IETF Logo Mail Archive

Re: [DNSOP] Genart telechat review of draft-ietf-dnsop-session-signal-11

"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 10 July 2018 01:27 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2AF6130ED3; Mon, 9 Jul 2018 18:27:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOeeRocNfEyN; Mon, 9 Jul 2018 18:27:36 -0700 (PDT)
Received: from mailb1.tigertech.net (mailb1.tigertech.net [208.80.4.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76ABD130EB7; Mon, 9 Jul 2018 18:27:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb1.tigertech.net (Postfix) with ESMTP id 683DEDC013B; Mon, 9 Jul 2018 18:27:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1531186056; bh=2ENZLFIm/Bl/Vio6OBobJlKP+d8PR6aeoMsq27iJTuk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=dNCTJotF2rrnb269af276h/Mtp99KezcmWdrBjWd+6uRCkPw9B3jnM8GDEXu9o5NN fEC5R2cU9ZZPUKufRCNhdw+djoBONervKP3e5U+EIQc9pF6PVLLTs+yZKzaHh1GZOF k+NhusGnvhRY42YKYAIajr4blLIesC25ZI+2gfJI=
X-Virus-Scanned: Debian amavisd-new at mailb1.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb1.tigertech.net (Postfix) with ESMTPSA id 4BBA2DC00E6; Mon, 9 Jul 2018 18:27:35 -0700 (PDT)
To: Ted Lemon <mellon@fugue.com>, draft-ietf-dnsop-session-signal.all@ietf.org
Cc: General area reviewing team <gen-art@ietf.org>, dnsop WG <dnsop@ietf.org>, ietf <ietf@ietf.org>
References: <153082732415.26353.11898401544902479901@ietfa.amsl.com> <CAPt1N1m32w=74pA736wbbJGj3D-gcW93+DYcNfAp-M0vfov0dA@mail.gmail.com> <99295cd6-d9f0-a60d-381b-8d57658ed701@joelhalpern.com> <CAPt1N1kONQdS7oO5LGL+te0mBA+sLUGFpPwZZCBJrACzN1S1LA@mail.gmail.com> <bb5a5e01-fdd4-1516-9815-61bb3444ff21@joelhalpern.com> <EA3E9899-9714-44D1-B656-3521F5AA6FFB@fugue.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <89b7a73e-f559-8ebe-a00c-0bf623742660@joelhalpern.com>
Date: Mon, 09 Jul 2018 21:27:33 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.0
MIME-Version: 1.0
In-Reply-To: <EA3E9899-9714-44D1-B656-3521F5AA6FFB@fugue.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2NuSvyU7h7duBxJ64VUPuq9nwZ0>
Subject: Re: [DNSOP] Genart telechat review of draft-ietf-dnsop-session-signal-11
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 01:27:40 -0000

Thank you Ted.  Those address my concerns.
Yours,
Joel

On 7/9/18 9:07 PM, Ted Lemon wrote:
> I got a bit wound up about not making the three changes that Joel called 
> out in the updated session signal comment, and insisted on not making 
> the changes because they didn't seem that important.   I had a bit more 
> private conversation with Joel about it, and after some reflection 
> decided that it might be worth suggesting some changes after all based 
> on Joel's comments.
> 
> What I would propose to fix these three issues are the following three 
> changes.
> 
> In 5.1.3:
> 
> OLD:
> 
>     Where an application-layer middlebox (e.g., a DNS proxy, forwarder,
>     or session multiplexer) is in the path, the middlebox MUST NOT
>     blindly forward DSO messages in either direction, and MUST treat the
>     inbound and outbound connections as separate sessions.  This does not
>     preclude the use of DSO messages in the presence of an IP-layer
>     middlebox, such as a NAT that rewrites IP-layer and/or transport-
>     layer headers but otherwise preserves the effect of a single session
>     between the client and the server.
> 
> NEW:
> 
>     Where an application-layer middlebox (e.g., a DNS proxy, forwarder,
>     or session multiplexer) is in the path, care must be taken to avoid
> 
>     inappropriately passing session signaling through the middlebox.
> 
> 
> In cases where a DSO session is terminated on one side of a middlebox,
> 
> and then some session is opened on the other side of the middlebox in
> 
> order to satisfy requests sent over the first DSO session, any such session
> 
> MUST be treated as a separate session.
> 
> 
> This does not
> 
>     preclude the use of DSO messages in the presence of an IP-layer
>     middlebox, such as a NAT that rewrites IP-layer and/or transport-
>     layer headers but otherwise preserves the effect of a single session
>     between the client and the server.  And of course it does not apply
> 
>     to middleboxes that do not implement DNS Stateless Operations.
> 
> 
>     These restrictions do not apply to middleboxes that do not implement
> 
>     DSO: since they have no way to understand a DSO message, a pass-through
> 
>     middlebox like the one described in the previous paragraph will pass
> 
>     DSO messages unchanged or drop them (or possibly drop the connection).
> 
>     A middlebox that is not doing a strict pass-through will have no way
> 
>     to know on which connection to forward a DSO message, and therefore
> 
>     will not be able to behave incorrectly.
> 
> 
> In 5.2.2:
> OLD:
> 
>     A DSO response message may contain no TLVs, or it may be specified to
>     contain one or more TLVs appropriate to the information being
>     communicated.  This includes "Primary TLVs" and "Additional TLVs"
>     defined in this document as well as in future TLV definitions.
> 
> 
> NEW:
> 
>     A DSO response message may contain no TLVs, or it may be specified to
>     contain one or more TLVs appropriate to the information being
>     communicated.  This includes "Primary TLVs" and "Additional TLVs"
>     defined in this document as well as in future TLV definitions.
> 
>     It may be permissible for an additional TLV to appear in a response
> 
>     to a primary TLV even though the specification of that primary TLV
> 
>     does not specify it explicitly.   See section 8.2 for more information.
> 
> 
> In 5.4:
> OLD:
> 
>     With most TCP implementations, for DSO requests that generate a
>     response, the TCP data acknowledgement (generated because data has
>     been received by TCP), the TCP window update (generated because TCP
>     has delivered that data to the receiving software), and the DSO
>     response (generated by the receiving application-layer software
>     itself) are all combined into a single IP packet.  Combining these
>     three elements into a single IP packet can give a significant
>     improvement in network efficiency.
> 
> 
> NEW:
> With most TCP implementations, for DSO requests that generate a
> 
>     response, the TCP data acknowledgement (generated because data has
>     been received by TCP), the TCP window update (generated because TCP
>     has delivered that data to the receiving software), and the DSO
>     response (generated by the receiving application-layer software
>     itself) are all combined into a single IP packet.  Combining these
>     three elements into a single IP packet can give a significant
>     improvement in network efficiency, assuming that the DSO response
> 
>     is sent before the TCP Delayed Acknowledgement timer goes off.
> 
>

v2.23.0 | Report a Bug | By Email