Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
"George (Yorgos) Thessalonikefs" <george@nlnetlabs.nl> Tue, 30 May 2023 13:34 UTC
Return-Path: <george@nlnetlabs.nl>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E0799C1522C4 for <dns-privacy@ietfa.amsl.com>; Tue, 30 May 2023 06:34:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 759lfv0pAds0 for <dns-privacy@ietfa.amsl.com>; Tue, 30 May 2023 06:34:09 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2C24C151B3F for <dns-privacy@ietf.org>; Tue, 30 May 2023 06:34:09 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-96f7bf3cf9eso868549166b.0 for <dns-privacy@ietf.org>; Tue, 30 May 2023 06:34:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nlnetlabs.nl; s=google; t=1685453647; x=1688045647; h=content-transfer-encoding:in-reply-to:subject:from:content-language :references:to:user-agent:mime-version:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=LpaoLNRi1XPLAQVSDS7QOEJpi2mE+bEAWOFBou9aeIs=; b=g46Omb3tcpVu38BTqnPYq2s/uZ+woZg9KA9jnz9VfYmQtPN+LW05HGNcx/ZAKl4aVV Z0+dtIdXLPDzIb5tDlME6shY+WCaAL529prZqZyOlo/I3MAMnllz5gNzuqj4oxnq9b9L /b5KYIOKSUPZI/KSWMzhvXfct/0wArj8R+VpuOw0cYFTna7LYCJZwipHRno+5544clXF lXtdlIbKnP5TGqGv9sqFQhsT83jPtJl8AdlFaRj1nVafTQ9o33s8EE3LQAjgkMLjk3Lq XatYpNbpkApPQhl1LY9g746Wf5nXFpNPMut3HwesK83N/gE2gen3Jc+eoi3MEwHdYLar Is0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685453647; x=1688045647; h=content-transfer-encoding:in-reply-to:subject:from:content-language :references:to:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LpaoLNRi1XPLAQVSDS7QOEJpi2mE+bEAWOFBou9aeIs=; b=FNPZIvhXAyWHVUQAmbIDzdezLmhxb52gNIUi2JeKUrJVBIvorbUh1U9+lovzOXKYfC UMcF2knJK9Hf5SuzQYXRNVplfFHlhfNCxAQS/WRo7UL/ttj7VQS88rAGTfC15ya6rids 6Djq1Iclget+2aKpZYi9Et2TL84TTXPm4VHMB5ByKwzu0HoXhnj5EEnV1QpsqJ2Up2l7 g4NPAMxg4uJNTkXS5UjAYo82iQva/IZ899V/cysYwtu4Tfty/ycpRTS2OoQTLTqOh0AD fjhX4sTFp7NLA9ijS6F/F3PW3oPTZStq3BLHsaykrLubUYvL58N6M5OCf+D0MtQrHrqs 7c/A==
X-Gm-Message-State: AC+VfDykReWI1duuSi/rZb9q6cc1DCwoz4eDkZY2i4qFxhtyraOMFCTp rj/hW/afzk95uB7UmL3JCvurPXenfWumiMCvHBw=
X-Google-Smtp-Source: ACHHUZ5doDx6V90nNtNNi5NixZD4XLpAJWPpKhkeRPAxS3ih0r7XdQKRxJr5g/ASxnzdVqHpJw1aWQ==
X-Received: by 2002:a17:907:720c:b0:96f:a190:8381 with SMTP id dr12-20020a170907720c00b0096fa1908381mr2183064ejc.10.1685453647509; Tue, 30 May 2023 06:34:07 -0700 (PDT)
Received: from ?IPV6:2a02:a465:9fdd:1:17c:5940:36cf:ffb4? (2a02-a465-9fdd-1-17c-5940-36cf-ffb4.fixed6.kpn.net. [2a02:a465:9fdd:1:17c:5940:36cf:ffb4]) by smtp.gmail.com with ESMTPSA id u8-20020a1709060b0800b0096f920858afsm7379722ejg.102.2023.05.30.06.33.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 30 May 2023 06:34:06 -0700 (PDT)
Message-ID: <c83f4540-d8d8-8f5f-e2b9-6b6662fed550@nlnetlabs.nl>
Date: Tue, 30 May 2023 15:33:16 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
To: Paul Hoffman <paul.hoffman@icann.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
References: <64e17d73-ea1a-00cb-a8a5-b5cfb39c37ae@innovationslab.net> <45ada5a8-b483-dae7-eb56-88411fb2f75c@innovationslab.net> <7a3cd83a-b80d-f00d-b050-0a1d4845146b@innovationslab.net> <D7C916AC-E47D-45FE-9976-188DAE0775EF@icann.org>
Content-Language: en-US
From: "George (Yorgos) Thessalonikefs" <george@nlnetlabs.nl>
In-Reply-To: <D7C916AC-E47D-45FE-9976-188DAE0775EF@icann.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Yo3cvNZ9ptZ5zMofdv7B0wbL4Uo>
Subject: Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-unilateral-probing
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 May 2023 13:34:14 -0000
Hi Paul, authors, On 26/05/2023 20:00, Paul Hoffman wrote: > On Apr 14, 2023, at 11:14 AM, Brian Haberman <brian@innovationslab.net> wrote: >> >> All, >> An update on the status of this draft. I have asked the authors to review all the feedback, provide the mailing list with responses to the comments, and then publish a new version. > > We believe that -06 deals with all of the WG Last Call issues raised, except one. We didn't understand "## E" in Yorgos' message from April 7. Yorgos: could you reformulate that concern based on the -06 draft? That concern remains the same. I was trying to address two different sections with the same problem at once and as a result my text was not clear enough. I will try to streamline it: 0. I assume that the query is already sent to all destinations that unilateral probing allows. 1. When a Do53 reply comes in, the following text in section "4.6.2. Receiving a Response over Do53" applies: ... If R is successful: ... For each supported encrypted transport E: If Q is in E-queries[X]: Remove Q from E-queries[X] 2. Thus Q is removed from E-queries[X] 3. When a DoQ/T reply comes in, the following text in section "4.6.9. Receiving a Response over Encrypted Transport" applies: If Q is not in E-queries[X]: Discard R and process it no further (do not respond to a encrypted response to a query that is not outstanding) Otherwise: Remove Q from E-queries[X] Set E-last-activity[X] to T5 Set E-last-response[X] to T5 The result is that the metrics will not be updated for the encrypted replies, especially when we assume that Do53 replies will be faster in a probing scenario. So the first probe reply (encrypted or not) shadows the other available ones. Admittedly missing E-last-activity and E-last-response is not that serious but still feels wrong. I believe the correct approach is to always update the corresponding timers when an encrypted response is received. And a notice for "Appendix A. Early Implementations" and Unbound, the experimental implementation was more of an exploratory move to see what needs changing in Unbound for probing to happen, rather than an actual implementation. The last state of that was Unbound always working for the unhappy path ;) and falling back to Do53. I would either remove the Unbound mention altogether or note it as in experimental implementation state for DoT. Best regards, -- Yorgos
- [dns-privacy] WGLC : draft-ietf-dprive-unilateral… Brian Haberman
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Joey Salazar
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Hollenbeck, Scott
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Brian Haberman
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Wessels, Duane
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Brian Haberman
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Florian Obser
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Stephane Bortzmeyer
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Stephane Bortzmeyer
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Petr Špaček
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Florian Obser
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Ralf Weber
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Stephane Bortzmeyer
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Florian Obser
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Ralf Weber
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… George (Yorgos) Thessalonikefs
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Brian Haberman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Tim Wicinski
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… George (Yorgos) Thessalonikefs
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Tim Wicinski
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Brian Haberman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Rob Sayre
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Philip Homburg
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Rob Sayre
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Philip Homburg
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… George (Yorgos) Thessalonikefs
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… George (Yorgos) Thessalonikefs
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Florian Obser
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Philip Homburg
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Rob Sayre
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Rob Sayre
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Tim Wicinski
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Philip Homburg
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Florian Obser
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Hollenbeck, Scott
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Florian Obser
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Florian Obser
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [dnsdir] [Ext] WGLC : draft-iet… Peter van Dijk
- Re: [dns-privacy] [dnsdir] [Ext] WGLC : draft-iet… Peter van Dijk
- Re: [dns-privacy] [dnsdir] [Ext] WGLC : draft-iet… Paul Hoffman
- Re: [dns-privacy] [dnsdir] [Ext] WGLC : draft-iet… Florian Obser
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Brian Haberman
- Re: [dns-privacy] WGLC : draft-ietf-dprive-unilat… Eric Vyncke (evyncke)
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… Paul Hoffman
- Re: [dns-privacy] [Ext] WGLC : draft-ietf-dprive-… joeygsal