IETF Logo Mail Archive

Re: [dns-privacy] [DNSOP] Next steps: draft-ietf-core-dns-over-coap

Esko Dijk <esko.dijk@iotconsultancy.nl> Fri, 07 July 2023 07:26 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 787ECC13AE57; Fri, 7 Jul 2023 00:26:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dZsBBHRM-H34; Fri, 7 Jul 2023 00:26:42 -0700 (PDT)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2131.outbound.protection.outlook.com [40.107.249.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89013C137396; Fri, 7 Jul 2023 00:26:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BeevjWDOQXKQXaiRhW2HW1oShJyDGeDxhu6LOEFtRVw4h0hfAbQClRFV/1aPlYkwbc5T7jg/U8KWBIe2mZ8qj3o7n7p8mjUpNWdpCVdjY4D56rxYFZGxCRLXYxFs16s78hIrK5lZ5/B1eEfbUaa6B7BhTyfH/hXeYX+ee+pV5LgjCYKJFWNIZqBfL+8XiGCqiOuSkOxV78kOcqjf90SQ7lHt4hwBNUdSC7R9RJ8AmqcyIM3DuRVzgMaKZcUo1zm6fcSz5EKkJ45MFFv9rfwQpqHADSarsL+DTiy9KDQ98jLqfYfchfC7I4VUamEneOyJeGypj+4mQq+/AGQbZ9vIDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=A9AstPtRWKO4NLRkbHDQK9r/52ZygFVJ3IAbu1Lwa/o=; b=beTjNwxKopO+f6we5dJ3REQk9Aaudd3QkTK+trsBIHanaKR5VubdmiTkggKuEtnTQQsgkftFNCEnKKt38f21m71qdGeq79jQjV7nDgxQDhlVplEGOUCSlCuqaauD4NEUyZ4Ff/dhhsHsM+hh4uH2iOAVZCJyl2fmeicTt9KAjRQd06PSIR7n7gLngkY0MvaxnAUsuKFaoLyfiqQnACHX5+DEToVR4gt3XHx/mYI0DB4itfiEk6Og2SvANmsxHNrFX8eubgnwQD5HGNxJy8Ie/ezBLNlrccrGDkMQxq9YMXKqtRtggRUfQcvcMRb7dIW6F7khYRN/vNaIRtTGDFvf9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A9AstPtRWKO4NLRkbHDQK9r/52ZygFVJ3IAbu1Lwa/o=; b=B1sfzz8BKhQOzvbKDs+lI+KMFFH2+Q5n1CUFQPN4FbqzK8KZIsqTQt6Pne2evQT0zMJSrQA+FIe9UGq7eT+Lw4GaPrezWuN2IPL13LRg0w9vF/glfGk2S5EUfxZY/eoq0CMyiDn/0SH+UwwIPRfLRVN5iER5MB+uPPcmVKtU5uo=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by DBAP190MB1016.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:1b0::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Fri, 7 Jul 2023 07:26:36 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::ff1b:7eab:94ba:f28]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::ff1b:7eab:94ba:f28%4]) with mapi id 15.20.6565.016; Fri, 7 Jul 2023 07:26:36 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org>, Christian Amsüss <christian@amsuess.com>
CC: "draft-ietf-core-dns-over-coap@ietf.org" <draft-ietf-core-dns-over-coap@ietf.org>, dnsop <dnsop@ietf.org>, DNS Privacy Working Group <dns-privacy@ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [DNSOP] Next steps: draft-ietf-core-dns-over-coap
Thread-Index: AQHZr2/3WEwoNcwWzEuAIfkXQiWp86+t6Gww
Date: Fri, 07 Jul 2023 07:26:36 +0000
Message-ID: <DU0P190MB19787639A69DDB74B086A84CFD2DA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <BN8PR15MB32814FED7FC7E459A484967FB32FA@BN8PR15MB3281.namprd15.prod.outlook.com>
In-Reply-To: <BN8PR15MB32814FED7FC7E459A484967FB32FA@BN8PR15MB3281.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|DBAP190MB1016:EE_
x-ms-office365-filtering-correlation-id: 7ecc835c-5760-4217-ab50-08db7ebb7f42
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eS1V6Iivb+aKYMaYXYGTW5ge+j7Hj3WwzD579KnbHN1PeHKsbQ+xMCbrgzNzeVSUpU0f0VyL37mX5u9NHt+4dUcSlqU3GgdUzwfhyu/Gx1oEf9hiVHy6rtlw2GUwgB1qPHvTqlo44orVHysHC8u8KhxUpO+CFyRZJJbZecRTpuAEA7RVdO/4vJCTwqb+df8NT6JnhVomMsCZMFNgJbU521Mj0nA1F26KMJBHKjDdt6tXcxM12azmkFslqKyi2mexs2RwozS8APTzXoJC6J6uY6HN8grLGBk8AYAKmHRiIqqEf7FfS9uQD5eR16Pj6vttdxo/wlBueny8i9aG2K4EvJYdgjHoBWGu4OVy4275oaUIMJzL6VvJ1c3YezZuUqvZCg+ni2OpS4f4kKSAwNeAZTHn2v8/BLp+2b3gVfhKOyBKk2N9r+MfFM74npeBchRvk4BHMRgI3akyBhvELCDcQG/Yesilns9EAinubV0nBgL7lHP4jHTwd3WMzYRNAD0bG6zfYXF8w7O2VmVgTKkItmMDLrtXNPTdtEN5fzfPZGVAT5srE5b7VXy5Dt/IE6SpHo2ukCqbWQdWZ2UGJefLhb2/34rrR9Q3OjAbRNWXEO8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(136003)(366004)(396003)(376002)(39830400003)(346002)(451199021)(9686003)(76116006)(66946007)(38100700002)(66476007)(64756008)(66446008)(4326008)(66556008)(122000001)(55016003)(186003)(86362001)(6506007)(966005)(7696005)(71200400001)(38070700005)(53546011)(26005)(54906003)(478600001)(33656002)(110136005)(52536014)(44832011)(8936002)(8676002)(316002)(66899021)(5660300002)(2906002)(41300700001)(83380400001)(66574015)(166002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: itn+RthpFRcdzT/NNuxrJ07fqzUgWkU5Bx+v0Uo2dE0xXr+wjioSHpMWhjBaZweXSaUvkgOmA8GbiVR5xjVHfdRnOgpjoCO/SAUEGmssvyXrtmG2S224Z4OpjKzfhKGGqg6/8XYEb20vTsvMCxa0U4vomtbr7tJjhxhkwxVws5bVmJ2g9Dh2fDI/k6UskdliysyEY9XVds5da28eTvdR/MYMKmk/Ala633KRZznc033SY44byOQ9waTZdRqfIiqQ7oERJAYReI8oHizf6joDUhg4S7/pL3rhwt1l/VMyqnRnRwEmljpEkAvJ/+ClsbRlUN7Pv9/eDcyNladQgvmaIoqApo8pQ3By6sKBOp20V+WGahf9Cm6tup1Qn//rjaNwENxrWwJf0jDBhupoc5Go+UOpQcsvNPXM4tMtJ122mO0kbUy7SpDgHyrUsVGTlP8hAuOBLgNxD/KT/kIPsvOzDl9yjmiC/pnLEBqyfHgIFRF+9xcqskFYdzZL28Onyv+qg6yxEXjwCQ5F0mZSN6BX4geC1OsAAV20d6kBeWgdNnywRTE3c8SDwZCkoyOtQp+hyuZpCg+zaa6J4xlx97lWFlhEY7COxh7xZPFVZw320A4zW575al3yS2Dsdc++CuKK29uHceYLb/s3X2fzJjTiF84qilwCz+B7WxdReejrYJ/xMfIj3sXOiQUNTx1GeFZ4zKqNzrBuq1+tlW7aYjKYcYKXTK/C2CDuv0IJFKGeiSMkrqP2f+g1U3V6ruFkfKZzpfH1gNxBVfMUVub8hVJCX7YGzFT9M8Qmg9I3PyS/HLhRZtztySe6CoBo/neW2HktymBDJohB5ttTsYk+X6ZSL/l6NDxZliDrKQlTo9cPH/ZnrItf0bQG0bN/FcxA8Hc+faNvfUyF/DHViWaP000sCCUzs+yDBQ9kF6gq/2wi3z92GWEdn5qeNgXREAxiFr16v71403D8DUBmS0Luh9egtDlTKr2wkOlNvdts+AYZz+vFMIGdfji/bLircA3Iig6szya68H7AaoAgXA0xfNz4Yyhgo39iwhXmWURASxDqvY15Eq8q4TB1HzKWBBaIVgZmQm9sSNzLOBiPTulfG8ojKiwEhKGw3oHEIiZ00W0ztIFttosPdqg8xg8Byp2hYxC/aIleqzqfMNcr8Wg+ml+qahiBedCVraq0va/D+XyX4e74BoqISpV2ZvUDujezcaPuGW4ktWbIqMSQSck2Fz7VET7LzGan+nGb76PeBRLUPrLvb0DIMZoNtlphQXH792AROXgtXEIMhI6KvwBrHIh+1FV7McX1xsJ0xUWXDPuWFUxxp/CgjXBASL3KWGLFrk+Ea0bcN+y+DUIIUDUvNlHfOI+ADfQ1hhU7RTL2wTWlMJXWEGWrYQ91g3Z3pJ5HU9UVJ7W1bOMmXe50rVoBcQgTSPC2nGEL91RJKkT+eY+KYorp6lw2kunzMm43ipJO5gOg0KNlw2ymnzYO7J3bvSAWvb/m1lImrQQPTm62tuwX3tI+B4IuBkJvhSmrfOB5dKWb7kvQAspRtgwuDgvUcaE/aRcQhQt4KQmhoqIQVJ1l6s+BjpcTVoB+8HcjCOaCQ3um
Content-Type: multipart/alternative; boundary="_000_DU0P190MB19787639A69DDB74B086A84CFD2DADU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 7ecc835c-5760-4217-ab50-08db7ebb7f42
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jul 2023 07:26:36.1884 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xL+LjVM7iP+6vqJLsQWKCNDVOjUdoLbSXiEZJHwjIz+P08du+DMuRe96XkNZsLuOk526BdQqxXX/0Nd8kP/N9/wcdZKXt7nZQ9QOurnGkUM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAP190MB1016
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/y4Thpz0ISavRlsLV7gXjan5FwFI>
Subject: Re: [dns-privacy] [DNSOP] Next steps: draft-ietf-core-dns-over-coap
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2023 07:26:46 -0000

In the last interim meeting presentation "security" was a key driver for this draft.  Which is a very good one; compared to non-secured DNS as the alternative.

Firmware size and code complexity/BOM are also relevant if this protocol can avoid pulling in extra components (TLS/DTLS) that would otherwise not be needed.
"More security by reducing complexity and reducing attack surface" also comes to mind here as a secondary security benefit.

Esko

From: core <core-bounces@ietf.org> On Behalf Of Ben Schwartz
Sent: Wednesday, July 5, 2023 20:40
To: Christian Amsüss <christian@amsuess.com>
Cc: draft-ietf-core-dns-over-coap@ietf.org; dnsop <dnsop@ietf.org>; DNS Privacy Working Group <dns-privacy@ietf.org>; core@ietf.org
Subject: Re: [core] [DNSOP] Next steps: draft-ietf-core-dns-over-coap

I think firmware size is a perfectly reasonable and sufficient motivation for this draft, but I don't think it can be described as "performance".

--Ben Schwartz


________________________________
From: Christian Amsüss
Sent: Wednesday, July 5, 2023 12:17 PM
To: Ben Schwartz
Cc: Martine Sophie Lenders; core@ietf.org<mailto:core@ietf.org>; draft-ietf-core-dns-over-coap@ietf.org<mailto:draft-ietf-core-dns-over-coap@ietf.org>; dnsop; DNS Privacy Working Group
Subject: Re: [DNSOP] Next steps: draft-ietf-core-dns-over-coap

Hello Ben,

picking one of the points in the thread and leaving the rest to another
subthread:

> > We have a paper on the performance benefits just accepted for CoNEXT,
> > which we will cite once it is published. An early pre-print (the final
> > paper underwent some major revisions though) is available on arXiv [5].
>
> This paper appears to be focused on DNS performance, but DNS is
> usually only a small component of overall system performance.

In this context, I think a relevant performance metric is firmware size
(or, equivalently, network load from firmware updates) -- a metric that
is covered in the latest preprint[1] of the same work. While a CoAP plus
OSCORE stack is marginally larger in firmware that a DNS plus DTLS stack
(and admittedly that's not even accounting for EDHOC that'd also be
needed if the DNS server is authenticated with public key cryptography),
that is text the application already pulls in, whereas the DTLS
component of DNS over DTLS alone already weighs another 20KiB of
firmware size. That represents a significant portion of the flash memory
available on the relevant microcontrollers.

Software complexity (both in terms of LoC and in terms of items on an
SBOM) is a factor that improves in parallel to the binary size savings.

BR
Christian

[1]: https://arxiv.org/abs/2207.07486v2

--
To use raw power is to make yourself infinitely vulnerable to greater powers.
  -- Bene Gesserit axiom

v2.23.0 | Report a Bug | By Email