IETF Logo Mail Archive

Re: [dns-privacy] Demultiplexing HTTP and DNS on the same listener [New Version Notification for draft-dkg-dprive-demux-dns-http-02]

Martin Thomson <martin.thomson@gmail.com> Thu, 04 May 2017 01:12 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB37212953B for <dns-privacy@ietfa.amsl.com>; Wed, 3 May 2017 18:12:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FRO481KFQgZL for <dns-privacy@ietfa.amsl.com>; Wed, 3 May 2017 18:12:02 -0700 (PDT)
Received: from mail-lf0-x22a.google.com (mail-lf0-x22a.google.com [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 436EF129530 for <dns-privacy@ietf.org>; Wed, 3 May 2017 18:12:02 -0700 (PDT)
Received: by mail-lf0-x22a.google.com with SMTP id t144so2926627lff.1 for <dns-privacy@ietf.org>; Wed, 03 May 2017 18:12:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Lx7ckVHO8WUZkjHx7lKfOH/5AOejT1jwwsGseeApvdM=; b=avJ/CWSKCl7FV3VceCblrizmHAARf/fXgmZfkzNi4SwsmKhkyuSv1bRkZ2S43+XI99 Frv4VqXFa7uSptx84h6zGJ+AYot9dx1eTrgZ0CAqtm/UPI0LuP2MD3aMQjWS77Ca4xmT wesYqF3Ohh8iYvAbCPl6b3TaI+BVsdJFu9g4yqBdCTAuYmP5PknHOQ/mbw3RBYC90rAi rEPfUbMmS6CnRTiDMoHx6QalClUpVo075X/AIVcM8c7dlGQckTu+VxvzStec/Ch3jTGM F1oi8K7O39WG8jOr41oXNK5bsgDSSOQnm38r38g1BdzltYCOIKTge89ebJxj6Kp46wEl Eo8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Lx7ckVHO8WUZkjHx7lKfOH/5AOejT1jwwsGseeApvdM=; b=tChm3JJ/lE2SNKhsFxX/qAflqtXB4qwLb8fzx4cVKg2DQBJGWzY2bQrm2rmEmA3GNw BHPEzXPNb5bljFZlXXgEnsVtmyYf7U+I7lk+nVtwPvrPn/d6O4EAB3DUBGl2waRPUfin hLaqNUUlu+4PEjw9lptHoLHyqqe3ol/GwXdJhad/kpsPDsqvyhch3SZp0OESX/jxrT9x FIC8T09G6cpfTHctvdk7anVEhhdwzzop7p9ZciaJSSNw+5mF9jet3lgxuaUdvrb3PzAK 2aEo5tFSlLbhZ8XEhvWlv3NN6emcPl5sPWDPRV/7VfYdsLZ6trF4Nia17E0mJSVuGZgP OKdQ==
X-Gm-Message-State: AN3rC/4meFvGU1m1nIs2c80cX+4+P3TB1i7m5bUchY8K0ZQmZOc4CH59 Fqt1wwpy/h7dw4IUhL+uyIquHarIpg==
X-Received: by 10.25.160.147 with SMTP id j141mr11483374lfe.19.1493860320426; Wed, 03 May 2017 18:12:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.46.83.2 with HTTP; Wed, 3 May 2017 18:11:59 -0700 (PDT)
In-Reply-To: <87bmr9qwn7.fsf@fifthhorseman.net>
References: <87tw51remp.fsf@fifthhorseman.net> <CAOdDvNoNPXNXzpVcX7TZX=Z++kWMBhG_+uDH3Vk1Jp8+adcHLQ@mail.gmail.com> <CAOdDvNruCCyB2rsF9VgaVEOjQGD82wA0AiLAghiGjDM0SpBFPQ@mail.gmail.com> <87lgqdr0fr.fsf@fifthhorseman.net> <BN6PR03MB27085632B5CBA7324894699487EA0@BN6PR03MB2708.namprd03.prod.outlook.com> <CABkgnnVLasxAfsezDp4H0cSOme5okHUY0ruG7EzgsNEW89SmDQ@mail.gmail.com> <87bmr9qwn7.fsf@fifthhorseman.net>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 04 May 2017 11:11:59 +1000
Message-ID: <CABkgnnUgy+iD8R=WOBFb8bFWrtX=06unmiA5Ne3eEkt_KLcGxw@mail.gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: Mike Bishop <Michael.Bishop@microsoft.com>, Patrick McManus <mcmanus@ducksong.com>, HTTP Working Group <ietf-http-wg@w3.org>, DNS Privacy Working Group <dns-privacy@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/d6WHkGo8QnSnM-NUOJsNuOvhLDs>
Subject: Re: [dns-privacy] Demultiplexing HTTP and DNS on the same listener [New Version Notification for draft-dkg-dprive-demux-dns-http-02]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 01:12:04 -0000

On 4 May 2017 at 10:43, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> I address this in the draft section "Why not ALPN?" -- if anyone thinks
> the text there could be improved, i'd be happy to hear suggestions for
> how to change it.

Mike is suggesting that you define one that is "http + dns" or maybe
"http or dns", which would mean that you could use either.  Then you
convince existing HTTP clients to use that (a few browsers would do
the job).  Even if they didn't actually DO DNS, you would still be
able to hide in the mass/mess that they represent.

In TLS 1.3, the server choice is hidden, so even where the server
doesn't pick this choice, it works.  In TLS 1.2, you probably want to
convince a few servers to pick this new thing, but that obviously
means more work for those servers.

v2.23.0 | Report a Bug | By Email