Re: [dns-privacy] Robert Wilton's No Objection on draft-ietf-dprive-dnsoquic-10: (with COMMENT)
Sara Dickinson <sara@sinodun.com> Tue, 22 March 2022 09:38 UTC
Return-Path: <sara@sinodun.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E62C3A0E5A; Tue, 22 Mar 2022 02:38:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dIQJBdZfhZPA; Tue, 22 Mar 2022 02:38:42 -0700 (PDT)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 673283A0D51; Tue, 22 Mar 2022 02:38:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=mythic-beasts-k1; h=To:Date:From:Subject; bh=ob94BvN7oGRCQGMYkqOR5z7/EGJ7h5cfY+lM2HsFt2U=; b=nj3jK5SQg2M5UrEEsAUlNWqnS1 Ro9RE9o9yHKjxaI7xfN1CrigKEUoGwueG3BxLoQAHNF0BjrpR3u26bDARMMx78qESXf8xR/KYprJV RrpOMVbGUdsvMo7oQUcgE4XlJNYi0V3la+vwSlvcuwC5KRmY6B3qkHiJTq2TqMRq806HW29qhZux8 DbAAAnBDYW7r2tC8Q63KSfTt62TQ6NW2VIpARvmQo8HLJARdWt8/pdWHSrwlnMTuOLAoLTfcqo8rP 9/6yi1TpGiwooe/p0YCtEe20DdYd/ch7ocnJD0P5+M0xT7ps5GXyB5U/yVxMoxVLw7cWD2QwbhrLF DKJX/kVw==;
Received: from 82-68-3-134.dsl.in-addr.zen.co.uk ([82.68.3.134]:19004 helo=smtpclient.apple) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <sara@sinodun.com>) id 1nWayI-0005yF-HA; Tue, 22 Mar 2022 09:38:34 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sara Dickinson <sara@sinodun.com>
In-Reply-To: <164665595989.10739.15935148817807684255@ietfa.amsl.com>
Date: Tue, 22 Mar 2022 09:38:29 +0000
Cc: The IESG <iesg@ietf.org>, draft-ietf-dprive-dnsoquic@ietf.org, dprive-chairs@ietf.org, dns-privacy@ietf.org, brian@innovationslab.net
Content-Transfer-Encoding: quoted-printable
Message-Id: <7691C2E1-DA49-4E98-A7D7-69712FBB5DC7@sinodun.com>
References: <164665595989.10739.15935148817807684255@ietfa.amsl.com>
To: Robert Wilton <rwilton@cisco.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/KpB0XatP2KHYn-iseLJFmkVHrOo>
Subject: Re: [dns-privacy] Robert Wilton's No Objection on draft-ietf-dprive-dnsoquic-10: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 09:38:56 -0000
> On 7 Mar 2022, at 12:25, Robert Wilton via Datatracker <noreply@ietf.org> wrote: > > Robert Wilton has entered the following ballot position for > draft-ietf-dprive-dnsoquic-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsoquic/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- Hi Rob, Many thanks for the comments - please see the updates in version -11 which was just published, which we hope address your comments. > > Hi, > > Thanks for this doc. It looks like DNS and QUIC could be a good fit. Just a > few minor comments/questions. > > In QUIC, sending STOP_SENDING requests that a peer cease transmission > on a stream. If a DoQ client wishes to cancel an outstanding > request, it MUST issue a QUIC STOP_SENDING with error code > DOQ_REQUEST_CANCELLED. This may be sent at any time but will be > ignored if the server response has already been acknowledged. The > corresponding DNS transaction MUST be abandoned. > > I presume that there is no requirement that the DNS transaction be immediately > abandoned. E.g., if a server already has a reply queued for sending, then it > is still reasonable to send that response? We’ve added text here to clarify: “ Servers SHOULD NOT continue processing a DNS transaction if they receive a STOP_SENDING." > > Because new error codes can be defined without negotiation, use of an > error code in an unexpected context or receipt of an unknown error > code MUST be treated as equivalent to DOQ_NO_ERROR. > > I find DOQ_NO_ERROR to be a strange name for an error code because I would > naturally assume that DOQ_NO_ERROR is equivalent to "success", but that doesn't > seem to be the intention here. In particular, I find it strange to treat an > unknown error equivalently to DOQ_NO_ERROR. I'm not saying that the behaviour > is wrong, only that the naming is slightly strange/confusing. It’s a good point - we’ve added a new error code DOQ_UNSPECIFIED_ERROR to be used specifically for the case you picked out (instead of the DOQ_NO_ERROR) to avoid this confusion. > > In theory, padding at the QUIC level could result in better > performance for the equivalent protection > > As a nit, I didn't find "QUIC level" to be particularly clear, and hence I was > wondering whether this could be clarified. E.g., is this at the QUIC protocol > level, or QUIC packet level. We’ve updated this to `QUIC packet level` > > 10.4. DNS over QUIC Error Codes Registry > Registrations in this registry MUST include the following fields: > > This lists various fields that MUST be included, but doesn't specify values for > the initially assigned values in the table. Thanks for picking this up! The changes in -11 re-work that section so it is now hopefully consistent. Best regards Sara.
- [dns-privacy] Robert Wilton's No Objection on dra… Robert Wilton via Datatracker
- Re: [dns-privacy] Robert Wilton's No Objection on… Sara Dickinson