Re: [dns-privacy] [Technical Errata Reported] RFC9250 (7883)
Allison Mankin <allison.mankin@gmail.com> Fri, 05 April 2024 17:01 UTC
Return-Path: <allison.mankin@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70E99C151995 for <dns-privacy@ietfa.amsl.com>; Fri, 5 Apr 2024 10:01:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JST8CwOi6Mr7 for <dns-privacy@ietfa.amsl.com>; Fri, 5 Apr 2024 10:00:58 -0700 (PDT)
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAE7CC151553 for <dns-privacy@ietf.org>; Fri, 5 Apr 2024 10:00:58 -0700 (PDT)
Received: by mail-qt1-x836.google.com with SMTP id d75a77b69052e-43448ff9be3so14298481cf.0 for <dns-privacy@ietf.org>; Fri, 05 Apr 2024 10:00:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712336457; x=1712941257; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=SCDluZjidh8UW3u4DeUw72vCEcslBO/CXWM36Va6gSs=; b=iIG9gJW8Ma2r5ESHcnO1L3lXw/GJFe4/SmV3RreK2WsdLn1rNEB9fO9iVBW/UBKkTe Zovlul11i6cqrKntn4XTIJm9icekrRgiHjHQh3PXbpTjsd35YPDVarbuHzpDGIb15UHh 9s1IzONVqK7Grz5f56XCPOyzIUu77zpq0hwsb89XQimddkUF5+BlWKFVAZmQu+41353a RoPHFCvAK+PrMA86uJU2RbAJd/sr4/uEY6bJadkGhkAPq9qa/w69VKhbByDza+Y4hUrM BAR+OCmtd00ImKMlV/8XYtxlvEXHU6H8QitSkNwm7msM42Sz9/Bx5+l+RG68Nvq6k4Qz gPIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712336457; x=1712941257; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SCDluZjidh8UW3u4DeUw72vCEcslBO/CXWM36Va6gSs=; b=u57ZwnBhVpQZid59ojZBZl5Tx4SZR1V+a/PWrO7d2f7Nuk82dXuEbVOGZ5otO7EkKH mgJbB+WKGDZ1MtTBHPuQaW1ri8UGI2GsaaJ6/pjHQg2qk4zKmGk1v4imn3o/uSHu0zbX koJPIcCyEsuqKeOiiIC2U5QbMvaZVTxDWOT8E1PtxzdblEFvlZkQToSxN/pZQwr7gDyr 0cri58dnuHwrIFjPM9DgJVlAZOogMmGawJ0T73V/L0yBdo40ltahoHIbO1cqoK4JQAQp S1NHtDdTJYhYJwNtMZO+0sO8X1YFnkZT+SoRKQYwZ24L0eHOXGHeeThM7eCQcwf7mDxK poNg==
X-Forwarded-Encrypted: i=1; AJvYcCU+A3moEO6ZG3X53fl5AtgKBFsg3H18QJcZNeQGOmzrH+BJ36dOliil0Ld+D+DxiVaPkIxZYjh5QdT1gNswRdXfW0MQng==
X-Gm-Message-State: AOJu0Yxrnx81emJZQKqN/g/404cQ6N5YuFOcM+XnI4CdY1oaGc6fw0+X NQ0rBFwDCBtyAPSJtz2PxT8t/VRqRM0a/1b9I2PzVyEB+UbhPujOMF6hr5rYgcBdYu3qt7m5ZcO DytBXiQw5U/H+p4AiITifh6NTFFo=
X-Google-Smtp-Source: AGHT+IHy3X2HMlx4i4k3kV9x7rWpDggaTQ1joplKAZkKJ3W5i3hJj311c7YeUkJeNXisOZbwDwxFSZjdofIy9koYbfc=
X-Received: by 2002:a05:622a:24a:b0:432:e754:5be5 with SMTP id c10-20020a05622a024a00b00432e7545be5mr1926555qtx.46.1712336457155; Fri, 05 Apr 2024 10:00:57 -0700 (PDT)
MIME-Version: 1.0
References: <20240405013857.7736ACE3DB@rfcpa.amsl.com> <219E0363-AE24-43F1-8829-9562524954B5@sinodun.com>
In-Reply-To: <219E0363-AE24-43F1-8829-9562524954B5@sinodun.com>
From: Allison Mankin <allison.mankin@gmail.com>
Date: Fri, 05 Apr 2024 13:00:45 -0400
Message-ID: <CAP8yD=tKTXx9VTwbsU8wYsE8MYDQz4HrL_bJh1ohkqAO7_G26A@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: Christian Huitema <huitema@huitema.net>, RFC Errata System <rfc-editor@rfc-editor.org>, brian@innovationslab.net, dns-privacy@ietf.org, ek.ietf@gmail.com, evyncke@cisco.com, lyra@omg.lol, tjw.ietf@gmail.com
Content-Type: multipart/alternative; boundary="00000000000043d5b206155c6697"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/RPrIVgOqUu9bPGK4-0wXCRlStWA>
Subject: Re: [dns-privacy] [Technical Errata Reported] RFC9250 (7883)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 17:01:03 -0000
I agrée with Sara and I think even if we had some reason for the inconsistency in the past, making both sections say MUST and be consistent is appropriate. On Fri, Apr 5, 2024 at 12:27 Sara Dickinson <sara@sinodun.com> wrote: > I agree with the errata - I believe this was an oversight in this PR: > https://github.com/huitema/dnsoquic/pull/132/files that was created in > response to review from the WG > > - it changed SHOULD -> MUST in section 5.4 but > - it did not update the SHOULD in section 7.5 to be consistent at the same > time. > > I don’t see any discussion about this mismatch on the mailing list > although I may have missed it (I only see support that padding was a MUST) > - I think it just went unnoticed. However since the two sections reference > each other, and only each other, then I agree they should be consistent as > the errata proposes. > > Sara. > > > > On 5 Apr 2024, at 02:38, RFC Errata System <rfc-editor@rfc-editor.org> > wrote: > > > > The following errata report has been submitted for RFC9250, > > "DNS over Dedicated QUIC Connections". > > > > -------------------------------------- > > You may review the report below and at: > > https://www.rfc-editor.org/errata/eid7883 > > > > -------------------------------------- > > Type: Technical > > Reported by: Lyra Naeseth <lyra@omg.lol> > > > > Section: 7.5 > > > > Original Text > > ------------- > > Implementations SHOULD use the mechanisms defined in Section 5.4 to > > mitigate this attack. > > > > Corrected Text > > -------------- > > Implementations MUST use the padding mechanisms defined in Section 5.4 > > to mitigate this attack. > > > > Notes > > ----- > > Section 5.4 states that "[i]mplementations MUST protect against the > traffic analysis attacks described in Section 7.5", but Section 7.5 > describes that obligation as a "SHOULD". "MUST" is correct, and the > inconsistent "SHOULD" in Section 7.5 is an error. > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". (If it is spam, it > > will be removed shortly by the RFC Production Center.) Please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party > > will log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC9250 (draft-ietf-dprive-dnsoquic-12) > > -------------------------------------- > > Title : DNS over Dedicated QUIC Connections > > Publication Date : May 2022 > > Author(s) : C. Huitema, S. Dickinson, A. Mankin > > Category : PROPOSED STANDARD > > Source : DNS PRIVate Exchange > > Stream : IETF > > Verifying Party : IESG > >
- Re: [dns-privacy] [Technical Errata Reported] RFC… Sara Dickinson
- Re: [dns-privacy] [Technical Errata Reported] RFC… Christian Huitema
- Re: [dns-privacy] [Technical Errata Reported] RFC… Allison Mankin