IETF Logo Mail Archive

Re: [dns-privacy] [core] WGA call for draft-lenders-dns-over-coap

Ted Lemon <mellon@fugue.com> Mon, 15 August 2022 17:41 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76C6FC1524B0 for <dns-privacy@ietfa.amsl.com>; Mon, 15 Aug 2022 10:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lF1LwyW6ijMJ for <dns-privacy@ietfa.amsl.com>; Mon, 15 Aug 2022 10:41:29 -0700 (PDT)
Received: from mail-qv1-xf30.google.com (mail-qv1-xf30.google.com [IPv6:2607:f8b0:4864:20::f30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8359EC15256F for <dns-privacy@ietf.org>; Mon, 15 Aug 2022 10:41:28 -0700 (PDT)
Received: by mail-qv1-xf30.google.com with SMTP id y11so5842094qvn.3 for <dns-privacy@ietf.org>; Mon, 15 Aug 2022 10:41:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20210112.gappssmtp.com; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc; bh=h2fcCcetWFAXwwcSV3KaUrH7zaKtB4dSpQdPafqza2Q=; b=PNapGvrtsIe/flBjLCyXsDOh+acLdx0AW7Bj+Vco0ouV4y7755L3ED8jxoS5kXRQqy I5Jra/apJ4yoPh/hUI34gCY8EsLYrVJqOpRMmk3r2brEMfNnu/341Oi+2JFMpmDnKg2c wH0PuDMsXh9EbT1+3MnjmlPCk+oH0L3nTr7qqI3pVRTRlcrzXfgr0QjLjCuh0dMP9JjA 4seXSrfZ/7pjB3OyyvXdeiTbUJq50SrGxNsnejlZbUKVIvKLNxQgtglXUDLCYjmPE6Qt RAHqKGyH1sXngugDiDXO5EehdklOWkbZ859P02VtnVdgATr5wpxnrX+7LcFWbnAgL7Ps 30Ww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc; bh=h2fcCcetWFAXwwcSV3KaUrH7zaKtB4dSpQdPafqza2Q=; b=W2gc8eLdoo+POdkypsQMY/vhYGzPL+XuCDWvptkECGqQ1JFQ1XfFwhCV5Eq+0GBO5Y c/00622ilXj/zaorO0dMKllW8dPuxegkZMOCFO/aK+6SdW1V7tePgGXM3RY7D0H0Kyyy 7Xz+EEAcSixYkzUd36oq9NAqR1XVcyzlLpVwJRVeeM48XcpW/1VMplQLfq8qhjCMTUG6 WoNa6y2fJZT1C38xQfuDYBNp+qRRUoYBGlYnQnhQx1zSiiGsHjqxYrVURvRSDChtPcIA /Lxh6tkt9eRoThweVHGxZ0WesWacmPgtWZdWA9tHwxA8TRTFQTiF/ntJfO5Ce3c5rYvu H7dQ==
X-Gm-Message-State: ACgBeo3DppezQbiWydHwkis/Qr4TEQqKf52IgTj02tW/qLAo9Z9Qdh3c oFpZ/6lZCo16E4PBNedkCOzGQA==
X-Google-Smtp-Source: AA6agR4MsgticT1Crff8jwb0kEpfaI62uMeqDp2tNPn9rxQRC/IBfH/hOZQrkBFFKOVRsHj7AJc1Rg==
X-Received: by 2002:a0c:e512:0:b0:474:8064:d59b with SMTP id l18-20020a0ce512000000b004748064d59bmr14853356qvm.70.1660585287026; Mon, 15 Aug 2022 10:41:27 -0700 (PDT)
Received: from smtpclient.apple ([2601:18b:300:3380:7463:c3e9:af1f:efff]) by smtp.gmail.com with ESMTPSA id l1-20020a05620a28c100b006b958c34bf1sm169968qkp.10.2022.08.15.10.41.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Aug 2022 10:41:26 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Ted Lemon <mellon@fugue.com>
Mime-Version: 1.0 (1.0)
Date: Mon, 15 Aug 2022 13:41:26 -0400
Message-Id: <519510F7-032C-4BCE-AD7E-6889ABC7991D@fugue.com>
References: <693CE6A0-9479-4265-B3D9-ADEF9EF4B959@tzi.org>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, dns-privacy@ietf.org, dnsop@ietf.org, core@ietf.org
In-Reply-To: <693CE6A0-9479-4265-B3D9-ADEF9EF4B959@tzi.org>
To: Carsten Bormann <cabo@tzi.org>
X-Mailer: iPad Mail (19F77)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/ougbHvGlsgr_g6J2NKdo1OZIzA0>
Subject: Re: [dns-privacy] [core] WGA call for draft-lenders-dns-over-coap
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2022 17:41:33 -0000

> On Aug 15, 2022, at 1:34 PM, Carsten Bormann <cabo@tzi.org> wrote:
> 
> On 15. Aug 2022, at 17:11, Ted Lemon <mellon@fugue.com> wrote:
>> 
>> This is a good question. I think we’d want to understand what the actual use case is for DNS-over-CoAP before proceeding with this,
> 
> The main use case is systems that already implement CoAP and do not want to add machinery for some protocols that are used only for very specific purposes.

You’re going to have to construct a DNS packet. I presume CoAP is using DTLS, so you have to have DTLS. So again, I don’t see how this reduces complexity. It seems like it adds complexity.

> I’ll leave that to the authors; obviously, all caches have limitations, but being able to make use of CoAP caches along the way would be an improvement.

It is not a given that caching with CoAP makes things better. What is CoAP’s caching behavior? How will it handle short TTLs? Reading the document, it’s clear this has not been considered. Given that the whole point of this is to make DNS connections private, I would assume that the cache shouldn’t have the credentials to peek into the packet. Except that it must. So I really don’t understand the threat model here.

> That can definitely be done (for a definition of “compress” — a concise form for some DNS data might be a better approach), but it to me it seemed working out the protocol machinery first is the right way to proceed here.  (From the point of view of the CoAP protocol, this would just be a separate media type.)

I don’t think this is true. Just because you can do something doesn’t mean you should. Until we can come up with some use case for this that solves a problem that isn’t already solved, I don’t think the IETF should be pursuing this work at all.

v2.23.0 | Report a Bug | By Email