Re: [dns-privacy] Demultiplexing HTTP and DNS on the same listener [New Version Notification for draft-dkg-dprive-demux-dns-http-02]
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 May 2017 23:32 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D199128959 for <dns-privacy@ietfa.amsl.com>; Wed, 3 May 2017 16:32:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M0-m9VLDQEZd for <dns-privacy@ietfa.amsl.com>; Wed, 3 May 2017 16:32:23 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by ietfa.amsl.com (Postfix) with ESMTP id 8D3711287A0 for <dns-privacy@ietf.org>; Wed, 3 May 2017 16:32:23 -0700 (PDT)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 5DCDAF997; Wed, 3 May 2017 19:22:06 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 2E4C72126D; Wed, 3 May 2017 19:21:48 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Patrick McManus <mcmanus@ducksong.com>, Patrick McManus <mcmanus@ducksong.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, DNS Privacy Working Group <dns-privacy@ietf.org>
In-Reply-To: <CAOdDvNruCCyB2rsF9VgaVEOjQGD82wA0AiLAghiGjDM0SpBFPQ@mail.gmail.com>
References: <87tw51remp.fsf@fifthhorseman.net> <CAOdDvNoNPXNXzpVcX7TZX=Z++kWMBhG_+uDH3Vk1Jp8+adcHLQ@mail.gmail.com> <CAOdDvNruCCyB2rsF9VgaVEOjQGD82wA0AiLAghiGjDM0SpBFPQ@mail.gmail.com>
Date: Wed, 03 May 2017 19:21:44 -0400
Message-ID: <87lgqdr0fr.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/aLWGsso6UGYWP5_IIW935p6a_w4>
Subject: Re: [dns-privacy] Demultiplexing HTTP and DNS on the same listener [New Version Notification for draft-dkg-dprive-demux-dns-http-02]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 May 2017 23:32:25 -0000
On Wed 2017-05-03 15:13:43 -0400, Patrick McManus wrote: > I forgot to mention another potential challenge with the demux approach - > h2 is not client send first.. typically both sides send SETTINGS > simultaneously.. and its important to the server not to hold those back > .5RTT as it can contain a bunch of configuration information (buffer > sizing, levels of parallelism, extension negotiation, etc..) that it wants > the client to start honoring asap. (Whether this is actually simultaneous > boils down to which flavor of tls handshake is done.) Ah! Thanks for this heads-up. That's definitely an interesting wrinkle. How does this interact with HTTP/1 clients connecting to the service? or is it only possible to do this because of the negotiated ALPN? If so, perhaps the demuxing needs to be done only when not sending an alpn of "h2", and the draft can drop the HTTP/2 section. What do you think? --dkg
- [dns-privacy] Demultiplexing HTTP and DNS on the … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Joe Touch
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Colm MacCárthaigh
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Roy T. Fielding
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Mike Bishop
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Martin Thomson
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Martin Thomson
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Martin Thomson
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Mike Bishop
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Stefan Eissing
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Ilari Liusvaara
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Mike Bishop
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Alex Rousskov
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Mark Nottingham
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Ilari Liusvaara
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Mark Nottingham
- Re: [dns-privacy] Demultiplexing HTTP and DNS on … Daniel Kahn Gillmor