Re: [dns-privacy] Fwd: New Version Notification for draft-huitema-quic-dnsoquic-00.txt
Petr Špaček <petr.spacek@nic.cz> Wed, 10 May 2017 13:09 UTC
Return-Path: <petr.spacek@nic.cz>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29C9C129442 for <dns-privacy@ietfa.amsl.com>; Wed, 10 May 2017 06:09:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Level:
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YhAqwX7hwmQw for <dns-privacy@ietfa.amsl.com>; Wed, 10 May 2017 06:09:38 -0700 (PDT)
Received: from mail.nic.cz (mail.nic.cz [217.31.204.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 485F4126DFB for <dns-privacy@ietf.org>; Wed, 10 May 2017 06:09:38 -0700 (PDT)
Received: from [IPv6:2001:67c:1220:8b4:98:467f:3406:4c0a] (unknown [IPv6:2001:67c:1220:8b4:98:467f:3406:4c0a]) by mail.nic.cz (Postfix) with ESMTPSA id 5A7916040C for <dns-privacy@ietf.org>; Wed, 10 May 2017 15:09:36 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1494421776; bh=ZLyjKzsd4zacQjI0JukKlW7AHBvm1LGjLf9DTbQdYhE=; h=To:From:Date; b=Wvli8yJHHcTLrjYpdWnOwGv1recnlO/YR/BUVXyo2nRfkIXTm+QE9va0F2BuBwElb CTvpvRoNoj7Mzwfs2a3YugzdCasvqQ2dpM9cI5HJlqKdJzxdiM8Ap5teexRt0MwugP pmv/eQeAQeScp3L73svcakr03JOM3GMWGBwUXe9w=
To: dns-privacy@ietf.org
References: <0b31dc15-3e13-ac36-5c09-056ea8f1b2e8@huitema.net> <cbdb51e1-7f5a-9ddf-a30e-6ca9c2b9c67d@huitema.net> <BN6PR03MB2708062197E49BF2F98402B487000@BN6PR03MB2708.namprd03.prod.outlook.com>
From: Petr Špaček <petr.spacek@nic.cz>
Organization: CZ.NIC
Message-ID: <51201cb7-5a67-d906-ee9d-ca5da0cd0083@nic.cz>
Date: Wed, 10 May 2017 15:09:35 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0
MIME-Version: 1.0
In-Reply-To: <BN6PR03MB2708062197E49BF2F98402B487000@BN6PR03MB2708.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/yDoXYrtzBryenW5zH-yK7kWblf8>
Subject: Re: [dns-privacy] Fwd: New Version Notification for draft-huitema-quic-dnsoquic-00.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2017 13:09:41 -0000
On 11.4.2017 20:39, Mike Bishop wrote: > Looks great – I’m excited to have another concrete application profile > we can look at. > > > > As a side note, I think 4.4 mischaracterizes any recent draft of > HTTP/QUIC. An HTTP server does explicitly need to listen for > client-initiated streams opening; there’s no announcement of this > happening on Stream 3 as you describe. The main effect of choosing to > have no control stream is that there can be no reliable session-level > application context, since data on any stream can be lost via a stream > reset at the wrong time. > > > > 5.2.2 is an example of this issue – how will the SERVFAIL be reliably > delivered if the stream is reset? You probably need to either define > error codes for DNS/QUIC and replace SERVFAIL with those, or reliably > deliver the SERVFAIL (somehow – by never resetting streams?). Let me express support for Mike's comment above. Current text is confusing when it comes to SERVFAIL. Ad 6.4. DNS Message IDs: I'm in favor of the two blocks of proposed text: When sending multiple queries over a QUIC connection, clients MUST NOT reuse the DNS Message ID of an in-flight query on that connection in order to avoid Message ID collisions. Clients MUST match outstanding queries using the Message ID and if the response contains a question section, the client MUST match the QNAME, QCLASS, and QTYPE fields. Reasoning: There are various DNS proxies which change transport protocol between UDP/TCP/TLS/HTTP on fly, without client knowing. We do not know how this landscape will evolve so it is IMHO better to specify the same behavior for message IDs and query matching regardless of transport to avoid problems with tricks we do not see today. The same applies to 6.3. Response Sizes. For now I propose to keep the same limitations for response sizes regardless of transport. Thank you for writting this down! Petr Špaček @ CZ.NIC > *From:*QUIC [mailto:quic-bounces@ietf.org] *On Behalf Of *Christian Huitema > *Sent:* Monday, April 10, 2017 10:23 AM > *To:* quic@ietf.org; dns-privacy@ietf.org > *Subject:* Fwd: Fwd: New Version Notification for > draft-huitema-quic-dnsoquic-00.txt > > > > > > FYI: Just published this draft describing transport of DNS over a > dedicated QUIC connection. > > -- Christian Huitema > > -------- Forwarded Message -------- > > *Subject: * > > > > New Version Notification for draft-huitema-quic-dnsoquic-00.txt > > *Date: * > > > > Mon, 10 Apr 2017 09:45:37 -0700 > > *From: * > > > > internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> > > *To: * > > > > Melinda Shore <mshore@fastly.com> <mailto:mshore@fastly.com>, Sara > Dickinson <sara@sinodun.com> <mailto:sara@sinodun.com>, Christian > Huitema <huitema@huitema.net> <mailto:huitema@huitema.net>, Allison > Mankin <amankin@salesforce.com> <mailto:amankin@salesforce.com>, > Janardhan Iyengar <jri@google.com> <mailto:jri@google.com>, Jana Iyengar > <jri@google.com> <mailto:jri@google.com> > > > > A new version of I-D, draft-huitema-quic-dnsoquic-00.txt > > has been successfully submitted by Christian Huitema and posted to the > > IETF repository. > > > > Name: draft-huitema-quic-dnsoquic > > Revision: 00 > > Title: Specification of DNS over QUIC > > Document date: 2017-04-10 > > Group: Individual Submission > > Pages: 18 > > URL: https://www.ietf.org/internet-drafts/draft-huitema-quic-dnsoquic-00.txt > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Finternet-drafts%2Fdraft-huitema-quic-dnsoquic-00.txt&data=02%7C01%7Cmichael.bishop%40microsoft.com%7C5df00a51bfe64b16ca4b08d480363ab3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636274417782332222&sdata=QxDgeYj6NMHseVKcgY%2Fv8pgLqj09avV1PnGaOJv7%2B3c%3D&reserved=0> > > Status: https://datatracker.ietf.org/doc/draft-huitema-quic-dnsoquic/ > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-huitema-quic-dnsoquic%2F&data=02%7C01%7Cmichael.bishop%40microsoft.com%7C5df00a51bfe64b16ca4b08d480363ab3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636274417782332222&sdata=c7MuOxq2w3L2jz3MWcwA96gCJq8l3ckGjnCF6fHJfNk%3D&reserved=0> > > Htmlized: https://tools.ietf.org/html/draft-huitema-quic-dnsoquic-00 > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-huitema-quic-dnsoquic-00&data=02%7C01%7Cmichael.bishop%40microsoft.com%7C5df00a51bfe64b16ca4b08d480363ab3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636274417782332222&sdata=i4nBJms1WZwRo78vAZWFSAlfuH49H8zD2WjQIu2Gqwc%3D&reserved=0> > > Htmlized: https://datatracker.ietf.org/doc/html/draft-huitema-quic-dnsoquic-00 > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-huitema-quic-dnsoquic-00&data=02%7C01%7Cmichael.bishop%40microsoft.com%7C5df00a51bfe64b16ca4b08d480363ab3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636274417782332222&sdata=JywZYehy3Axc7sDXskM2mGeW4kdiiPBSMZlbicD1N58%3D&reserved=0> > > > > > > Abstract: > > This document describes the use of QUIC to provide transport privacy > > for DNS. The encryption provided by QUIC has similar properties to > > that provided by TLS, while QUIC transport eliminates the head-of- > > line blocking issues inherent with TCP and provides more efficient > > error corrections than UDP. DNS over QUIC has privacy properties > > similar to DNS over TLS specified in RFC7858, and performance similar > > to classic DNS over UDP. > > > > > > > > > > Please note that it may take a couple of minutes from the time of submission > > until the htmlized version and diff are available at tools.ietf.org. > > > > The IETF Secretariat
- [dns-privacy] Fwd: Fwd: New Version Notification … Christian Huitema
- Re: [dns-privacy] Fwd: Fwd: New Version Notificat… Stephen Farrell
- Re: [dns-privacy] Fwd: Fwd: New Version Notificat… Ray Bellis
- Re: [dns-privacy] Fwd: Fwd: New Version Notificat… Marco Davids (IETF IMAP)
- Re: [dns-privacy] Fwd: Fwd: New Version Notificat… Alexander Mayrhofer
- Re: [dns-privacy] Fwd: Fwd: New Version Notificat… Christian Huitema
- Re: [dns-privacy] Fwd: New Version Notification f… Mike Bishop
- Re: [dns-privacy] Fwd: New Version Notification f… Petr Špaček