Re: [dns-privacy] Review request: draft-btw-dprive-rfc8484-clarification
Neil Cook <neil.cook@noware.co.uk> Tue, 08 September 2020 11:42 UTC
Return-Path: <neil.cook@noware.co.uk>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A04F03A1085 for <dns-privacy@ietfa.amsl.com>; Tue, 8 Sep 2020 04:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.306
X-Spam-Level:
X-Spam-Status: No, score=-1.306 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=noware.co.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f6QcS6JvR4Lx for <dns-privacy@ietfa.amsl.com>; Tue, 8 Sep 2020 04:42:58 -0700 (PDT)
Received: from mail.noware.co.uk (unknown [IPv6:2604:a880:0:1010::add:2001]) by ietfa.amsl.com (Postfix) with ESMTP id 724B43A1082 for <dns-privacy@ietf.org>; Tue, 8 Sep 2020 04:42:58 -0700 (PDT)
Received: from [192.168.1.170] (unknown [109.156.119.142]) by mail.noware.co.uk (Postfix) with ESMTPSA id BE8A31DA1D2; Tue, 8 Sep 2020 11:40:25 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.noware.co.uk BE8A31DA1D2
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=noware.co.uk; s=default; t=1599565226; bh=MgcXS/W+V3qwzHeYN1n5ovJS2m33aGKb6jQBIG7pRQg=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=kn4IWrtB/Ufiz//TuJUse1ij3poQTO+0MyJq59RDoAebfy7/J6BRxhstvv5YJRs+X f6xDQcWBDVcwa51qsdZwteV3emPz9A/RYEo1UEV39qQkT2uhmzXzH3quJb30vF1M8d HALIS9Ua9HzeAxnbMjic9k/nG6Ayjt8f8aJCER9w=
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Neil Cook <neil.cook@noware.co.uk>
In-Reply-To: <d05268fc-e22d-40f7-9849-00409c59f328@www.fastmail.com>
Date: Tue, 08 Sep 2020 12:42:56 +0100
Cc: dns-privacy@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <1DDC34EA-8DF6-4B1A-B7F2-749DA4C1C506@noware.co.uk>
References: <6e071da2-4281-d525-03ba-4d6dfc843a76@innovationslab.net> <CAHbrMsB7T+5Y=2n4LfcXwyAZQSnK4x72R44_2mCDsLhh_zD9Vw@mail.gmail.com> <d05268fc-e22d-40f7-9849-00409c59f328@www.fastmail.com>
To: Martin Thomson <mt@lowentropy.net>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-VADE-SPAMSTATE: clean
X-VADE-SPAMSCORE: -100
X-VADE-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduiedrudehfedgvdejucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecupffgkffnvefqqffmnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpegtggfuhfgjfffgkfhfvffosehtqhhmtdhhtdejnecuhfhrohhmpefpvghilhcuvehoohhkuceonhgvihhlrdgtohhokhesnhhofigrrhgvrdgtohdruhhkqeenucggtffrrghtthgvrhhnpeefkeejhedtheefgfetfedugfekleetkeevhffgheeltedtueeiuefhtedtjefhjeenucfkphepuddtledrudehiedrudduledrudegvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpedutdelrdduheeirdduudelrddugedvpdhhvghloheplgduledvrdduieekrddurddujedtngdpmhgrihhlfhhrohhmpefpvghilhcuvehoohhkuceonhgvihhlrdgtohhokhesnhhofigrrhgvrdgtohdruhhkqedprhgtphhtthhopehmtheslhhofigvnhhtrhhophihrdhnvghtpdhrtghpthhtohepughnshdqphhrihhvrggthiesihgvthhfrdhorhhg
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/D7VA6WQzvCZbh5uWOXYcdIIxAbE>
Subject: Re: [dns-privacy] Review request: draft-btw-dprive-rfc8484-clarification
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 11:43:00 -0000
> On 31 Aug 2020, at 07:50, Martin Thomson <mt@lowentropy.net> wrote: > > I agree with Ben on all points (*) and would prefer to see none of the proposed amendments published. > I think a broader question is necessary in response to this statement. Do you think that RFC8484 provides enough information for DNS client and servers to implement redirection in an interoperable way? Is redirection necessary? If so do you have any other proposals for how it could be done? > (*) I think that the push qualification is not necessary, but it is not as clearly a misunderstanding as Ben suggests. It clearly limits this to configured URIs, which seems in line with original intent. > However, it likely denies access to server push in several cases, including after redirects. I’m not sure it does, however some additional language to extend “configured URIs” to include followed redirects would suffice I imagine. > > On Sat, Aug 29, 2020, at 00:41, Ben Schwartz wrote: > [...] >> The ".well-known" proposal (Section 6) does what RFC 8484 avoided >> doing: it proposes an alternative encoding of DNS records in JSON. > > I would suggest that authors join the "resolver info" beauty contest. The use of .well-known rather than (for example) a link relation is clearly inferior for the reasons Ben mentions. But I tend to think that resource records are more appropriate for this particular application, as they work in more cases. I understand the concern about encoding RRs; the glue records could be encoded as per a regular DNS response for example. However given that these are glue-style RRs, why would they need to extend beyond A and AAAA? This isn’t a general purpose proposal for encoding DNS records in JSON. I welcome alternative proposals to using .well-known. > >> The 3XX proposal (Section 7) sends DNS records in the body of a 3XX >> response. > > A client that doesn't follow a redirect isn't much use, so the question for me is whether the client gets the extra info it needs. It seems to me like clients will follow the redirect and discard any content. That would lead to the extra stuff being dropped. I would expect a DoH client to make a separate query if it needed more information to follow the redirect. > Doing followup queries is one option, however if that also leads to redirect responses, then there is a major problem. > A superior design would be to push necessary A/AAAA/CNAME records. If the client makes a query that ends up at the pushed URI, then this will save time without having to invent novel handling for HTTP messages. > The origin draft actually proposed using server push to push the necessary records. However it was taken out for various reasons, including perceived lack of support for server push in DNS clients. Neil
- [dns-privacy] Review request: draft-btw-dprive-rf… Brian Haberman
- Re: [dns-privacy] Review request: draft-btw-dpriv… Ben Schwartz
- Re: [dns-privacy] Review request: draft-btw-dpriv… Martin Thomson
- Re: [dns-privacy] Review request: draft-btw-dpriv… Neil Cook
- Re: [dns-privacy] Review request: draft-btw-dpriv… Neil Cook
- Re: [dns-privacy] Review request: draft-btw-dpriv… Ben Schwartz
- Re: [dns-privacy] Review request: draft-btw-dpriv… Neil Cook
- Re: [dns-privacy] Review request: draft-btw-dpriv… Ben Schwartz
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Winfield, Alister
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Ben Schwartz
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Winfield, Alister
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Neil Cook
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Ben Schwartz
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Neil Cook
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Konda, Tirumaleswar Reddy
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Rob Sayre
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Ben Schwartz
- Re: [dns-privacy] [EXTERNAL] Re: Review request: … Konda, Tirumaleswar Reddy