Re: [dns-privacy] WGLC review for draft-ietf-dprive-dnsoquic-05
Sara Dickinson <sara@sinodun.com> Wed, 05 January 2022 10:50 UTC
Return-Path: <sara@sinodun.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 884983A081E for <dns-privacy@ietfa.amsl.com>; Wed, 5 Jan 2022 02:50:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3bcukg9tXCHi for <dns-privacy@ietfa.amsl.com>; Wed, 5 Jan 2022 02:50:40 -0800 (PST)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DE3D3A0821 for <dns-privacy@ietf.org>; Wed, 5 Jan 2022 02:50:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=mythic-beasts-k1; h=To:Date:From:Subject; bh=PjUsr+DahVMrdp14YesV3UiMUgX3VkovWqyosfsblD8=; b=UGnCCuStX9UeeuK2yXBttEEOEj 31Dhm+v0rX7KoR+nTOStFa6rzw0PyfUAGw8t+PIpf92vWo768XpAcTpmfp3KoP2g199XExutb77ks lm3C/bUMNYibhVjqGGYYEMgiXX0zmaXk10B9aYzx1ydwcnKhb99MrVAsNjZ69N5CNysZyBI810gyy MvK3s8zWWW9AR17WgfD2goBgEv5Sobh8ahJct65tEhoYDYNT8cHCEeDljh9c3hjOs400nTHdTOkq7 sweTU05teqIpl3YPfrf81JoXilDa4pj9TYe/chRiCIyVPl3gNTsqu5ltvp6TDX7VQpgxZ/5pJSwyX vHDTe2sw==;
Received: from [62.3.64.153] (port=12055 helo=[192.168.12.101]) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <sara@sinodun.com>) id 1n53sL-0001sT-F8; Wed, 05 Jan 2022 10:50:37 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Sara Dickinson <sara@sinodun.com>
In-Reply-To: <CAM4esxSsFyyjXh_Bbn_4WgxoH6RepMnb3mmMyBUKiuiDPJWnBw@mail.gmail.com>
Date: Wed, 05 Jan 2022 10:50:32 +0000
Cc: DNS Privacy Working Group <dns-privacy@ietf.org>, Christian Huitema <huitema@huitema.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <025A5136-EE6E-4DFF-B108-DA81B3825784@sinodun.com>
References: <CAM4esxQAeOyDaBxFeWwLuY1uX-R5-qLRVWTSCiQNnAz=zyQ4wQ@mail.gmail.com> <CAM4esxQgWt0gZKd2_CDH8Adjp_nncy4-Tu+OR5mcz_U0mOnrVA@mail.gmail.com> <d34a1c4d-e8a4-7a53-3a82-6c854b823e90@huitema.net> <0B3C80D5-B968-4197-B03A-7A765B60DB34@sinodun.com> <CAM4esxSsFyyjXh_Bbn_4WgxoH6RepMnb3mmMyBUKiuiDPJWnBw@mail.gmail.com>
To: Martin Duke <martin.h.duke@gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/5atdq8eBEk549MeqkWOVKgw8lSY>
Subject: Re: [dns-privacy] WGLC review for draft-ietf-dprive-dnsoquic-05
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jan 2022 10:50:46 -0000
> On 6 Dec 2021, at 19:55, Martin Duke <martin.h.duke@gmail.com> wrote: > > Thank you for the changes in draft-07. > > from Christian's response: > > >> 2. (Sec 5.3.1) It doesn't quite sit right that STOP_SENDING can be ignored > >> if all data has been "sent". If some all has been sent but only some > >> acknowledged, the receiver of STOP_SENDING should stop trying to retransmit > >> any unacknowledged data. > > RFC 9000 is pretty much silent on that point. There is no mention of > STOP_SENDING in section 3.1 of RFC 9000. Everything in RFC 9000 looks > like "it would be nice if you stop sending asap", without making that a > hard decision. Yes, we might mention acknowledgements, but this is a > QUIC level issue. QUIC stack APIs may or may not inform the application > about how much data on a stream has been acknowledged, and in this > particular case data might well be acknowledged at the QUIC layer and > discarded at the application layer. > > Do you want to suggest a better text? > > As the current text says, Sec 3.5 of RFC 9000 is the correct reference. I would recommend > > s/if the server has already sent the response/if the server response has already been acknowledged > > <snip> > >> 6. (Sec 10.2) Section 17.2 in [RFC9000] doesn't say anything explicit > >> about demultiplexing with DTLS or any other protocol. A danger in reusing > >> Port 853 is that it implicitly limits use of DoQ with future versions of > >> QUIC. At the very least, it would be useful to explicity write down the > >> requirements for DoQ over future versions of QUIC. > > As the text says, no deployment of RFC8904 currently exists to our > knowledge. The reliance on section 17.2 of RFC 9000 is really an > assurance against a very unlikely eventuality, and I cannot see how it > would impact future versions of QUIC. > > RFC8999 does not guarantee that future versions of QUIC will preserve the QUIC bit, which allows demultiplex of DTLS with QUIC. DTLS has no invariants at all. I share your skepticism that this will end up mattering; however, there ought to be a little text, that says, e.g., > > Deployments that serve DNS over DTLS [RFC8904] and DNS over QUIC version 1 on the same port will be able to demultiplex the two due to the second most significant bit in each UDP payload. Such deployments ought to check the signatures of future versions or extensions (e.g. [?I-D.ietf-quic-bit-grease]) of QUIC and DTLS before deploying them to serve DNS on the same port. Hi Martin, Many thanks for this suggested text - I’ve created https://github.com/huitema/dnsoquic/pull/133 to incorporate this which I hope addresses these two comments. Best regards Sara.
- [dns-privacy] WGLC review for draft-ietf-dprive-d… Martin Duke
- Re: [dns-privacy] WGLC review for draft-ietf-dpri… Martin Duke
- Re: [dns-privacy] WGLC review for draft-ietf-dpri… Christian Huitema
- Re: [dns-privacy] WGLC review for draft-ietf-dpri… Sara Dickinson
- Re: [dns-privacy] WGLC review for draft-ietf-dpri… Martin Duke
- Re: [dns-privacy] WGLC review for draft-ietf-dpri… Ben Schwartz
- Re: [dns-privacy] WGLC review for draft-ietf-dpri… Martin Duke
- Re: [dns-privacy] WGLC review for draft-ietf-dpri… Sara Dickinson