Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...

Andrew Campling <andrew.campling@419.consulting> Thu, 08 October 2020 08:32 UTC

Return-Path: <andrew.campling@419.consulting>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5543A0ECA for <dns-privacy@ietfa.amsl.com>; Thu, 8 Oct 2020 01:32:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=netorgft5189650.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m0sIsjQg_3EX for <dns-privacy@ietfa.amsl.com>; Thu, 8 Oct 2020 01:32:43 -0700 (PDT)
Received: from GBR01-CWL-obe.outbound.protection.outlook.com (mail-eopbgr110047.outbound.protection.outlook.com [40.107.11.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EFFC3A0EC9 for <dns-privacy@ietf.org>; Thu, 8 Oct 2020 01:32:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IsjK6krTgN9kbWGOLEd/J1IWrKIsK2vMS64fCnGFg4/Y9zKssV3oUFUlsZdlt3OOCpMQZjz0FmY0kAHO/mlyOCBQxN05u9geR9Vd44UKEmLEMLh/05sGQbB+e+LXGeX7tsx3Y6fb96eNXYjKfr+ZHmv+Cjd2jpxTwlAJyzk7ZIArh0gjmWV3u1aTuFpiBfuHJJWvNq/uzRUL2qh3GINNab5ztgA73q+gDGY6xV2u1ryoM28QJ19crd+hEStbcdEnzW67NeGwD7ZCgo3aJwY4X8xYeNk3Sv0zxmO/pDeFhMxyL2gXK+qOh2SFecQVpGCdMpG/epexGuxeLCikpiPfWA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tclWvbD4I7EasCAoJBTfYDeIHXzzcsD+9XJdq6Sbny4=; b=HufTdbu2Pza+IGWGyNyyEUFapuyLL2ZlF5C31h9fgyb3v2PtNJ9MvhxxfcwgOG6T4M0kXpdpwZbMT8wjwd4MSs1FTvThwDYpuFqS9kgoBc6xIr9JnMRrYYqFSklMRH8t6Rx5F9ezGdEAxAAZ/ZFotzoiKAuLc1ECJorbXSjsIHezcq6qn2RPXwEAgXnQCoGhcOElRvAblB/1uLPPesj6+xzLghpAVq7N33wa7clY++ywnH+KYlx1GQuuQznxuM1LP8eKoElZJ+jUpgtE6BWNiLnyO8tqAAnkeSVGpTYifdZ8f7d3IjcgMJPyn755+0jpNE4k3MneeU9aoCxcTAaFbw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=419.consulting; dmarc=pass action=none header.from=419.consulting; dkim=pass header.d=419.consulting; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT5189650.onmicrosoft.com; s=selector1-NETORGFT5189650-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tclWvbD4I7EasCAoJBTfYDeIHXzzcsD+9XJdq6Sbny4=; b=MP/Eidfwbb+PIZDiSrT1oqf3A2Ug8FVgMzHfPJE5UW+Y5wY81BYOfdFsQFfNfOkB1eqSYpNj8QqjinH7EmRstVwX0aCmnvK2K8qHKQiM3a04pS2cDKIX73ebsveUqe2sHhpnKKmKITlrJrWt8AgMF7e3UPFbNVaVCeI9edaeWX8=
Received: from LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:71::15) by LO2P265MB2430.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:129::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3455.23; Thu, 8 Oct 2020 08:32:40 +0000
Received: from LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM ([fe80::91fb:af23:a084:10cf]) by LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM ([fe80::91fb:af23:a084:10cf%7]) with mapi id 15.20.3433.045; Thu, 8 Oct 2020 08:32:40 +0000
From: Andrew Campling <andrew.campling@419.consulting>
To: "Vinny Parla (vparla)" <vparla@cisco.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, James <james.ietf@gmail.com>
CC: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...
Thread-Index: AdabLJ2GPjqR+/akTMiZMRHmFMQKNKmNX+pg
Date: Thu, 8 Oct 2020 08:32:40 +0000
Message-ID: <LO2P265MB0573F65FD0DC18B528FD3282C20B0@LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM>
References: <MN2PR11MB47604813E0DC2DDA0E297A36D80C0@MN2PR11MB4760.namprd11.prod.outlook.com> <CAO+dDxn1J2bOz1b8iPKbUnYLTFhSLJRhx9Od5hAHpP3TSkp7yQ@mail.gmail.com> <C276A52C-DCBA-4920-95E1-FAF2D3881D0B@apple.com> <MN2PR11MB476044BA6BD5D47C8088D434D80A0@MN2PR11MB4760.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB476044BA6BD5D47C8088D434D80A0@MN2PR11MB4760.namprd11.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=419.consulting;
x-originating-ip: [81.141.77.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e2e5e9e4-b7cd-4167-95e3-08d86b64b84d
x-ms-traffictypediagnostic: LO2P265MB2430:
x-microsoft-antispam-prvs: <LO2P265MB24300B666CBE91BE6270B3F2C20B0@LO2P265MB2430.GBRP265.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: c8v2TPh0Ra7E4FRJMOd2wBjCJvbMbBxrfiSBT4U8B5SodMGPeolzsQd5IqCj1v21DYLSsCbuMbCY/CZsy0cpgRda1Al6UOstclt7KORzBRB796NHIZuGOw6K2ggbxyl48iJ77V6yIZBcbo/L5yA1dviwexEpeaGUh/lB7eZJ+i4Y/rCtfEj4zjeFicXjvReXxs6dxpQnGWzlytCftR4gyMBhke0b0PHlNJinPJ83AlziPQM7l6F8W/jY3zAZjH9syFO91bveWJteFJ8O8KeO/ZQVq2Mg8QqsjpwNX8Tlna/ZySHq+iLQ11ABnKt6Wikg3U8CHWNPO6LgIOYt6V5PAMRiDQlw4OUO9hk1ME8lvkBLfwGOexlP/7zIbwyuy2uKlz2BkXU6KgiXCBdgBXUgukmLGDnRWFBPPr70/xUkZHbTVOuShT0mKFHhXQ2erHM2IVfB66FxkxDEjZ35RPeLDA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(396003)(376002)(39830400003)(346002)(136003)(8676002)(55016002)(83380400001)(7696005)(83080400001)(66574015)(110136005)(166002)(33656002)(9686003)(53546011)(66946007)(26005)(478600001)(52536014)(71200400001)(5660300002)(4326008)(44832011)(66556008)(6506007)(86362001)(186003)(76116006)(66476007)(316002)(66446008)(966005)(64756008)(8936002)(2906002)(46492008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ZsPpRnarJD8/g2b78Xa34YE1WdqbEU/wQxE98oCTAwmYRDTlDpTbMu5I7xWlk5l9vJtAiqxLZCF3BWb79dkGLTjt6wPtyKpzb8sAy03Znzao7UQ+AeWPy01Alr3aTR88zomP2zra0UcMhK1P1g+Xey+taePhJRGXLW1NAEt9FbZX79dKVQNO66a6FwQiKyLyCejfi5/2p/h4J5aGTJjUeBuz/ew7JxKO6D8TeHvZMN89cXLjd4ufA/Kw1bXxU4YKZPlGN1x2DRRvEk98yxrkZtjMsQy9GrdnVhnZaUeFPYoLs44KjEDNcwugXsXEv3D8CJ5ymVnStvB9XFs7g+4bwl4z3ZEImHj8D0QkV4MfN9399G34v1RqSi7z5Kd5Cml1HG/uol0nAoTM/PVnZ1qkW7qcpmj0vNc6eQ1kLpMeqSjIyWA53Kau4leHOXFUtN+EQI4CibNMy7HNsjepQ/01Etf3UMFKL4bTGUzBFCF5wSmFVi2p030DEHVeSE19XPOl4ICvkCUcExR9Whfhttb7jKshs0fnoES8nTmP8K3+t0gP0cm999abdmYAAe/MZcoWh7aKrffs4EAy2r0WUZt+4K67CzBsKbDXwM90L97yuvM+Bth0ODq2MZCmb7rvdnHCNG+BLy4zcRCZEfLJoaljjQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_LO2P265MB0573F65FD0DC18B528FD3282C20B0LO2P265MB0573GBRP_"
MIME-Version: 1.0
X-OriginatorOrg: 419.consulting
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: LO2P265MB0573.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: e2e5e9e4-b7cd-4167-95e3-08d86b64b84d
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Oct 2020 08:32:40.4809 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 9c2ced3e-7522-4755-87dc-f983abc66ec3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hgQyG6rEUUU5FolzR+UYxYv2NNAc0N/LuUQXgUOVDnyunOfmcjBsKdZUnZDqFta3mW8I4yZRqdP2y1BcHdrrCEV22ZHs5AcdPNiJFTL5tjI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO2P265MB2430
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/HAZNDG_BEOBQoBZsb0T1B3trgOI>
Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2020 08:32:45 -0000

Important though browsers are for some, DNS is an Internet protocol and needs to work for a wide range of devices and clients.  Mandating its absorption into a multiplexed stream via HTTP/3 seems unnecessary, irrespective of the potential performance gains and other possible benefits for web clients.

Andrew

From: Vinny Parla (vparla) <vparla@cisco.com>
Sent: 07 October 2020 15:40
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>rg>; James <james.ietf@gmail.com>
Cc: dns-privacy@ietf.org
Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...

Hi,

What I am driving at in my original question is do we envision mixing Content and DNS together in a multiplexed session or will DNS continue to be an entirely independent channel (whether over HTTP/2 /3 Do53 DoQ DoH).

-Vinny

From: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org<mailto:tpauly=40apple.com@dmarc.ietf.org>>
Sent: Wednesday, October 7, 2020 9:23 AM
To: James <james.ietf@gmail.com<mailto:james.ietf@gmail.com>>
Cc: Vinny Parla (vparla) <vparla@cisco.com<mailto:vparla@cisco.com>>; dns-privacy@ietf.org<mailto:dns-privacy@ietf.org>
Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...

Can you cite this claim about DNS over HTTP/3? The per-query cost once an HTTP/3 connection is established should be minimal. If you’re taking into account all setup overhead for an HTTPS connection as a “per query” cost, that’s not representative of how DoH is reasonably used (and would be a issue with existing DoH).

Thanks,
Tommy

On Oct 6, 2020, at 2:03 PM, James <james.ietf@gmail.com<mailto:james.ietf@gmail.com>> wrote:

My most recent observations of discussions around DNS over QUIC and HTTP/3 was that some folks had attempted DNS over HTTP/3, however the overheads (~14KiB for a query at worst-case) made it impractical and infeasible. With regards to DNS over QUIC, the current dprive working group adopted draft [1] is focusing on stub to recursive, but not necessarily as a multiplex with an existing QUIC connection.

- J

1: https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-00

On Mon, 5 Oct 2020 at 17:31, Vinny Parla (vparla) <vparla=40cisco.com@dmarc.ietf.org<mailto:40cisco.com@dmarc.ietf.org>> wrote:
Hi,

It was suggested that I ask this question on the 3 lists:

Now that QUIC & HTTP/3 is imminent…

I would like to know what the opinion is of the community on the long term view of DNS.
Would DNS remain an independent channel or would it be subsumed in a multiplexed stream via HTTP/3 in some future version?

For example, would a browser perform DNS queries over a QUIC multiplexed session?
 (e.g. similar to how today an http proxy can perform DNS queries on behalf of the client using that proxy)

Would love to hear from implementors what their long term view is of this in particular.

Thanks,

-Vinny

_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org<mailto:dns-privacy@ietf.org>
https://www.ietf.org/mailman/listinfo/dns-privacy
_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org<mailto:dns-privacy@ietf.org>
https://www.ietf.org/mailman/listinfo/dns-privacy