Re: [dns-privacy] DoH vs DoT at IMC 2019

Petr Špaček <petr.spacek@nic.cz> Thu, 12 September 2019 08:57 UTC

Return-Path: <petr.spacek@nic.cz>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D130120817 for <dns-privacy@ietfa.amsl.com>; Thu, 12 Sep 2019 01:57:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.996
X-Spam-Level:
X-Spam-Status: No, score=-6.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FROM_EXCESS_BASE64=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LpL5T2xGR3KA for <dns-privacy@ietfa.amsl.com>; Thu, 12 Sep 2019 01:57:51 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFDD4120814 for <dns-privacy@ietf.org>; Thu, 12 Sep 2019 01:57:49 -0700 (PDT)
Received: from pc-cznic19.fit.vutbr.cz (unknown [IPv6:2001:67c:1220:80c:7865:9f03:e3b:10d3]) by mail.nic.cz (Postfix) with ESMTPSA id 7C50F1416DA for <dns-privacy@ietf.org>; Thu, 12 Sep 2019 10:57:47 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1568278667; bh=nsoHa1qOKE1iD4pFvsXNw4wHr3WluLGLVBD2oc4IRqc=; h=To:From:Date; b=D06mMbbmI7YI7H8kzf/LRe93Xj1O3NTP7ri6Li2TvLTJom5A8q+t2W43UT3bI+UtP fHWx7+T5v9Od7j/xItpOHgftdX8mcnURrwVx1cRTQJFLurdibMbCrEG+cPL4ri8CjN 4PWOgu7E5EkEvmHhreDPa6atqwWuqdJYQj04FtLE=
To: dns-privacy@ietf.org
References: <7A5A1175-1AEB-4A04-BC75-169BD9A321FD@qmul.ac.uk> <CAChr6SzfRJC6rUjO0qgDT_JaFSqRZs9dR8Q3G85gh+14wH8Yuw@mail.gmail.com>
From: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= <petr.spacek@nic.cz>
Autocrypt: addr=petr.spacek@nic.cz; prefer-encrypt=mutual; keydata= mQINBFhri/0BEADByTMkvpHcvPYwyhy0IDQ1B2+uU6AWP0QJQB3upM/YqxoJBeMQ5SxpO+W6 BsU0hTIF90AKIgiiDtMH1oNhHnzRXqePKORIgL3BbH5OxGcbqCYk1fIKk43DliCN1RcbTyRV REnCRQGWMTUbRS/jQ3uyTAX4rT0NhPWhPy6TMLGEg6WJJz0IzhBEw3TitvAlq6XHbi5EZYwU AHqIcuqr3sS+qkWqlIBlahu1hqhTcmYGz7ihjnWkOFi1rjRfLfudAtgFpUSmsixh2tifdy+C d8OBQbtF2kM7V1X5dUzw/nUBXm1Qex2qohRmCspwqivu7nlDMrLoilmPaeoR5evr5hpIDdfP cJAPTJk4n56q6MTHFJWkGa0yq13AJHLANNjQ/dF+W6Dhw9w2KBpuw0iGZQBBf5G9SQ1xJ+tU 9filaldsTAX1gMkVso//kGEbuRIJnJr7Z8foE/zofFyoAv21VWy2vpgQ3CnEWOZMSmYH7/gZ qcM7nfkjk4zAijpjYA3qlXoWa44/nrkAGvt7sAMsxY1C2H7tr3h3/rwyfbBqQ9nMpNwYLXXa Dil7uzyqlpKDjwWCzYd3sH7ATyT4htrd0BY5+IFimSfHyLwixhakH8E14YYyV9tzkrB7fiWd g7+zDThLtZMvtrehtkjVDPT50xg8TMr68hd3GRWBUJHszMTnlQARAQABtCJQZXRyIMWgcGHE jWVrIDxwZXRyLnNwYWNla0BuaWMuY3o+iQJUBBMBCAA+AhsDBQsJCAcCBhUICQoLAgQWAgMB Ah4BAheAFiEEvibrucvgWbORDKNbzo3WoaUKIeQFAlwQ5d0FCQWnguAACgkQzo3WoaUKIeR/ wQ//c16RhWSNICjuHhdQjJADBdzivZepVBRGsDo1Bau4A+p05iznv8REWIGVfCAAShsH/02h cT2dIoxPzJ/avK4WiDoYLzycLs5nw/eodsUIYxvNcerDNLiBbBP/stSCfPy3oX055mHxTP8P d9rhiHfgWq0dmY58r9tEz00DeP9u/UIMMpY3EXih+wsHSW2l6sXgUMDAPly8MeH0vqmrcp7Y 2/zcOJGH5gGv+KTsXVV4p6Q3h2HgJfRA+q7KCu5P32XswRJZVAiHzwsC+w+jmrtaU+gTQR2B 72m7lfkmct/5I5xAG/QcaoM3pnY/x+eNL4vJ99uK3axdm8b02y+zYqgxVlqDpwXT8cI7B0k4 V9XISZyRn4024YS9ljO2ytV45n4nedzImpqnjBVDura59m9l70aPqyF5O6Sk8IhhW1vhue4M NJnmwmZaY+p9AcB6J9PjEKTZdlpBYoaFbca+r/X0uJtN6P1s/ZJstptji3M84p/g0BnHsGXM vuvpFN3lJUIQXWvf6eZGuvWLVVeAE/vYoz380B7eIbVaNhlbZ8wnSq77atiwjttyCf4LqTBk 4nV+RsJzbS3IUz6MOg5gaet6dJHQ6tMwUOcne74HofWaoXdH0HkmaTh83mKdWjRJlwBnelzT 0ogYWv8CRr7G/I6LQ/WUx0VOmaae9oBdTVCozM+0IFBldHIgU3BhY2VrIDxwZXRyLnNwYWNl a0BuaWMuY3o+iQJUBBMBCAA+AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEvibrucvg WbORDKNbzo3WoaUKIeQFAlwQ5eEFCQWnguAACgkQzo3WoaUKIeTE3BAAsXJDtGuCF/Ssz0Y3 b6SA/3ZC+i3bWHz8l7dtFO+gvKFhRdwAxGY4NlD/QSyMTEVz6lHCf4TQYPZOmKisOdEyklgS Yep6dgYitnlMTSUfDC7R+L9fd68NjiPrw4WWKblDr7ukc6VlZpGxKblPpuVLAho0MVi0GEjR fVldMaptchQEW4bGiWj/ESBSR4PL7oPhHzJPXsJMeS4Zhit9RiegFOuPfExWKX+U0yJ69qSU AvyRE1WXQi3gzxXMdPIR0yrukbQInQJ9TwI6LMKy7j7PLx2zExUTRK6GO7TktKwKVn1fVyzF Ir0eMqr5MbUfHapyIUdEHWoLaY0i9ZObXQaSPi0tNZwmneTZbK/7UrawsXGt4Y7BvHS5Hte0 ggFOKJkCJWyMEfQPf2obZkvP5smRC+VMNlC5fOwxLnXBE69NXE9hxdenTr2E43b79Colqyak 4eE7J0aQHe6iQDRyuq8w6cr4Ry54pBCym90saIUt58k+4zxVXJH18VliOdfa98ZlsT4zFjzA biYNuGDGxQ5EAS01Qf8bR29O/rp/MqmXmr0Yhmzt6X7UhTfXDsqK+BLt+xZw6x3OrgrNnM0F Em0QOjFfhv2VDw/q20yU+Ls+dD6I3Q5TEpKcCcpCKoowVE7XMfba+fuKIXgkw7fb//QdymzJ XygR2MORImwVGcN8tba5Ag0EWGuL/QEQAMWnhl/FKgpMBp3QiQUr0JWhnpcrLBgsU08+HPD7 6Bu8cvYRftCqESypuxYxikfiNz8qrnk5hhT+UhxQu4PRj2gNHbpcVCi7QV5I2fNEZvrTtTw4 U49D56L3YybVg9DfcY+PwaptCmQCnfmx+MnrhMf8RBjfxE3feOwdGSHC1ZT/rKj5FmztwVG6 KG4uXwW6g/QDm7/H6U014gGTx/bstVisXzU1IMMNiOc5sJqH5AvMYDAYO2NaQFVrCmgdbCrn w5BLHmmLDI4KcUl4U41FxNGA7Pbf2uwQDkt5h+Y4Zyc3AboIegnll1YnDk5X0GgDtRMcb3nF UdXlCISbqrqKAjrApXZG0VLtGh7Ra3wfuALjUl6popNSwaTPq4mtoXyaYrJLwT6ZKHd2Oap0 k0cXWkmorEDE9gD1jSM+dhZ4Qfh8945HZi8GPO2zJ72c6/UC4o27Td27OhzJT3kN8/+XA0mv lIf3XxV/W3tZwmP12Don0lzks7CDXdCvfVO5mKOsx2ozsskoL/S06RJ5c2gyUck4ipuqbs3j XgjQfK1sQ1/sCLIPE0DlPMkqQHR4E8ubYUxAIct9qwkeBsKtC63qdjDd/caff48PMYQcj2x9 C/+Zi87vuhFIbD7cfLVOjEidwiKsDJGlrkp08uSUOkAO+l+ReO4voh9lnQ4hYotJFr8NABEB AAGJAjwEGAEIACYCGwwWIQS+Juu5y+BZs5EMo1vOjdahpQoh5AUCXBDl9wUJBaeC+gAKCRDO jdahpQoh5OD7D/0bKnkRwHgChHe8pXE/RICHXMGF6vduH24ZopMBa3T7S/x/JlgYQ+pmv//2 uSh0+ddtCev2iDOMmZmmw+8Y/JFmKRaNgjCR8zZVvgELKvnBD3770oGShvnMJCZTDajuz+Ah KkWwILkHR5i6wCtUOesLKuujJrFs3oylRvmXNUwQ4LNiWO12s9EBc8sUpGbeKMtXRFxg/Mkl U49XkTNR8K0awZNddEj1j07/uUVon6JafDKCj9eiLQiAEe84CP0andDQFj6wjpGDOb11t12b yBgnj4WN9mK8jt9t19K5tNa+u0WYV0ei8g8lgu9cruFQbbbDDgKd4gUPihlJXL3FSiol/SpA 2u7MSpOvvLuVtkjPGA8JJWYfSOmAnWmjpEtomWU0D5mSU5Dvp8IyJoPnJC4mW7APnD5pw9ZN uZlfoOKMYc9lKPN5SSIwpy1hJGpVSjomYrR2DDCbeXX86tvgPdiwtU9ANrhmsJ9KV2sYLfOQ QnyIJVJhDCVzQl8jHKfwLcsvFOg9h4W/9tBN4NgGNpXtrRJD/EpR2mBEXOsavGPsIzZYdynE ItUrRqChu5Q7thei58dEzrLSt8zBPXRtoOOH6EsoyyHFOqw/nmVa+0xKV5IaOF5VOJkKFveM rStQ8ILhGDeANMRCym0LdOA3jw+0umaGw1zgk+brjOWut4idlA==
Organization: CZ.NIC
Message-ID: <1ba0ac24-95ff-6d7b-b9bc-01a6c4b130c9@nic.cz>
Date: Thu, 12 Sep 2019 10:59:42 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.0
MIME-Version: 1.0
In-Reply-To: <CAChr6SzfRJC6rUjO0qgDT_JaFSqRZs9dR8Q3G85gh+14wH8Yuw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-PH
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.100.3 at mail.nic.cz
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/uUl_GY13q-4efPcyO_nGZ97ao5o>
Subject: Re: [dns-privacy] DoH vs DoT at IMC 2019
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Sep 2019 08:57:54 -0000

On 12. 09. 19 7:37, Rob Sayre wrote:
> On Wed, Sep 11, 2019 at 2:53 AM Timm Boettger <timm.boettger@qmul.ac.uk <mailto:timm.boettger@qmul.ac.uk>> wrote:
> 
>     Hi all,
> 
>     Rob Sayre has pointed me to this thread. I am an author of the linked paper...
> 
>     He has pointed out some confusing and outdated information in the paper, that I would like to clarify...
> 
> 
> Let me further clarify: I thought these were minor corrections, and I didn't want these small flaws to undermine a great point the paper made in its Section 3:
> 
> "Implementing out-of-order delivery via TLS is akin to (re-)implementing the stream multiplexing part of SCTP, QUIC or HTTP/2.0."

It should be noted that out-of-order query processing is in no way unique to TLS, it is the same for TCP (see RFC 5966 section 6).

It should also be noted that Knot Resolver (which I'm working on), BIND and also modern versions of Unbound _do_ support out-of-order query processing so the point above it moot. (I'm not sure about PowerDNS but I would be surprised if it did not have out-of-order processing support as well.)

Missing support on a particular service is not caused by lack of implementations in servers, maybe it is a problem "added" by layers on top.

Petr Špaček  @  CZ.NIC