IETF Logo Mail Archive

Re: [dns-privacy] [DNSOP] Next steps: draft-ietf-core-dns-over-coap

Ben Schwartz <bemasc@meta.com> Fri, 23 June 2023 20:23 UTC

Return-Path: <prvs=9538b799dd=bemasc@meta.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 766FCC1519BA; Fri, 23 Jun 2023 13:23:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.793
X-Spam-Level:
X-Spam-Status: No, score=-2.793 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oUraZlsh-l6q; Fri, 23 Jun 2023 13:23:29 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7AF32C1519A5; Fri, 23 Jun 2023 13:23:29 -0700 (PDT)
Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 35NG5RZr004564; Fri, 23 Jun 2023 13:23:09 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=s2048-2021-q4; bh=ZRe4ojFTvNaUK51vd1zhWm9pU9ygY9uY9m3lIUuUGDQ=; b=WNRSasCkq8fnb6w0dextxHQFVpLKeOiDnOaMXrTkEprblkpB2DNSdX7K+gd+rrDMyZV3 4+hZwRkDFCXtPVfhZzkWB62xO0G7/Ix0IkzsF0lrpcXh7zsCEhfAFf6RI9Ed2kwhrFvw HMbvYAHtPSaaqDSYJuiQPpbuceocTgDh0bI39MxwfL34DtK+ABzeJo2iI+xK7XkLEVTP VKp8xnrDszdGhaFXkjDHc0vOB/U7wdg0c3Q2jSBEthwyxkhbF4yyGsYNqEcOX+XadPF3 3F9YarwHrWYfvethwKC3/MAQ1q3f2L83Xfhghqr1yAXVw+Y8aZ1Ey13Fkkrol2zKyKwS 1g==
Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02lp2041.outbound.protection.outlook.com [104.47.51.41]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3rcqahpjn8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jun 2023 13:23:09 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HoO+lEY0QoJ6lMgOj73ymUvFeCBuSxTM9OCfbijK//78RzfryZkKa6Ry2HWyamHbL67mqgX1saSe53Ly1cjiSpbNz9cX8ikgjn61ddd0iEgK2NNCsO99zZriIsh+TAv93+TuMpGgy5L9v2Rm1pzBQRg8MWYit+Tq2xFEBmC9rpJOBO62/Oixk2cCUT+H3eFQZpg90vZ4Gc3REV4bN4DgcnbtL1P2ZQuthhjFPwtUgcR2fIxybEjJQosw9/EGsX/23Kay1OptG2rIMkQXsJWDq5PLnOc4VhVkWUrUh05BhNmsieUQYhct4a0ocVGcZjsDb0rh+WCFG+caZ8GH6LCIWw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZRe4ojFTvNaUK51vd1zhWm9pU9ygY9uY9m3lIUuUGDQ=; b=GwPbJGxs+0e4w5jdpHlGc4rr5BEqAWgPY0G5jliJ61x5lT/1xwbdys3AGPju04apzYwy5tY+zCwtQm0v+bi+jinvSjAqjZSW8KK7UaJR+mybf2DKAfX4mfYeZlaESiUKlvn+Y+p0wgyUKKmpEizeGOVwv71FAe7SJVgmeMreS+CqxkU/QZ7R84g3L7oqCckHqaBnI7BULesLZDmML6grlAKZkiJfc23djOaqJgJ2+OWIdAm8Q2zwWn+4yxlkZ2BpEIER7L5ljC7bf8rOn5wyQlZYvE7XJUDieVrt2kbF8tWO89+faMyEWisW+NMDdhMiUmTEfJA9OvZXxN4v0OTMhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from BN8PR15MB3281.namprd15.prod.outlook.com (2603:10b6:408:aa::24) by SA0PR15MB4062.namprd15.prod.outlook.com (2603:10b6:806:82::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.23; Fri, 23 Jun 2023 20:23:06 +0000
Received: from BN8PR15MB3281.namprd15.prod.outlook.com ([fe80::f44a:f5d7:be15:88e1]) by BN8PR15MB3281.namprd15.prod.outlook.com ([fe80::f44a:f5d7:be15:88e1%3]) with mapi id 15.20.6521.024; Fri, 23 Jun 2023 20:23:06 +0000
From: Ben Schwartz <bemasc@meta.com>
To: Martine Sophie Lenders <m.lenders@fu-berlin.de>, "core@ietf.org" <core@ietf.org>
CC: "draft-ietf-core-dns-over-coap@ietf.org" <draft-ietf-core-dns-over-coap@ietf.org>, dnsop <dnsop@ietf.org>, DNS Privacy Working Group <dns-privacy@ietf.org>
Thread-Topic: [DNSOP] Next steps: draft-ietf-core-dns-over-coap
Thread-Index: AQHZpgphu48D91RiXE6D7WTmX/vYOa+YyVlX
Date: Fri, 23 Jun 2023 20:23:05 +0000
Message-ID: <BN8PR15MB3281BDC22008FF7D94076A1CB323A@BN8PR15MB3281.namprd15.prod.outlook.com>
References: <2490fd32-437d-8182-ec2e-9e5058d9bf5a@fu-berlin.de>
In-Reply-To: <2490fd32-437d-8182-ec2e-9e5058d9bf5a@fu-berlin.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN8PR15MB3281:EE_|SA0PR15MB4062:EE_
x-ms-office365-filtering-correlation-id: ae307bba-0906-460a-86e6-08db7427a729
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: YASruW5HfLzYEVGHYHyPNxx+PQF65umJUiSoMYzjeVZgkbI5zq6JS9htdkyUi0g2LmjkkT3tiMmTYnkW/5fYTMBdTQI8cRl5/ByzOSXuYRQXVdY60DbIfFl6EYm4EOKmyuHSKRCtUnp3NhBpP68IkwLAO/h5GoeWAmg9p06cr0UwDm579oihq5V0OSsYMBnUvrTIjVjq5aQUCEEbGRT6SIoIzY9pkJy4qPbrzjahEiK73OSLokEO2xkNKzGv7SQqNEuiB3zzCl2YZnp9pdjuWJ29yMhRxJvFH/TMakr9vdgLEkTnZn26aYrf4nPspTBZ5cvcCmxO6JGhN9n+0ecVGmejdRGG7CmUd7ZIJLmsTtKivH3LeHEwlUP2LHt5NJqwVjSCV78/A6JzIYwN+t/zX96qHqzdiBwJ/UBpFCMtOC+pLxP2QRB/l63+hPYLQmsZmGs19U8lQ2PWsi6xrT1VyatDuVjE6weu61LbKyloZ+u3oXmpRLcXG+VU2RaS45oNzTfvMviP4i3RRXmsRN6Ra2/wZHal2GEwq2hWHUKtXIso9ihWfqxA3LZgL2D0aE9kRS0xspmi/Cn4MiSw23p3CLgXPtfrTHNZh4xTce7p/EfTdP7cu3PKwx/BR3jYl0iu
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN8PR15MB3281.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(39860400002)(376002)(346002)(366004)(396003)(451199021)(86362001)(8936002)(52536014)(38070700005)(5660300002)(41300700001)(66556008)(66476007)(64756008)(2906002)(8676002)(91956017)(122000001)(19627405001)(33656002)(54906003)(110136005)(478600001)(66446008)(83380400001)(76116006)(7696005)(4326008)(38100700002)(71200400001)(316002)(6506007)(9686003)(66946007)(55016003)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: g3812FhTnumgpx0ejMmO1gdwYhGwl4cec+aHVJCf/xwKQuGoazNyCzHICc4HuHgaAw3ibRBYUhztrcVXbNvRr9KUnPb+EJEjB30fDg7ZlGaDaFP/hYdAX0+2qcYcGkEf2O9VvGhBvXrN6dB8iDGilOJppDAZciIB+6F3J6CyfgWOY6ZRTIrFwwnXc5M1xkNYeM/CCR/Yl/fxZEvdTMsU6v5Evo+j4rnmTKX1PJcdBvwD/aH7vb1y4oJLo220LE04EtfP2qj3pZ0RQZ9MYsyj6U9fGyESZn5MbWNdSuPX5S5Y2Yj8r2mK+oiqWkMLoAoFpGBoHnWNm96Z6sipmLn/+TEKQl9pYLNCnWTlCfnOavvmP/2KHvp/Js+SoEkLZo0plLp0FiJQIe3rPwiBzJUpoVDRtP4kL3XQap7kNeOS1l/7TPQMwiEFOgWPndF05c6ABSXxzxSYqJUv7FPSCuaJrF1+UeGnAohZL5RelTP9jtDN8UGeiA83qz+DQxGnZRT55WfTGtsFkIfUbatOumqSbEDL2Q/nTKfGiEx4OI4QNrWcHBhCupLinQjimUqiEp9+WvGd81PI1XdUE/xBDdBkrzGsLwIjToFC33BdYI4qwfw24zrvE1G31Q53LQKpp9H9tYdBofv4+XfCMQ0/s+gIknIjje4tAVyGZ8VvAE8Z28LdCptsrc2h+/cdljP2OaCITFbBvZYWCRroHb83y5MD1ghK9Db+1PEcmSSkHQbVABPTUQovZVbLuuYXQ5N7IClyEUQn0qN1v45orykWV3S8HAQiiXjo12strnolPWtT3NInxrshXDnJKLVq3121XyyLmkeGZyLdqfTzvB4j8TACGgVtCKaMmZ0zikPbV9gaGyTyx/bf+Clfz6YQk14YV3iWCvhjwePnBQEAuf0EIHMHRC7cYj3xe+/0a+C2I9rQWAum09NtuYynm2qhnPNFxVAta6eewDIsdfLispinnDFoa4vlaH71tAr8L8ftmMM2Wf2A0sVioHHs3lI5VGoRUBEBZwt7h5ZaFovI3g6vk2wjVt+bbA2+vD6oXNYum0MqSLRaZK+0tT0LjOU8MpRF5E5SQPjgNfDVhnuqykyT7AJm+j3QutW2kkpcBOwy2cjZHSbAxKFxn5H+jum9di276DbvMAx4sjy8VtFz5OaBuW4Ma3/R6QTv/qeh6GwiFoXbHjMqjOLNRnJErxpB8V1JvZcGMHVdrr7rOPC2lIhq15F70g3W0KGGGVQwNFPHyI6bYWcR9VDLCNMsKw+2zuuHFV+nh+dQIjkB3Kq+w3rvsHvm1N+UZ6fvXebAfBSv1fer+Yg4ET3gWlEW/r7WDmJV/RtgileTW0Ggax3TQa+gcpHFxTTtPWlS2o5Srr7VxPhicqnAo0rVE8Uv5nTb2TOrIqM5vOM3J4ZVHKhdBnuhAFlWQRGSalZFKBp1+MAYVPB5Q5HAbhj3tudSzR/RH1o4m+mOrmf1bRS1RBbkf+45PAw+RLrgKV+bbk7F7RqKj2zhOXx241U32TAQrbJUFsl+evQWDNP0SPgSQGpw7tWsypS5zQFz3xG5VXNBzxWNReZ7nTM0RwvS8zDPFad0kKgd33BM
Content-Type: multipart/alternative; boundary="_000_BN8PR15MB3281BDC22008FF7D94076A1CB323ABN8PR15MB3281namp_"
MIME-Version: 1.0
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN8PR15MB3281.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ae307bba-0906-460a-86e6-08db7427a729
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2023 20:23:05.9751 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iw1i00PmMuclNn95XA3RyaJ4QUcEo9jXEsXbOnRB9uPDkMhor6UvTYKGNnW3U2gq
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR15MB4062
X-Proofpoint-ORIG-GUID: TVS17wYpK6oDkg253GrYKtHzELAiofgM
X-Proofpoint-GUID: TVS17wYpK6oDkg253GrYKtHzELAiofgM
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-06-23_12,2023-06-22_02,2023-05-22_02
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/BMaNY24nAm1zayZUpnQfQdS72Q4>
Subject: Re: [dns-privacy] [DNSOP] Next steps: draft-ietf-core-dns-over-coap
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jun 2023 20:23:33 -0000

I think it would be helpful if this document were more explicit about its motivation.  In my view, the underlying motivation for this draft is to enable seamless management of DNS service within a CoAP-centered deployment, by sharing key distribution, access controls, monitoring, etc.  The draft claims various performance benefits from DoC, but these are unproven and seem unlikely to be significant.
...
For our document, I think we
need at least confirmation or decline that the "coap" ALPN could be used
for DTLS, SVCB for OSCORE/EDHOC, I think is out of scope at the moment
anyways.
I'm not sure I follow, but using the same ALPN for multiple transports renders that ALPN permanently incompatible with SVCB.  I recommend keeping "coap" for TLS/TCP only, and defining a new ALPN ID for CoAP/DTLS.
Furthermore, there is still an open question, if DoC can or should be
translated at a CoAP-HTTP proxy to DoH. Namely, how the FETCH that DoC
uses should be translated into the POST/GET of DoH [3].
I don't think there is any need to specify this.  A DoC server could act as a forwarder to an upstream using DoH, DoQ, etc. in accordance with the relevant standards, without impacting its compliance as a DoC server.

However, this does resemble a concern I've previously raised: the draft does not explain why it is necessary to define a new DoC mechanism, rather than simply forwarding RFC 8484 DoH through a CoAP-HTTP proxy.

v2.23.0 | Report a Bug | By Email