IETF Logo Mail Archive

Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing

"George (Yorgos) Thessalonikefs" <george@nlnetlabs.nl> Tue, 30 May 2023 13:34 UTC

Return-Path: <george@nlnetlabs.nl>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0799C1522C4 for <dns-privacy@ietfa.amsl.com>; Tue, 30 May 2023 06:34:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 759lfv0pAds0 for <dns-privacy@ietfa.amsl.com>; Tue, 30 May 2023 06:34:09 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2C24C151B3F for <dns-privacy@ietf.org>; Tue, 30 May 2023 06:34:09 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-96f7bf3cf9eso868549166b.0 for <dns-privacy@ietf.org>; Tue, 30 May 2023 06:34:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs.nl; s=google; t=1685453647; x=1688045647; h=content-transfer-encoding:in-reply-to:subject:from:content-language :references:to:user-agent:mime-version:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=LpaoLNRi1XPLAQVSDS7QOEJpi2mE+bEAWOFBou9aeIs=; b=g46Omb3tcpVu38BTqnPYq2s/uZ+woZg9KA9jnz9VfYmQtPN+LW05HGNcx/ZAKl4aVV Z0+dtIdXLPDzIb5tDlME6shY+WCaAL529prZqZyOlo/I3MAMnllz5gNzuqj4oxnq9b9L /b5KYIOKSUPZI/KSWMzhvXfct/0wArj8R+VpuOw0cYFTna7LYCJZwipHRno+5544clXF lXtdlIbKnP5TGqGv9sqFQhsT83jPtJl8AdlFaRj1nVafTQ9o33s8EE3LQAjgkMLjk3Lq XatYpNbpkApPQhl1LY9g746Wf5nXFpNPMut3HwesK83N/gE2gen3Jc+eoi3MEwHdYLar Is0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685453647; x=1688045647; h=content-transfer-encoding:in-reply-to:subject:from:content-language :references:to:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LpaoLNRi1XPLAQVSDS7QOEJpi2mE+bEAWOFBou9aeIs=; b=FNPZIvhXAyWHVUQAmbIDzdezLmhxb52gNIUi2JeKUrJVBIvorbUh1U9+lovzOXKYfC UMcF2knJK9Hf5SuzQYXRNVplfFHlhfNCxAQS/WRo7UL/ttj7VQS88rAGTfC15ya6rids 6Djq1Iclget+2aKpZYi9Et2TL84TTXPm4VHMB5ByKwzu0HoXhnj5EEnV1QpsqJ2Up2l7 g4NPAMxg4uJNTkXS5UjAYo82iQva/IZ899V/cysYwtu4Tfty/ycpRTS2OoQTLTqOh0AD fjhX4sTFp7NLA9ijS6F/F3PW3oPTZStq3BLHsaykrLubUYvL58N6M5OCf+D0MtQrHrqs 7c/A==
X-Gm-Message-State: AC+VfDykReWI1duuSi/rZb9q6cc1DCwoz4eDkZY2i4qFxhtyraOMFCTp rj/hW/afzk95uB7UmL3JCvurPXenfWumiMCvHBw=
X-Google-Smtp-Source: ACHHUZ5doDx6V90nNtNNi5NixZD4XLpAJWPpKhkeRPAxS3ih0r7XdQKRxJr5g/ASxnzdVqHpJw1aWQ==
X-Received: by 2002:a17:907:720c:b0:96f:a190:8381 with SMTP id dr12-20020a170907720c00b0096fa1908381mr2183064ejc.10.1685453647509; Tue, 30 May 2023 06:34:07 -0700 (PDT)
Received: from ?IPV6:2a02:a465:9fdd:1:17c:5940:36cf:ffb4? (2a02-a465-9fdd-1-17c-5940-36cf-ffb4.fixed6.kpn.net. [2a02:a465:9fdd:1:17c:5940:36cf:ffb4]) by smtp.gmail.com with ESMTPSA id u8-20020a1709060b0800b0096f920858afsm7379722ejg.102.2023.05.30.06.33.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 May 2023 06:34:06 -0700 (PDT)
Message-ID: <c83f4540-d8d8-8f5f-e2b9-6b6662fed550@nlnetlabs.nl>
Date: Tue, 30 May 2023 15:33:16 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
To: Paul Hoffman <paul.hoffman@icann.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
References: <64e17d73-ea1a-00cb-a8a5-b5cfb39c37ae@innovationslab.net> <45ada5a8-b483-dae7-eb56-88411fb2f75c@innovationslab.net> <7a3cd83a-b80d-f00d-b050-0a1d4845146b@innovationslab.net> <D7C916AC-E47D-45FE-9976-188DAE0775EF@icann.org>
Content-Language: en-US
From: "George (Yorgos) Thessalonikefs" <george@nlnetlabs.nl>
In-Reply-To: <D7C916AC-E47D-45FE-9976-188DAE0775EF@icann.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Yo3cvNZ9ptZ5zMofdv7B0wbL4Uo>
Subject: Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 May 2023 13:34:14 -0000

Hi Paul, authors,

On 26/05/2023 20:00, Paul Hoffman wrote:
> On Apr 14, 2023, at 11:14 AM, Brian Haberman <brian@innovationslab.net> wrote:
>>
>> All,
>>      An update on the status of this draft. I have asked the authors to review all the feedback, provide the mailing list with responses to the comments, and then publish a new version.
> 
> We believe that -06 deals with all of the WG Last Call issues raised, except one. We didn't understand "## E" in Yorgos' message from April 7. Yorgos: could you reformulate that concern based on the -06 draft?
That concern remains the same. I was trying to address two different 
sections with the same problem at once and as a result my text was not 
clear enough.

I will try to streamline it:

0. I assume that the query is already sent to all destinations that
    unilateral probing allows.
1. When a Do53 reply comes in, the following text in section
    "4.6.2. Receiving a Response over Do53" applies:
        ...
        If R is successful:
        ...
          For each supported encrypted transport E:
            If Q is in E-queries[X]:
              Remove Q from E-queries[X]
2. Thus Q is removed from E-queries[X]
3. When a DoQ/T reply comes in, the following text in section
    "4.6.9. Receiving a Response over Encrypted Transport"
    applies:
       If Q is not in E-queries[X]:
	Discard R and process it no further (do not respond to a
         encrypted response to a query that is not outstanding)
       Otherwise:
         Remove Q from E-queries[X]
         Set E-last-activity[X] to T5
         Set E-last-response[X] to T5

The result is that the metrics will not be updated for the
encrypted replies, especially when we assume that Do53 replies will
be faster in a probing scenario. So the first probe reply (encrypted
or not) shadows the other available ones. Admittedly missing 
E-last-activity and E-last-response is not that serious but still feels 
wrong.

I believe the correct approach is to always update the corresponding 
timers when an encrypted response is received.

And a notice for "Appendix A. Early Implementations" and Unbound, the 
experimental implementation was more of an exploratory move to see what 
needs changing in Unbound for probing to happen, rather than an actual 
implementation. The last state of that was Unbound always working for 
the unhappy path ;) and falling back to Do53.
I would either remove the Unbound mention altogether or note it as in 
experimental implementation state for DoT.

Best regards,
-- Yorgos

v2.23.0 | Report a Bug | By Email