IETF Logo Mail Archive

Re: [dns-privacy] [Technical Errata Reported] RFC9250 (7883)

Christian Huitema <huitema@huitema.net> Fri, 05 April 2024 06:14 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77620C14F6B9; Thu, 4 Apr 2024 23:14:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pb3v0G2HDXBg; Thu, 4 Apr 2024 23:14:13 -0700 (PDT)
Received: from se03.mfg.siteprotect.com (se03.mfg.siteprotect.com [64.26.60.166]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53229C14F6B6; Thu, 4 Apr 2024 23:14:13 -0700 (PDT)
Received: from smtpauth02.mfg.siteprotect.com ([64.26.60.151]) by se03.mfg.siteprotect.com with esmtp (Exim 4.92) (envelope-from <huitema@huitema.net>) id 1rscpz-007RN0-0Y; Fri, 05 Apr 2024 02:14:10 -0400
Received: from [192.168.1.102] (unknown [172.56.169.185]) (Authenticated sender: huitema@huitema.net) by smtpauth02.mfg.siteprotect.com (Postfix) with ESMTPSA id 4V9p8h1Nscz2YQR6s; Fri, 5 Apr 2024 02:13:55 -0400 (EDT)
Message-ID: <87259f12-b2d6-4622-92ac-43672b02312c@huitema.net>
Date: Thu, 04 Apr 2024 23:13:54 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: RFC Errata System <rfc-editor@rfc-editor.org>, sara@sinodun.com, allison.mankin@gmail.com, ek.ietf@gmail.com, evyncke@cisco.com, brian@innovationslab.net, tjw.ietf@gmail.com
Cc: lyra@omg.lol, dns-privacy@ietf.org
References: <20240405013857.7736ACE3DB@rfcpa.amsl.com>
Content-Language: en-US
From: Christian Huitema <huitema@huitema.net>
Autocrypt: addr=huitema@huitema.net; keydata= xjMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1RmvN J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PsKWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAzjgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB8J+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH
In-Reply-To: <20240405013857.7736ACE3DB@rfcpa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=huitema@huitema.net
X-Originating-IP: 64.26.60.151
X-SpamExperts-Domain: mfg.outbound
X-SpamExperts-Username: 64.26.60.150/31
Authentication-Results: mfg.siteprotect.com; auth=pass smtp.auth=64.26.60.150/31@mfg.outbound
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.22)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT+3NkBSzopR7aY5ZIMudomPPUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5wdUhRaxEnn/p87/hoY1N5AzLUNdbu0zF35NUivs5c8XmRd B/o5yci8NNAECj8hyw3VTPJcWJeL0zPZCyXfoa0OBePd8LGV1c3gs8faH8z01RPqsm3lMX/UkSIS kbDXaEL9DTb0igj9VrQT3bs1rjMBMLR9qvkRyKmdi7D8/O/+JglwyL+wC0gKFoU5cYplpZDMqjvh RFwsCeXlKQ4p1FkvVYIEeW9bdm5X/rDrOFK40L1ZuFAxuEBp5wXsRmJt7FgQ6mVG4Tq91mKmO5ba 58rcEbttAuouJxSJQP9s1WzA2YyUDYn9n/oq1FI1j8XhqXnssgQTYCUsD7Ox/29gH9X20RaemUB1 Aut43/tz19hXCHQOD0r6/AaHZiEtdTMtMlhMvcAUCNx4wzJtZhu5KaP8CmvAOTkHEu95Lfg+pTZE fJZxGk3X7U/CrpemaTYEqjRxWoMMUc/uGBp7Cw/q8dYMCsH6hS7hCl0cTkGMPBmo24E5EKDV7ifG TDTmNP+WMxtE2YeZliQ1zoR8qgMhKUoQPEg+PVRTiaxPY52n0Pp/89ljvuvFhqHeLfCeIli+ZWpB 8an3wfCSh0L4irmW5qdlF2FEKbrFjq10UuceCbqq9ZHXN8LOwKTxLx8TSW9+9164JB1ks2EvBGu0 XnP7uzX+SDKhwWvwgFQwKIDQDw8z5o+rf/HmE/vj862Ak39dFEIY4L7u6QJ/jXXAPItovk04ECt1 FGCwvFIQCTznIQrYdq9sHim9STOzRCSbZBbt3HZyLUi1p5aW4HCZE+F0apUirSOIPpeqwlm2NDGX IJ2x7JXPhwx73p6rj0e1e6vKOPMixg/ps/IAbGhPj+47MhrEsV8coAVQTs3taIwjMyRoiX3qsF9E oPubKCUGwYj6tHPnEhHRhYYtNTu5p7PULRVGU9l7MM1tKhP/RzxG4Pnt2v3Mv9yEqUsvexgjOMT/ FmRlpvsHuKYSZZJWrfSRdSppGBZ9WqzVCVc3XCLdApIlvtIiS7M/rRtEIFTt2MpscoZc6jMjSvZF 4My+DA4yC54kuIHS78TNGdip9ikty+ps5ycXmbogHi5Hs2QRLMpQtPtIJ/hMZ2dSJhcfTkXE4sux +mfChe1HqUfJxCFHegcgpgTiZUr9jJhgIra1kzwOZ5pSzT9RFylG68Xanf7e6ImgsRNdYxHZJiiO JYc7Hh86raT9NadvA6Ixg4dk9fQdVkGegtQuTT2wzRvpJH36ixsE0xBLqP+qCe5AKdEUs1KSJ5PF IW1J8K6wdOgqKMctiJs=
X-Report-Abuse-To: spam@se02.mfg.siteprotect.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/atMT8JRXvwtbmWU8MQ7W46mfcVs>
Subject: Re: [dns-privacy] [Technical Errata Reported] RFC9250 (7883)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2024 06:14:18 -0000

This wording in RFC9250 was deliberate. It was discussed in details when 
the RFC was written. The current text correctly reflects the result of 
these discussions.

-- Christian Huitema

On 4/4/2024 6:38 PM, RFC Errata System wrote:
> The following errata report has been submitted for RFC9250,
> "DNS over Dedicated QUIC Connections".
> 
> --------------------------------------
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7883
> 
> --------------------------------------
> Type: Technical
> Reported by: Lyra Naeseth <lyra@omg.lol>
> 
> Section: 7.5
> 
> Original Text
> -------------
> Implementations SHOULD use the mechanisms defined in Section 5.4 to
> mitigate this attack.
> 
> Corrected Text
> --------------
> Implementations MUST use the padding mechanisms defined in Section 5.4
> to mitigate this attack.
> 
> Notes
> -----
> Section 5.4 states that "[i]mplementations MUST protect against the traffic analysis attacks described in Section 7.5", but Section 7.5 describes that obligation as a "SHOULD". "MUST" is correct, and the inconsistent "SHOULD" in Section 7.5 is an error.
> 
> Instructions:
> -------------
> This erratum is currently posted as "Reported". (If it is spam, it
> will be removed shortly by the RFC Production Center.) Please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party
> will log in to change the status and edit the report, if necessary.
> 
> --------------------------------------
> RFC9250 (draft-ietf-dprive-dnsoquic-12)
> --------------------------------------
> Title               : DNS over Dedicated QUIC Connections
> Publication Date    : May 2022
> Author(s)           : C. Huitema, S. Dickinson, A. Mankin
> Category            : PROPOSED STANDARD
> Source              : DNS PRIVate Exchange
> Stream              : IETF
> Verifying Party     : IESG

v2.23.0 | Report a Bug | By Email