IETF Logo Mail Archive

Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...

"Vinny Parla (vparla)" <vparla@cisco.com> Wed, 07 October 2020 16:13 UTC

Return-Path: <vparla@cisco.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92F3C3A0A9E for <dns-privacy@ietfa.amsl.com>; Wed, 7 Oct 2020 09:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=gT+wnust; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=iDxBVKrC
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 50UVPYXoYKC5 for <dns-privacy@ietfa.amsl.com>; Wed, 7 Oct 2020 09:13:11 -0700 (PDT)
Received: from alln-iport-1.cisco.com (alln-iport-1.cisco.com [173.37.142.88]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 073D93A09F6 for <dns-privacy@ietf.org>; Wed, 7 Oct 2020 09:13:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=25419; q=dns/txt; s=iport; t=1602087191; x=1603296791; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=8nOyBM84yh2in4FRsPFko+8PU9bmDEfr+VqVshqrLpk=; b=gT+wnustm91W9Le4E74GJEr5LFhq1wtbWouM7kO/N2xGiOFebpBMr8BN Z3qajONuT7gUdAeMm4dM+i4Dd0TOz7bxKaLSTx5aei3dVauzM+/e6Rnod cEJQzwl9J9nNYbXLC/IecnpDn9A0vkpPy39GBL/+WE4c14tHUD6/oCKim w=;
X-Files: smime.p7s : 3980
IronPort-PHdr: 9a23:7Qxn4heE7B6+15QVQawStrUKlGMj4e+mNxMJ6pchl7NFe7ii+JKnJkHE+PFxlwaTAdfX7vtegKzXvrzuH2sa7sXJvHMDdclKUBkIwYUTkhc7CcGIQUv8MLbxbiM8EcgDMT0t/3yyPUVPXsqrYVrUry6+6DcIEVP+OBZ7YOPvFd2ag8G+zevn/ZrVbk1Bjya8ZrUnKhKwoE3Ru8AajJEkJLw2z07Co2BDfKJdwmY7KA==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DECQB/6H1f/4cNJK1gHgEBCxIMgzIvIy4HcCwtLyyEPYNGA41zihGOaoFCgREDVQQHAQEBCgMBARgBCgoCBAEBhEoCggcCJTgTAgMBAQsBAQUBAQECAQYEbYVcDIVyAQEBAQMBARARChMBASUHCwEPAgEIEAEEAQEWEgMCAgIfBgsUCQgBAQQOBQgGBg6DBYF+TQMfDwEOnkUCgTmIYXaBMoMBAQEFgTcCg2MNC4IJBwMGgTiBU4Efg2uBBoVQG4FBP4ERQ4JNPoIaQgEBAgGBFS8aKwkJglgzgi2QU4IzPZMFkAo4UgqCaIRLgl+BVoZahgKFLaEtngqCa5JAAgQCBAUCDgEBBYFrIyqBLXAVO4JpUBcCDY4fg3GFFIVCdAI1AgYBCQEBAwl8jUwBAQ
X-IronPort-AV: E=Sophos;i="5.77,347,1596499200"; d="p7s'?scan'208,217";a="556294223"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 07 Oct 2020 16:13:09 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 097GD9c5026093 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 7 Oct 2020 16:13:09 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 7 Oct 2020 11:13:09 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 7 Oct 2020 11:13:08 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 7 Oct 2020 11:13:08 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=X5b86K1fxBa/4ljnuEk0HSxfAfdRc6N1xb+7Efi+iFO+KbO2fRMTkiLVZND7Ke0I3S2tBbSbk9mnDeZ5wOPSxfw3WIo059QxKgrzzxwYbT90PY02c4KTLJuAVm9a9M0/oTZsOrwFKOw1KljvK7e3Rd5ZQ+uMBEHTmvF8nYznvtQQiX6mXE6gfyyPHzkfvuyoBGRtI9gp9L8spvai9XG1l7NvfWcZDDU+twldcJksksufH5KI1SUdHOd0kCqvhjbICjOPS/Fye0YDdhrEC1BvGqkvimaqcEHcjKED5U8Aq9pNOAtPLCHpqPsy7EBLFZAvSzN0PGs28/lm4pHtphCN8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tnhEBkdWKjGmTFovOa8tEbVgtcjj4z8hXap5ISJdB2Q=; b=nm8HRhC/4+Qi4mQkVPf4DhBjNNxuKWfVQ6Lz4H2VBe7fFYCWYpM3rRwBcp4AzzAZ1HLtyWEAp4nnTyG5B9ejeyBO/ACW3yZ21vFyV+Lsk+5k2XmKSJVhV1XtpHnSpAqJtG9iqR6uvpYvAgAMLELkVyORN/eHX1gV30sJ35x3yS7kkdeO2rx+VNvrxG4253UDuqYSZCT6UVpl4wDlF7GH6Av1p/JrmBex9dBNGXLWYCvU/JszuJ1RU7O/mWfxOtajGIO8L8UbfpoAw1BbM09VPqc+sXCsqYOT/R16dCM8Jz9HHSkc0fiLxilRk9We9xVL9ISeDZL087pi4Od9fg5lhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tnhEBkdWKjGmTFovOa8tEbVgtcjj4z8hXap5ISJdB2Q=; b=iDxBVKrCBo9rtfKBqbLqlJHN8SXYEaDSX0C9bB1EmAeiX/oTiq6yXmsVxsLFnUQlVw3oREN1g08+w8Fq0oSg+YSb1HlRwOmQAvCxYgZGzFW+JfPOZQB/QdrJUBw2lw1VnZltA155KDCeBs6E5U5mqSAi95uX/G+tHxDKxLNV8Qs=
Received: from MN2PR11MB4760.namprd11.prod.outlook.com (2603:10b6:208:266::22) by MN2PR11MB4742.namprd11.prod.outlook.com (2603:10b6:208:26b::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.37; Wed, 7 Oct 2020 16:13:07 +0000
Received: from MN2PR11MB4760.namprd11.prod.outlook.com ([fe80::98b:4104:2283:868]) by MN2PR11MB4760.namprd11.prod.outlook.com ([fe80::98b:4104:2283:868%8]) with mapi id 15.20.3433.046; Wed, 7 Oct 2020 16:13:07 +0000
From: "Vinny Parla (vparla)" <vparla@cisco.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
CC: James <james.ietf@gmail.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...
Thread-Index: AdabLJ2GPjqR+/akTMiZMRHmFMQKNAA94NwAACIy4oAAApqMsAAB5VCAAAEliGA=
Date: Wed, 07 Oct 2020 16:13:07 +0000
Message-ID: <MN2PR11MB476010B75136136F3EA05BE3D80A0@MN2PR11MB4760.namprd11.prod.outlook.com>
References: <MN2PR11MB47604813E0DC2DDA0E297A36D80C0@MN2PR11MB4760.namprd11.prod.outlook.com> <CAO+dDxn1J2bOz1b8iPKbUnYLTFhSLJRhx9Od5hAHpP3TSkp7yQ@mail.gmail.com> <C276A52C-DCBA-4920-95E1-FAF2D3881D0B@apple.com> <MN2PR11MB476044BA6BD5D47C8088D434D80A0@MN2PR11MB4760.namprd11.prod.outlook.com> <F0B35F84-E3F8-44B2-9A06-FDF2C725229E@apple.com>
In-Reply-To: <F0B35F84-E3F8-44B2-9A06-FDF2C725229E@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2601:188:c400:bde0:ac11:9b50:e177:3e82]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b5073e4f-3714-4345-a9ed-08d86adbe10b
x-ms-traffictypediagnostic: MN2PR11MB4742:
x-microsoft-antispam-prvs: <MN2PR11MB4742EC9EF46C6EA3486430A7D80A0@MN2PR11MB4742.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /kP0yhGE+P0jJ2oaxiUZUXOXB7sf41WBni/Drkw0OXZd4U6kMsP8Ya4ZEhhoaLUD9lR4EJum2fhy9WuqtUELIGO6SOjM/ppnsWSETFn5gioIEoB6jKUPejMHogMdomCQxfxM1XGw1+v7F3e5q7vgBalsVBTLHRBi2G0MJJDpKtQQBv6wnLbFjyh1LXk9bqRIMh/kMtnyGiL7YNGfF2kd6bzheWgkUViPLJiqg/wt4qBLPsDkD3caqa4X4bbIfnwJeRfyZI6DfTZmXHOuyJlS3bM2hc/F87Q3vq541bz6qdxS4T8o/ul9W2SmSBl9JJy2Ha8VoTsNKj3L95gP6Yk/0ls98hDIXHghVrVEv9emiPLgT9WcMYbHhGHxifDiLubPMhzjFSSzGscVDRR6acol6w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4760.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(366004)(39860400002)(396003)(376002)(346002)(71200400001)(33656002)(52536014)(186003)(99936003)(5660300002)(8936002)(9326002)(966005)(166002)(55016002)(83380400001)(66946007)(66616009)(83080400001)(64756008)(7696005)(66446008)(478600001)(6506007)(2906002)(76116006)(9686003)(86362001)(53546011)(8676002)(66574015)(66476007)(316002)(4326008)(54906003)(66556008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 74rfFFn9yTzw4HwY4j21yoV0poZd1Lh9a/ogAhPktDufT5PbB/exp369HxiDcbOOedYkrTZG1PynlTaiMBHf0NgBz93wPT3MFDag1Za92H/PEdJOdHrrar+p+jSs43kCx4x2Cx+UKquNDTeCHXO5xJEJ4NNW3iCmJ21LMPbKFlZWLXG1Aa4pJWItSm2WmTbwGxEVh3/a5F6kJrGrDQwqmCiFdNVu12nZj473ClZvFTs3sZY3i4exu+0Wgpb09TiGJInDIwAJPi63JOPP7ptYPGMC1C9bjudfEwsChDMxDIviacXEIycT0rgDlNmTROOi8v+ybxarDCa2Vf9ziv/JSDwZXU5VlpxZVfhH4+XXxgyGd5stJMRMB5y3SHPFI3puxHe2bUNHE/Cm4IhK3N7+dXq0IEFKDM7eJCLb/1PEEiQjdNTBambAYgLrj8c3+pcp1McRXds57wLSqgwnrjIIhYDxPwAYagOc5ogUUxgNwPFD5qwySuIVsWF6nAm4I8k3CPh5X7cyzMvrnZC/MtnoGXKMMiVp+IaMxXop19DsqS/NRuvmLGQlR3AaW5SslMSeGiVvnP7H0/ynWjfamyPMf5+QAJgdSJdvcrGnPdWyBS49IKlB7bLGYWKgdnGBXRatBxQ6SzvubFjamb3i4v+BgI16/FJJ2oYf4JM1sxMXazR68r4f6p1WrkvAcyHIn32Y7DlqPHM67+1eo6kq5PKaig==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_00B9_01D69CA3.365CC4E0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4760.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b5073e4f-3714-4345-a9ed-08d86adbe10b
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Oct 2020 16:13:07.8248 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LH9Rz1b7SIH5mPA9Iq9AEE+nHDHk6GSln+5Cou843bivhYnMnLKdSbijqTDDr64u0d6cTpZoj8SLWEyPxUcnWg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4742
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: alln-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/PJNzojJ3GMmZbQpECexpzMD4t-E>
Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 16:13:15 -0000

Hi Tommy,

Thanks for the response.

 

Would you envision the iOS / macOS implementation following the current model - long term - of keeping DNS as an OS resolver function and hence independent?

 

I concur that applications like Browsers can multiplex this today with Content.  

So the question for those implementors is would they do so in practice or continue to keep DNS as an independent channel altogether.

 

-Vinny

 

From: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> 
Sent: Wednesday, October 7, 2020 11:31 AM
To: Vinny Parla (vparla) <vparla@cisco.com>
Cc: James <james.ietf@gmail.com>; dns-privacy@ietf.org
Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...

 

DoH is designed to be multiplexed with other HTTP requests. This is already possible with HTTP/2, and HTTP/3 carries on that ability. In order to take advantage of multiplexing, even with QUIC, you need some application-layer awareness of the content of the streams, which is why this is more practical with DoH than DoQ.

 

I’m not sure how prevalent the multiplexing is today. For example, in our system implementation on iOS/macOS, DoH connections are made by the system DNS daemon and thus are not easy to multiplex with requests. However, that’s just one model, and there are certainly cases where the application would know it could multiplex a priori (and thus do DoH in the application), or could recognize that DNS results point to the same address as the DoH server, and start multiplexing after the fact.

 

Thanks,

Tommy





On Oct 7, 2020, at 7:39 AM, Vinny Parla (vparla) <vparla=40cisco.com@dmarc.ietf.org <mailto:vparla=40cisco.com@dmarc.ietf.org> > wrote:

 

Hi,

 

What I am driving at in my original question is do we envision mixing Content and DNS together in a multiplexed session or will DNS continue to be an entirely independent channel (whether over HTTP/2 /3 Do53 DoQ DoH).

 

-Vinny

 

From: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org <mailto:tpauly=40apple.com@dmarc.ietf.org> > 
Sent: Wednesday, October 7, 2020 9:23 AM
To: James <james.ietf@gmail.com <mailto:james.ietf@gmail.com> >
Cc: Vinny Parla (vparla) <vparla@cisco.com <mailto:vparla@cisco.com> >; dns-privacy@ietf.org <mailto:dns-privacy@ietf.org> 
Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...

 

Can you cite this claim about DNS over HTTP/3? The per-query cost once an HTTP/3 connection is established should be minimal. If you’re taking into account all setup overhead for an HTTPS connection as a “per query” cost, that’s not representative of how DoH is reasonably used (and would be a issue with existing DoH).

 

Thanks,

Tommy






On Oct 6, 2020, at 2:03 PM, James <james.ietf@gmail.com <mailto:james.ietf@gmail.com> > wrote:

 

My most recent observations of discussions around DNS over QUIC and HTTP/3 was that some folks had attempted DNS over HTTP/3, however the overheads (~14KiB for a query at worst-case) made it impractical and infeasible. With regards to DNS over QUIC, the current dprive working group adopted draft [1] is focusing on stub to recursive, but not necessarily as a multiplex with an existing QUIC connection.

 

- J

 

1:  <https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-00> https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-00

 

On Mon, 5 Oct 2020 at 17:31, Vinny Parla (vparla) <vparla= <mailto:40cisco.com@dmarc.ietf.org> 40cisco.com@dmarc.ietf.org> wrote:

Hi,

 

It was suggested that I ask this question on the 3 lists:

 

Now that QUIC & HTTP/3 is imminent…

 

I would like to know what the opinion is of the community on the long term view of DNS.  

Would DNS remain an independent channel or would it be subsumed in a multiplexed stream via HTTP/3 in some future version?

 

For example, would a browser perform DNS queries over a QUIC multiplexed session?

 (e.g. similar to how today an http proxy can perform DNS queries on behalf of the client using that proxy) 

 

Would love to hear from implementors what their long term view is of this in particular.

 

Thanks,

 

-Vinny

 

_______________________________________________
dns-privacy mailing list
 <mailto:dns-privacy@ietf.org> dns-privacy@ietf.org
 <https://www.ietf.org/mailman/listinfo/dns-privacy> https://www.ietf.org/mailman/listinfo/dns-privacy

_______________________________________________
dns-privacy mailing list
 <mailto:dns-privacy@ietf.org> dns-privacy@ietf.org
 <https://www.ietf.org/mailman/listinfo/dns-privacy> https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email