Re: [dns-privacy] review of dprive-unilateral-probing
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 09 April 2022 15:02 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51DE33A0CF3 for <dns-privacy@ietfa.amsl.com>; Sat, 9 Apr 2022 08:02:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=iB+wfson; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=okqDuez4
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mt8KyMRQvcTg for <dns-privacy@ietfa.amsl.com>; Sat, 9 Apr 2022 08:01:58 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB5C93A0CF9 for <dns-privacy@ietf.org>; Sat, 9 Apr 2022 08:01:57 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1649516515; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=EJs9hCEzMTAZFc+CLc0E7lxQtrim0bG+80FndxZCscQ=; b=iB+wfsoncIhI9GoSlcoJVWgvfA+K9LFbeBZIInv+fPZ8nlrSRQs4rwas7BOg2PCgkxXmZ OIxTcCwu3dpAa0wBA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1649516515; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=EJs9hCEzMTAZFc+CLc0E7lxQtrim0bG+80FndxZCscQ=; b=okqDuez4mSd9x5Q/B0ohInk7XTob+Ennzg05hTMC+i4heOgsIux+P+Es3h2bdomYXEP3t 7yKhGR6VVjvgdeDjBhnmBxh0NhAVBPxtgO+Q41EuremMdIW82RMcL3Rf9i0K+boCFg7JytZ AW0MmfxSI8AN1ETeuaNsGTH01ezXmS75/AUsx9sh5o49LAtYABCdO1N1LiWMj4DM/X9Moml Hnw9c4mv2JWPF4KWN1Wl2TVf/BKB7QrKUUM/NaFbrkHZaNZ6H2U+SPwtBiDInjesR8rKqPO 8hTjLMi1tLYDxGrnNbazVEgIXJ3V3tAc3VzAjvu11txxSlRLv5q6wso5jCdw==
Received: from fifthhorseman.net (2603-8000-df00-593c-0c5d-9165-325b-66aa.res6.spectrum.com [IPv6:2603:8000:df00:593c:c5d:9165:325b:66aa]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 5C09FF9AD; Sat, 9 Apr 2022 11:01:55 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id C925820389; Sat, 9 Apr 2022 11:01:50 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Alexander Mayrhofer <alexander.mayrhofer=40nic.at@dmarc.ietf.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
In-Reply-To: <e9762b975b124de58cf176a87b290949@nic.at>
References: <e9762b975b124de58cf176a87b290949@nic.at>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Sat, 09 Apr 2022 08:01:48 -0700
Message-ID: <87o81ajo6b.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/jscf0PRt7uyjmrhHdt1HD_Y_oIE>
Subject: Re: [dns-privacy] review of dprive-unilateral-probing
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Apr 2022 15:02:04 -0000
Hi Alex-- thanks for this thoughtful review! I've adopted most of the changes you highlighted (until we submit a new draft to the datatracker, they can be seen in the editor's draft https://dkg.gitlab.io/dprive-unilateral-probing/), but wanted to note a few of them that I didn't fully incorporate yet: On Wed 2022-04-06 17:52:00 +0200, Alexander Mayrhofer wrote: > - I agree to the prococol choices considerations. Towards publication, > we should shorten the paragraph about the DoH path problem. noted, and recorded here so we don't lose it: https://gitlab.com/dkg/dprive-unilateral-probing/-/issues/16 > - As noted in the WG discussion, the X.509 certificate with common > names of all the names an authoritative server is known under could be > problematic, because customers are usually "creating" their own > nameserver names without necessarily informing the op of the > nameserver. Side note - this might be an interesting research topic - > to look at the names requested in SNI to the DoT port of such servers > ... (once we have deployment!) > - I guess implementors have more to say about the client-side probing > strategy proposed, but it does look very reasonable to me. Maybe we > can get feedback from early implementations on optimizing the > resource-use of state information required. I agree with these two comments, but i'm not sure there's anything to put in the draft about either of them. if you have text you want to suggest, and a place to put it, please let me know! > - The description of the connection state (4.3, first section, and the > state mangling in 4.5.*) is very close to implementation > specifications - do we really need that great detail for the protocol > to be interopable? Given the connection to the requirements in 4.5.1, > I do admit it's tricky. Maybe we should move that to an Appendix? > Section 4.3.1, though, is more like an abstract requirement, and > should be kept in. Maybe re-order? I agree on the 4.4. "per IP > address" recommendation. It might even be worse for v4/v6 deployments. This draft is definitely "close to implementation specifications" -- but that's kind of the goal here. We're trying to describe what specific policies each server needs to take to avoid harming resolution and disincentivizing other players from themselves adopting these strategies. I've added a high-level overview to section 4 so that an implementer gets the general idea before diving into the specifics: https://dkg.gitlab.io/dprive-unilateral-probing/#name-high-level-overview but i'm kind of reluctant to move the state tables or the specific transition steps into an appendix. If those state tables or transition steps are misguided, incomplete for the stated purpose, or problematic, i'd like to know about it from implementers so we can correct them. I fully expect some implementers to keep *additional* state beyond what is described here, because they may have additional goals. And of course some implementers might use their own data structures that are the equivalent of the state described here without being named or indexed in the exact way described in the document. But i don't see how to perform the recursive resolver side without keeping something equivalent to this state. Would it help to explicitly acknowledge that this description isn't a requirement for variable names, data structures, etc? I'm happy to accept text. Many of the documents coming out of the WHATWG and W3C offer this level of implementation guidance or even more. For example: https://www.w3.org/TR/webdriver/ https://encoding.spec.whatwg.org/ They do this to enhance interoperability; when each party knows that the other conformant party will behave in a certain way, it becomes simpler to make a decision about how to interact. I think this is not an unreasonable posture for a document like this in the IETF too. > - All the "identifier" strings in the draft should be quoted. (such as > "early", "unsent", etc..) - maybe personal preference, but I find it > clearer. Latest, the RFC editors will comment on that anyways. In the HTML version (which i'm thinking of as the canonical form) all those identifier strings are set off as <code> elements so they're already visually distinct. Do you (or does the WG) want quotation marks as well? Another possibility would be to rely on <code> in the text/html form, and quotation marks in the text/plain form, but the xml2rfc tooling doesn't really permit that. Here are some links that describe that decision (i'm not sure i agree with it, but i'm also not sure i have the capacity to fight it): https://github.com/ietf-tools/xml2rfc/issues/600 https://github.com/ietf-tools/xml2rfc/issues/647 https://notes.ietf.org/cmt-20210222# I could do an automated replacement in the source to wrap all literal strings (`foo`) with quotation marks ("`foo`"), using something like: sed -e 's/\([^"]\|^\)`\([^`]*\)`\([^"]\|$\)/\1"`\2`"\3/g' But i'm not sure whether it improves the document -- perhaps that's overkill? Or maybe I'm not sure what you think counts as an "identifier" string. is `E-foo[X]` an identifier string? You can get a list of all the backtick-wrapped strings in the document (and their counts) with: grep '`' unilateral-probing.md | \ sed -e 's/[^`]*`\([^`]*\)`[^`]*/\1\n/g' | \ grep -v '^$' | sort | uniq -c | sort -n In the editor's copy, i've quoted the ALPN strings as "`doq`" so you can see what that looks like in both html and text, but I haven't done any more changes. Editor's copy: text/html: https://dkg.gitlab.io/dprive-unilateral-probing/ text/plain: https://dkg.gitlab.io/dprive-unilateral-probing/unilateral-probing.txt --dkg
- [dns-privacy] review of dprive-unilateral-probing Alexander Mayrhofer
- Re: [dns-privacy] review of dprive-unilateral-pro… Daniel Kahn Gillmor