Re: [dns-privacy] DPRIVE over UDP or TCP
Phillip Hallam-Baker <ietf@hallambaker.com> Thu, 23 April 2015 02:25 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1D341A0334 for <dns-privacy@ietfa.amsl.com>; Wed, 22 Apr 2015 19:25:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.276
X-Spam-Level:
X-Spam-Status: No, score=-1.276 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8zRzxdX18jj for <dns-privacy@ietfa.amsl.com>; Wed, 22 Apr 2015 19:25:39 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDD521A00DB for <dns-privacy@ietf.org>; Wed, 22 Apr 2015 19:25:38 -0700 (PDT)
Received: by layy10 with SMTP id y10so3087914lay.0 for <dns-privacy@ietf.org>; Wed, 22 Apr 2015 19:25:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=EE8J2AJejqttRkppgWNZy8dDzGoBz6b7OG+BUV1ytZY=; b=dveRUW85A+e8QXxUNKXqXV5DNjZKc90FEnfmGOTQ7pZZOB3Gy8HP7Gr0eRzua4/xjL 2a+FVphZePDvnVf4UG4ppD2BJaiQ9Xi35Nij4PteO9Az9SMUoLVvVzYRyMtkKIeVHgf9 9uKH886asxmQeB6Wthb/m47VqmDzk5Wrd1FW6p9+X9T9+RVX24oaf+rmSoYBcxb+BM+u Wx5Ij1zYd8dosd9Hp5c2NSY9MnRHM/n9WgJRvDg7T2ML4UCU1norkTonFq91TIyx64RY nDCLp1aAGXr3e83eCo5m0FJuLPziaZ3Irugkp9d8KnsNQTX2F7AdL4eJpy8EqXHlklxh 4JrA==
MIME-Version: 1.0
X-Received: by 10.152.45.97 with SMTP id l1mr464809lam.55.1429755937347; Wed, 22 Apr 2015 19:25:37 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.203.163 with HTTP; Wed, 22 Apr 2015 19:25:37 -0700 (PDT)
In-Reply-To: <CA+9kkMBjJc10h0fDaXaYs4HzMSjM06B_6x=5KvPnEn4iZ7fhsw@mail.gmail.com>
References: <832DC193-6328-42EC-B33A-801FC1731EB0@cisco.com> <CA+9kkMBjJc10h0fDaXaYs4HzMSjM06B_6x=5KvPnEn4iZ7fhsw@mail.gmail.com>
Date: Wed, 22 Apr 2015 22:25:37 -0400
X-Google-Sender-Auth: gJDloinCDsbcAaCdJf-GFTsMVi0
Message-ID: <CAMm+Lwiu+DVgOHp8XenQEr8fbR7uvQCcSoG-U1ShHxGyat2myA@mail.gmail.com>
From: Phillip Hallam-Baker <ietf@hallambaker.com>
To: Ted Hardie <ted.ietf@gmail.com>
Content-Type: multipart/related; boundary="001a11c1b02ac2df5605145afecb"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/1yDB3yPm2flpB4WsDLPO3CUO-zM>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>, ๐Dan Wing <dwing@cisco.com>
Subject: Re: [dns-privacy] DPRIVE over UDP or TCP
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 02:25:40 -0000
On Wed, Apr 22, 2015 at 6:24 PM, Ted Hardie <ted.ietf@gmail.com> wrote: > On Wed, Apr 22, 2015 at 10:15 AM, [image: ๐]Dan Wing <dwing@cisco.com> > wrote: > >> During the DPRIVE meeting in Dallas, several questions came up about UDP >> versus TCP. We had previously submitted a "DNS over DTLS" document which >> predated DPRIVE. We re-submitted the document with a few edits and a >> filename that makes it easier to find, >> https://tools.ietf.org/html/draft-wing-dprive-dnsodtls, diffs at >> https://tools.ietf.org/rfcdiff?url1=draft-wing-dnsop-dnsodtls-01&url2=draft-wing-dprive-dnsodtls-00 >> >> The working group may want to consider the advantages of DNS over DTLS >> over UDP compared to using TCP: >> >> * No reliance on operating system support of TCP Fast Open [RFC7413] to >> achieve same number of round trips. >> * Avoidance of TCP's network head of line blocking. >> >> > โJust to confirm my understanding, with DTLS plus anycast, you'd have > similar issues for restart as TCP (state being associated with a single > endpoint, timeout required for flushing state). Is that your thinking as > well?โ > > regards, > > Ted > I am not an expert on DTLS but that was the concern that made me avoid using it. I want a completely stateless resolver, not just UDP. That means using either a very fast ECC scheme for authentication or some sort of kerberos ticket. There are TLS features that may be sufficient but I worry about the number of framing bytes.
- [dns-privacy] DPRIVE over UDP or TCP ๐Dan Wing
- Re: [dns-privacy] DPRIVE over UDP or TCP Ted Hardie
- Re: [dns-privacy] DPRIVE over UDP or TCP Phillip Hallam-Baker
- Re: [dns-privacy] DPRIVE over UDP or TCP ๐Dan Wing
- Re: [dns-privacy] DPRIVE over UDP or TCP ๐Dan Wing
- Re: [dns-privacy] DPRIVE over UDP or TCP Phillip Hallam-Baker
- Re: [dns-privacy] DPRIVE over UDP or TCP Watson Ladd
- Re: [dns-privacy] DPRIVE over UDP or TCP Phillip Hallam-Baker
- Re: [dns-privacy] DPRIVE over UDP or TCP Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] DPRIVE over UDP or TCP Tony Finch
- Re: [dns-privacy] DPRIVE over UDP or TCP ๐Dan Wing
- Re: [dns-privacy] DPRIVE over UDP or TCP Watson Ladd
- Re: [dns-privacy] DPRIVE over UDP or TCP ๐Dan Wing
- Re: [dns-privacy] DPRIVE over UDP or TCP Watson Ladd
- Re: [dns-privacy] DPRIVE over UDP or TCP ๐Dan Wing
- Re: [dns-privacy] DPRIVE over UDP or TCP Phillip Hallam-Baker
- Re: [dns-privacy] DPRIVE over UDP or TCP Paul Wouters
- Re: [dns-privacy] DPRIVE over UDP or TCP Christian Huitema
- Re: [dns-privacy] DPRIVE over UDP or TCP Phillip Hallam-Baker
- Re: [dns-privacy] DPRIVE over UDP or TCP Christian Huitema
- Re: [dns-privacy] DPRIVE over UDP or TCP ๐Dan Wing
- Re: [dns-privacy] DPRIVE over UDP or TCP Paul Hoffman
- Re: [dns-privacy] DPRIVE over UDP or TCP Tony Finch
- Re: [dns-privacy] DPRIVE over UDP or TCP Tony Finch
- Re: [dns-privacy] DPRIVE over UDP or TCP Phillip Hallam-Baker
- Re: [dns-privacy] DPRIVE over UDP or TCP Warren Kumari
- Re: [dns-privacy] DPRIVE over UDP or TCP Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] DPRIVE over UDP or TCP Christian Huitema
- Re: [dns-privacy] DPRIVE over UDP or TCP Phillip Hallam-Baker
- Re: [dns-privacy] DPRIVE over UDP or TCP Tony Finch
- Re: [dns-privacy] DPRIVE over UDP or TCP Phillip Hallam-Baker
- Re: [dns-privacy] DPRIVE over UDP or TCP Tony Finch
- Re: [dns-privacy] DPRIVE over UDP or TCP Guangqing Deng
- Re: [dns-privacy] DPRIVE over UDP or TCP Watson Ladd
- Re: [dns-privacy] DPRIVE over UDP or TCP Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] DPRIVE over UDP or TCP Paul Hoffman