Re: [dns-privacy] [core] [DNSOP] WGA call for draft-lenders-dns-over-coap
Martine Sophie Lenders <m.lenders@fu-berlin.de> Mon, 19 September 2022 11:30 UTC
Return-Path: <mlenders@zedat.fu-berlin.de>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A15A4C14E514; Mon, 19 Sep 2022 04:30:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AN7LKVIbTHdU; Mon, 19 Sep 2022 04:29:59 -0700 (PDT)
Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 441D6C1522DE; Mon, 19 Sep 2022 04:29:58 -0700 (PDT)
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.95) with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384 (envelope-from <mlenders@zedat.fu-berlin.de>) id 1oaEyJ-001tZC-62; Mon, 19 Sep 2022 13:29:55 +0200
Received: from inetm02.imp.fu-berlin.de ([160.45.114.25]) by inpost2.zedat.fu-berlin.de (Exim 4.95) with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (envelope-from <m.lenders@fu-berlin.de>) id 1oaEyJ-003bxU-0T; Mon, 19 Sep 2022 13:29:55 +0200
Content-Type: multipart/alternative; boundary="------------S0arYCGaWLNc2RaNPfJnFRFc"
Message-ID: <f1a9e90a-f316-4c93-e847-e9800908542e@fu-berlin.de>
Date: Mon, 19 Sep 2022 13:29:54 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.0
Content-Language: en-US
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: core@ietf.org, DNS Privacy Working Group <dns-privacy@ietf.org>, dnsop <dnsop@ietf.org>
References: <eb776071-e99c-93a9-b0ba-c14ad5c11e13@fastmail.com> <98cb0b90-4b23-257b-9553-7b0ef3a9bcab@fastmail.com> <CAHbrMsA4CnFKAxNXEvXfXGNgHi7FNt=T+pPMOca13bBCxi12Gg@mail.gmail.com>
From: Martine Sophie Lenders <m.lenders@fu-berlin.de>
In-Reply-To: <CAHbrMsA4CnFKAxNXEvXfXGNgHi7FNt=T+pPMOca13bBCxi12Gg@mail.gmail.com>
X-Original-Sender: m.lenders@fu-berlin.de
X-Originating-IP: 160.45.114.25
X-ZEDAT-Hint: A
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/kHmpGnIRiJLemMfjxsR29InXp7U>
Subject: Re: [dns-privacy] [core] [DNSOP] WGA call for draft-lenders-dns-over-coap
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Sep 2022 11:30:03 -0000
Hi, Sorry for the late reply, I was away from any keyboard for the past two weeks. I think there might be a misunderstanding regarding the CNAME behavior, due to some poor wording in our draft: The CNAMEs should, of course, only be resolved in such a way, if the queried record was an A or AAAA record. This does not, to my understanding, contradict the behavior described for CNAMEs in RFC 1034. We propose a different wording for the first sentence in 5.1 to prevent such misunderstandings in the future: In the case of CNAME records in a DNS response to an A or AAAA record query, a DoC server SHOULD follow common DNS resolver behavior [RFC1034 <https://www.ietf.org/archive/id/draft-ietf-core-dns-over-coap-00.html#RFC1034>] by resolving a CNAME until the originally requested resource record type is reached. Regarding the population of the additional section, we also follow recommendations in RFC 1034, to only include records useful to the client. We deem this particularly noteworthy when it comes to DNS, as from our analysis of DNS traffic, responses can become quite large due to an abundance of records in the Additional section. With the message size constraints in LLNs, it might thus be necessary to prune the DNS message for records actually useful to the querying DoC client. Lastly, mind, that, at least in our model for DoC, a DoC client does not further distribute the information it gathered via DoC. Regards Martine Am 06.09.22 um 17:06 schrieb Ben Schwartz: > Some further notes on this draft. > > Section 5.1 says that a DoC server "SHOULD" follow CNAMEs. This is a > misunderstanding of the nature of DNS transports. DoC is a DNS > transport, like DoT and DoH. The choice of transport is independent > of the DNS server's answering behavior, which must not be modified by > the transport. Indeed, DPRIVE is now chartered to enable the use of > alternate transports for recursive-to-authoritative queries for which > CNAME following has entirely different rules. This is possible > precisely because the choice of transport does not alter the logical > DNS contents. > > Section 5.1 also proposes that the population of the Additional > section might follow different logic when using DoC. > > Modifying the logical DNS behavior would create a wide range of > exciting and unpredictable compatibility issues when trying to use a > new transport. I urge the authors to delete Section 5.1, which would > resolve this problem. The draft could instead note that the DNS > queries and responses are not modified when using DoC, except under > private arrangement between the client and server. > > On Fri, Sep 2, 2022 at 12:20 PM Jaime Jiménez <jaime@iki.fi> wrote: > > Dear CoRE WG, > > Thanks to the authors and the reviewers that provided comments on > the list for this draft. Given the in-room support and the list > discussion during the WGA the chairs believe that there is > sufficient support for the adoption of this document in CoRE. > > The authors are advised to resubmit the draft-core-dns-over-coap > and to set up a document repo under the CoRE Github organization > at https://github.com/core-wg > > BR, > > Jaime Jiménez on behalf of the CoRE chairs. > > On 15.8.2022 11.26, Jaime Jiménez wrote: >> Dear CoRE WG, >> >> We would like to start the call for adoption on draft-lenders-dns-over-coap. >> The draft defines a protocol for sending DNS messages over secure CoAP (DTLS and/or OSCORE). The draft was discussed during IETF114 and on IETF113 and was well-received by the group. >> >> https://datatracker.ietf.org/doc/draft-lenders-dns-over-coap/ >> >> During the last IETF meeting there were no objections for adoption so we confirm this now on the mailing list. Please let us know if you support adopting this draft. As many people will still be on vacation, we the WGA call will last a couple of weeks, ending the/1st of September/. >> >> Note that DNSOP and DPRIVE are in the loop as the draft is relevant for their working groups too. >> >> BR, >> -- >> Jaime Jiménez >> >> _______________________________________________ >> core mailing list >> core@ietf.org >> https://www.ietf.org/mailman/listinfo/core > > -- > Jaime Jiménez > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > > _______________________________________________ > core mailing list > core@ietf.org > https://www.ietf.org/mailman/listinfo/core
- [dns-privacy] WGA call for draft-lenders-dns-over… Jaime Jiménez
- Re: [dns-privacy] [core] WGA call for draft-lende… Jaime Jiménez
- Re: [dns-privacy] [core] WGA call for draft-lende… Tim Wicinski
- Re: [dns-privacy] [core] WGA call for draft-lende… Ted Lemon
- Re: [dns-privacy] [core] WGA call for draft-lende… Carsten Bormann
- Re: [dns-privacy] [core] WGA call for draft-lende… Ted Lemon
- Re: [dns-privacy] [core] WGA call for draft-lende… Carsten Bormann
- Re: [dns-privacy] [core] WGA call for draft-lende… Martine Sophie Lenders
- Re: [dns-privacy] [core] WGA call for draft-lende… Ted Lemon
- Re: [dns-privacy] [core] WGA call for draft-lende… Matthias Waehlisch
- Re: [dns-privacy] [core] WGA call for draft-lende… Jaime Jiménez
- Re: [dns-privacy] [core] WGA call for draft-lende… Jaime Jiménez
- Re: [dns-privacy] [DNSOP] [core] WGA call for dra… Ben Schwartz
- Re: [dns-privacy] [DNSOP] [core] WGA call for dra… Vladimír Čunát
- Re: [dns-privacy] [DNSOP] [core] WGA call for dra… Alexander Mayrhofer
- Re: [dns-privacy] [core] [DNSOP] WGA call for dra… Martine Sophie Lenders
- Re: [dns-privacy] [core] [DNSOP] WGA call for dra… Ben Schwartz
- Re: [dns-privacy] [core] [DNSOP] WGA call for dra… Carsten Bormann
- Re: [dns-privacy] [core] [DNSOP] WGA call for dra… Martine Sophie Lenders
- Re: [dns-privacy] [DNSOP] [core] WGA call for dra… Ben Schwartz
- Re: [dns-privacy] [DNSOP] [core] WGA call for dra… Martine Sophie Lenders
- Re: [dns-privacy] [DNSOP] [core] WGA call for dra… Ben Schwartz
- [dns-privacy] draft-ietf-core-dns-over-coap-01 (w… Martine Sophie Lenders