXAVBcUgY65Dq 1498537054
Received: from [192.168.1.18] (cpe-124-188-19-231.hdbq1.win.bigpond.net.au [124.188.19.231]) by mail.messagingengine.com (Postfix) with ESMTPA id A3C76240F6; Tue, 27 Jun 2017 00:17:33 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <88C327F9-3124-40CE-B1CB-4A8F8870746D@icann.org>
Date: Tue, 27 Jun 2017 14:17:30 +1000
Cc: "dispatch@ietf.org" <dispatch@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4CC73563-67A5-4683-851C-9E2A4B8F8032@mnot.net>
References: <88C327F9-3124-40CE-B1CB-4A8F8870746D@icann.org>
To: Paul Hoffman <paul.hoffman@icann.org>, Patrick McManus <mcmanus@ducksong.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/HwUeK2cJ4v7VECcD8X2d-nRbJu8>
Subject: Re: [dispatch] Initial version of draft-hoffman-dispatch-dns-over-https
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jun 2017 04:17:38 -0000

Hi Paul,

Thanks for the heads-up.


"""
   A DNS API Client encodes the DNS query into the HTTP request using
   either the HTTP GET or POST methods.

   When using the POST method, the DNS query is included as the message
   body of the HTTP request and the Content-Type request header
   indicates the media type of the message.  POST-ed requests are
   smaller than their GET equivalents.
"""

I think it's a mistake to bifurcate the request style so fundamentally; it's HTTP tunnelling at its worst. 

The GET-style request in your example (which I think is pretty representative) uses 44 octets to encode the body; the POST serialisation is 33 octets. However, with HPACK's huffman encoding (remember, you're requiring HTTP/2), that goes down to 34 bytes.

Are we really that sensitive to on-the-wire size? To me, the cache efficiency gains as well as simplicity more than make up for a 3% difference. The statement that "POST-ed requests are smaller" isn't going to be true, in pathological cases.

"""
  The media type is "application/dns-udpwireformat"
"""

That's needlessly long; suggest "application/dns-uwf".

There's a laundry list of questions about what HTTP functionality the client needs to support. I'm hoping a draft will emerge shortly that will help with this.

Why shouldn't DNS API servers be able to generate ETags based upon their internal state, to reduce outbound bandwidth?

Cheers,


> On 27 Jun 2017, at 12:38 pm, Paul Hoffman <paul.hoffman@icann.org> wrote:
> 
> [[ Any comments on the -00 that we should incorporate into a -01 before the cutoff in a week? ]]
> 
> Greetings. Based on the advice from the chairs, we have given a new filename to our dns-over-https draft. This will hopefully get the draft picked up in the DISPATCH WG tracker page.
> 
> --Paul and Patrick
> 
> 
> A new version of I-D, draft-hoffman-dispatch-dns-over-https-00.txt
> has been successfully submitted by Paul Hoffman and posted to the
> IETF repository.
> 
> Name:		draft-hoffman-dispatch-dns-over-https
> Revision:	00
> Title:		DNS Queries over HTTPS
> Document date:	2017-06-17
> Group:		Individual Submission
> Pages:		12
> URL:            https://www.ietf.org/id/draft-hoffman-dispatch-dns-over-https-00.txt
> Status:         https://datatracker.ietf.org/doc/draft-hoffman-dispatch-dns-over-https/
> Htmlized:       https://tools.ietf.org/html/draft-hoffman-dispatch-dns-over-https-00
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-hoffman-dispatch-dns-over-https-00
> 
> 
> Abstract:
>  DNS queries sometimes experience problems with end to end
>  connectivity at times and places where HTTPS flows freely.
> 
>  HTTPS provides the most practical mechanism for reliable end to end
>  communication.  Its use of TLS provides integrity and confidentiality
>  guarantees and its use of HTTP allows it to interoperate with
>  proxies, firewalls, and authentication systems where required for
>  transit.
> 
>  This document describes how to run DNS service over HTTP using
>  https:// URIs.
> 
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email