Re: [dns-privacy] AD review of draft-ietf-dprive-dnsoquic
Sara Dickinson <sara@sinodun.com> Thu, 06 January 2022 13:29 UTC
Return-Path: <sara@sinodun.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EB183A0B9C for <dns-privacy@ietfa.amsl.com>; Thu, 6 Jan 2022 05:29:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qvLZowWU8U0U for <dns-privacy@ietfa.amsl.com>; Thu, 6 Jan 2022 05:29:52 -0800 (PST)
Received: from balrog.mythic-beasts.com (balrog.mythic-beasts.com [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3CD13A0B98 for <dns-privacy@ietf.org>; Thu, 6 Jan 2022 05:29:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=mythic-beasts-k1; h=To:Date:From:Subject; bh=OIPsKFPwhQId1AjAPZFfAA0moCksFBTfi/kReeirNtU=; b=FJI4FJYljLZqUBmnxn6922gjgj DBFRlo76dlF4Reuc0Ky3BWMz/eWRtZpcnx+GZXnYnH0/nY1LbYwpNsjcywO8U1f23xY0iPKosOeTG FPd6uT6ScstiOBqyMPJP8WoIE9JvSb8OShLnixMZalHYFH5MNYhla85KkX5KJaD80FbnT5nptzBWc 0QFWVk7bJ/hRr4jD71arjBIIDzVCQJiL421s6E9AdisvTmVdKP0DKx6vwEPqGrpkWATHHE4fnZLK3 3SYihq7Od38kTwW3edASeHMNkOHFCx03O7+OAhXd+VUWLaKzNa/FIsp8bdroGFznYDGSRx1vpU8IG +q/l0Yxg==;
Received: from [62.3.64.153] (port=21285 helo=[192.168.12.101]) by balrog.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <sara@sinodun.com>) id 1n5Spp-0002QS-7E; Thu, 06 Jan 2022 13:29:45 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Sara Dickinson <sara@sinodun.com>
In-Reply-To: <8166E748-37F0-45EB-9353-6C1417B43FF5@cisco.com>
Date: Thu, 06 Jan 2022 13:29:31 +0000
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <86C3E1C6-3374-4D99-B0E8-AB6FC74A1889@sinodun.com>
References: <1B3BFBC8-89BC-4A30-88FE-4980E8BD3461@cisco.com> <8166E748-37F0-45EB-9353-6C1417B43FF5@cisco.com>
To: "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/kzrWdueCfkT94JgTaETAmQOCgJY>
Subject: Re: [dns-privacy] AD review of draft-ietf-dprive-dnsoquic
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2022 13:29:57 -0000
Hi Eric, Many thanks for the review. I’ve created PR https://github.com/huitema/dnsoquic/pull/134 with proposed updates from your comments. > On 10 Dec 2021, at 06:42, Eric Vyncke (evyncke) <evyncke=40cisco.com@dmarc.ietf.org> wrote: > > Dear authors, > > In the revised I-D, please also consider Martin Duke (the transport AD)'s WGLC comments, see the thread at > https://mailarchive.ietf.org/arch/msg/dns-privacy/F35q1jpUEPPqaq5gYVM8aYFoQUQ/ > > Especially around section 10.2 and the demux of DTLS & QUIC if both protocols run on the same port. Martin has suggested some text for this part, let's use it and remove any potential friction in the publication process. PR for this approved and merged (thanks Martin!) > > Regards > > -éric > > > > On 09/12/2021, 14:40, "Eric Vyncke (evyncke)" <evyncke@cisco.com> wrote: > > As usual, when a document is submitted for publication, as the responsible AD, I do my own review of the draft before going to the IETF Last Call. > > First, thank you Brian for a detailed doc shepherd write-up. Your points about the 'down-ref' are valid and for now I would leave them like they are. Yes - thank you Brian. FYI: - PR https://github.com/huitema/dnsoquic/pull/135 includes a change to make RFC8094 informative and - PR https://github.com/huitema/dnsoquic/pull/132 provides updated text based on Alex’s review also making RFC8467 informative. > > Thanks, as well to the WG and the authors Christian, Sara, and Alisson for their work. The document is well written and easy to read: congratulations ! > > Please find below my review comments: > > Abstract: should it state where DoQ could be used (i.e., between which DNS functions notably by citing XFR) ? Yes - good point. I’ve added text. > > Section 1: s/ this document is intended to specify/ this document specifies/ ? > > Section 2: please use the real template from BCP14 (section 2 of RFC 8174) Ack to both. > > Section 5: should there be a sentence "this section is normative" to be consistent with a similar sentence in section 4 ? Would it be better to clarify the text in section 4? “Whilst all other sections in this document are normative, this section is informative in nature." > > Section 5.1.2: isn't the 3rd § obvious ? Hence could it be removed ? Yes - I suppose it is an implementation detail, removed. > Unsure whether there is value in the last §, especially as it appears to contradict the previous ones. This was added in response to having read *multiple* papers/presentations on DoT vs DoH where a statement like ‘DoT must run on port 853 whereas DoH runs on port 443’ is made regarding deployment obstacles for DoT. For a wider audience it does seem useful to point out that 443 is a possibility for DoQ deployments. > > Section 5.3: should DOQ_REQUEST_CANCELLED also be available when the server wants to close a transaction (e.g., when there are multiple responses/XFR) ? Well, section 5.3.2 really deals with the server side having issues and using a stream reset + DOQ_INTERNAL_ERROR to signal this. I’m not sure when a server would choose to send DOQ_REQUEST_CANCELLED as the error here as opposed to DOQ_INTERNAL_ERROR since the only reason to not send all the responses would be an error of some kind (even for XFR)… or is there another use case I’m missing? > > Section 6.3: contains two SHOULD, the general expectation is that the document describes when it is acceptable not to follow the SHOULD. Or perhaps should RECOMMENDED be used ? The kind of reasons I always assume are behind these kind of SHOULDs are: is an API for this exposed, does it increase code complexity too much or does it add too much performance overhead, etc. I’m not sure we have a specific case for section 6.3 but Christian may be able to point to one. > > Section 6.4: same comment as above and also in other places. 6.4 is proposed to change to a MUST for the use of padding in PR https://github.com/huitema/dnsoquic/pull/132. The main reason I can see for not using a QUIC padding API if it existed would be code complexity e.g. the implementation may choose to re-use padding logic already implemented in the DNS layer for DoT/DoH. I can add text about this if you think it is useful? > > Section 6.7: should this document formally update RFC 1995, 5936, 7766 ? I think so as it is similar to RFC 9103, which updates those 3 RFCs. Good question but I don’t think so - all of those documents are specific to DNS over TCP. This document doesn’t define any new behaviour for XFR that changes how XFR over TCP behaves (which RFC9103 did) nor does it update anything in RFC7766. > > Section 7.1: s/ To our knowledge/To the authors' knowledge/ ? Agreed. > Also in " it performs well compared" does it mean "better" or "similar" ? Adguard haven’t published exact data yet but did say in a presentation “it seems that…. it does provide advantage over DoH in cellular data networks, as expected” and their user feedback "ranges from very positive to neutral”. I’m reluctant to declare it ‘better’ without more raw data…. > > Section 9.3: " due to the prevalence of NAT" is not the only cause as IPv6 nodes often change their IPv6 addresses. Please extend the text here as the DoQ may not have an API to check whether the IPv6 address has changed. Text added. > > Finally, while I am not a native English speaker (but I relied on the Microsoft Word spell-checker on the attached document), I think that there are some nits in the text: > - Missing a lot of '-' in some constructions: "general purpose transport", "server initiated transactions", "long term state ", ... > - "however" should be followed by a comma > - No "n" in "an" in " an unidirectional QUIC stream" > - "acknowledgeemnts" > - "Provisonal" All fixed, I hope (but please check as I had to use a different checker tool). Best regards Sara.
- [dns-privacy] AD review of draft-ietf-dprive-dnso… Eric Vyncke (evyncke)
- Re: [dns-privacy] AD review of draft-ietf-dprive-… Eric Vyncke (evyncke)
- Re: [dns-privacy] AD review of draft-ietf-dprive-… Sara Dickinson
- Re: [dns-privacy] AD review of draft-ietf-dprive-… Eric Vyncke (evyncke)
- Re: [dns-privacy] AD review of draft-ietf-dprive-… Sara Dickinson
- Re: [dns-privacy] AD review of draft-ietf-dprive-… Eric Vyncke (evyncke)