Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...

James <james.ietf@gmail.com> Wed, 07 October 2020 15:09 UTC

Return-Path: <james.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DD843A0A04 for <dns-privacy@ietfa.amsl.com>; Wed, 7 Oct 2020 08:09:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.31
X-Spam-Level:
X-Spam-Status: No, score=-2.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7K88rcXX0XXP for <dns-privacy@ietfa.amsl.com>; Wed, 7 Oct 2020 08:09:20 -0700 (PDT)
Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77BF73A09E3 for <dns-privacy@ietf.org>; Wed, 7 Oct 2020 08:09:20 -0700 (PDT)
Received: by mail-ed1-x52e.google.com with SMTP id cq12so2561694edb.2 for <dns-privacy@ietf.org>; Wed, 07 Oct 2020 08:09:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=6/zKqKqg2HHm5Xb5EUoB7M3P+FszaJH0DWL316xznAo=; b=tyo1qkfMUMo3GaT5dU//DNrha76ij/XYIPbrKgOrsY7njfwfwT/Ecnw6DmgGFa5wzY vz9bjjBeD+hEhNxvkVojtidPAQDFUjZFo1K9ZGdo9d/i60GCut5LlQTCQNj+4YldQzZE 7z+XG6WYi2NSmVXpMRMfo41VsfQ8S1XgM6ZCJW4Ai1BMr6t9zml7Vzwjp5OEwAVUgWfM uGyiQTYEDaaFMMb77j4mhQsqigsYNf8D2CQuzvoDyYYydaRCgeXTAT2xw9DIhVP+Ahdk T9E16aU92sPgIfmBzaE+uBadlrei+unlAqmuSfS9XpcqtcXg2KHsRFZymwvyslP6ROLT bfnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=6/zKqKqg2HHm5Xb5EUoB7M3P+FszaJH0DWL316xznAo=; b=P1o2aBd6QxcQZ34Az4luDahOpUOPNBLef9qDLuQHZn/6qHh4nSgXYqmJj8ScparFre 6P61aQoVy2S/KpkT4g9nNgXWWSuur6rIcLK1sH/DC0FRGjjjbmqk4EJbvUfuYp81sp2D QFVzJcFvffz0HdK4zCDJ1xx4NysxLXKdQ7ztUpSLd/ZrxeCpgnOozEWjnId4+oDok/Ud RV0B0pTP1zwT2kXARDx+oz7mGedTXGr5nAqdFIOXFD86MpTisNBwZ0jKXxgpbvfoA94i 4L57mMYKFdYM8UIrJEjbbK4XLrl6B6eFBh8ud+0PEaELiBwd2YU8HH+2pkK2XHhRFbk/ Xfvg==
X-Gm-Message-State: AOAM532wHafSmGyX+3lEYLdu430geEuts+/ww0XeJHb70pZytFkc4CqH gPoh4TiY5O7OyN5HjETmj42pujiBHXhfd5qu
X-Google-Smtp-Source: ABdhPJzuqncKhFn2s0ViqYE/cS9gBf3x1algfhdzIkjNLXr2/XueJ1kEeX0Q5rCOodbfU9vt1yOhfA==
X-Received: by 2002:a05:6402:2076:: with SMTP id bd22mr4157178edb.197.1602083358673; Wed, 07 Oct 2020 08:09:18 -0700 (PDT)
Received: from TTA4265.fritz.box ([2001:984:65b0:2:88bc:92d7:70fc:867]) by smtp.gmail.com with UTF8SMTPSA id z20sm1697248eji.104.2020.10.07.08.09.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 07 Oct 2020 08:09:17 -0700 (PDT)
To: "Vinny Parla (vparla)" <vparla@cisco.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
References: <MN2PR11MB47604813E0DC2DDA0E297A36D80C0@MN2PR11MB4760.namprd11.prod.outlook.com> <CAO+dDxn1J2bOz1b8iPKbUnYLTFhSLJRhx9Od5hAHpP3TSkp7yQ@mail.gmail.com> <C276A52C-DCBA-4920-95E1-FAF2D3881D0B@apple.com> <MN2PR11MB476044BA6BD5D47C8088D434D80A0@MN2PR11MB4760.namprd11.prod.outlook.com>
From: James <james.ietf@gmail.com>
Message-ID: <437fcf37-5ef9-06c0-f3ac-2568489e4f65@gmail.com>
Date: Wed, 7 Oct 2020 17:09:16 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:82.0) Gecko/20100101 Thunderbird/82.0
MIME-Version: 1.0
In-Reply-To: <MN2PR11MB476044BA6BD5D47C8088D434D80A0@MN2PR11MB4760.namprd11.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------4987B73B2B16261DB29866B2"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/m1pKoIOwsLZxKysZo864jJJod1Y>
Subject: Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 15:09:23 -0000

Tommy:

I suspect they are likely on list and can speak for themselves and do a 
much better job of it, however aiui it was the absolute worst case where 
QUIC connection setup was also included. This was a brief hallway 
discussion back in Singapore so things may have progressed.

Vinny:

The draft I cited makes its specific use case not to include 
multiplexing as it announces a separate ALPN and operates on a 
different, dedicated port. If my memory serves me right previous 
discussion in both the doh WG and related DNS working groups on the 
subject of multiplexing were largely dismissive of it over a lack of 
separation of concerns, privacy, among others.

- J

On 07/10/2020 14:39, Vinny Parla (vparla) wrote:
>
> Hi,
>
> What I am driving at in my original question is do we envision mixing 
> Content and DNS together in a multiplexed session or will DNS continue 
> to be an entirely independent channel (whether over HTTP/2 /3 Do53 DoQ 
> DoH).
>
> -Vinny
>
> *From:* Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
> *Sent:* Wednesday, October 7, 2020 9:23 AM
> *To:* James <james.ietf@gmail.com>
> *Cc:* Vinny Parla (vparla) <vparla@cisco.com>om>; dns-privacy@ietf.org
> *Subject:* Re: [dns-privacy] DNS and QUIC,HTTP/3 Long term vision...
>
> Can you cite this claim about DNS over HTTP/3? The per-query cost once 
> an HTTP/3 connection is established should be minimal. If you’re 
> taking into account all setup overhead for an HTTPS connection as a 
> “per query” cost, that’s not representative of how DoH is reasonably 
> used (and would be a issue with existing DoH).
>
> Thanks,
>
> Tommy
>
>
>
>     On Oct 6, 2020, at 2:03 PM, James <james.ietf@gmail.com
>     <mailto:james.ietf@gmail.com>> wrote:
>
>     My most recent observations of discussions around DNS over QUIC
>     and HTTP/3 was that some folks had attempted DNS over HTTP/3,
>     however the overheads (~14KiB for a query at worst-case) made it
>     impractical and infeasible. With regards to DNS over QUIC, the
>     current dprive working group adopted draft [1] is focusing on stub
>     to recursive, but not necessarily as a multiplex with an existing
>     QUIC connection.
>
>     - J
>
>     1:https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-00
>     <https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-00>
>
>     On Mon, 5 Oct 2020 at 17:31, Vinny Parla (vparla)
>     <vparla=40cisco.com@dmarc.ietf.org
>     <mailto:40cisco.com@dmarc.ietf.org>> wrote:
>
>         Hi,
>
>         It was suggested that I ask this question on the 3 lists:
>
>         Now that QUIC & HTTP/3 is imminent…
>
>         I would like to know what the opinion is of the community on
>         the long term view of DNS.
>
>         Would DNS remain an independent channel or would it be
>         subsumed in a multiplexed stream via HTTP/3 in some future
>         version?
>
>         For example, would a browser perform DNS queries over a QUIC
>         multiplexed session?
>
>          (e.g. similar to how today an http proxy can perform DNS
>         queries on behalf of the client using that proxy)
>
>         Would love to hear from implementors what their long term view
>         is of this in particular.
>
>         Thanks,
>
>         -Vinny
>
>         _______________________________________________
>         dns-privacy mailing list
>         dns-privacy@ietf.org <mailto:dns-privacy@ietf.org>
>         https://www.ietf.org/mailman/listinfo/dns-privacy
>         <https://www.ietf.org/mailman/listinfo/dns-privacy>
>
>     _______________________________________________
>     dns-privacy mailing list
>     dns-privacy@ietf.org <mailto:dns-privacy@ietf.org>
>     https://www.ietf.org/mailman/listinfo/dns-privacy
>     <https://www.ietf.org/mailman/listinfo/dns-privacy>
>