Re: [DNSOP] Genart telechat review of draft-ietf-dnsop-session-signal-11
"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 10 July 2018 01:27 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2AF6130ED3; Mon, 9 Jul 2018 18:27:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOeeRocNfEyN; Mon, 9 Jul 2018 18:27:36 -0700 (PDT)
Received: from mailb1.tigertech.net (mailb1.tigertech.net [208.80.4.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76ABD130EB7; Mon, 9 Jul 2018 18:27:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb1.tigertech.net (Postfix) with ESMTP id 683DEDC013B; Mon, 9 Jul 2018 18:27:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=2.tigertech; t=1531186056; bh=2ENZLFIm/Bl/Vio6OBobJlKP+d8PR6aeoMsq27iJTuk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=dNCTJotF2rrnb269af276h/Mtp99KezcmWdrBjWd+6uRCkPw9B3jnM8GDEXu9o5NN fEC5R2cU9ZZPUKufRCNhdw+djoBONervKP3e5U+EIQc9pF6PVLLTs+yZKzaHh1GZOF k+NhusGnvhRY42YKYAIajr4blLIesC25ZI+2gfJI=
X-Virus-Scanned: Debian amavisd-new at mailb1.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb1.tigertech.net (Postfix) with ESMTPSA id 4BBA2DC00E6; Mon, 9 Jul 2018 18:27:35 -0700 (PDT)
To: Ted Lemon <mellon@fugue.com>, draft-ietf-dnsop-session-signal.all@ietf.org
Cc: General area reviewing team <gen-art@ietf.org>, dnsop WG <dnsop@ietf.org>, ietf <ietf@ietf.org>
References: <153082732415.26353.11898401544902479901@ietfa.amsl.com> <CAPt1N1m32w=74pA736wbbJGj3D-gcW93+DYcNfAp-M0vfov0dA@mail.gmail.com> <99295cd6-d9f0-a60d-381b-8d57658ed701@joelhalpern.com> <CAPt1N1kONQdS7oO5LGL+te0mBA+sLUGFpPwZZCBJrACzN1S1LA@mail.gmail.com> <bb5a5e01-fdd4-1516-9815-61bb3444ff21@joelhalpern.com> <EA3E9899-9714-44D1-B656-3521F5AA6FFB@fugue.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <89b7a73e-f559-8ebe-a00c-0bf623742660@joelhalpern.com>
Date: Mon, 09 Jul 2018 21:27:33 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.0
MIME-Version: 1.0
In-Reply-To: <EA3E9899-9714-44D1-B656-3521F5AA6FFB@fugue.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/2NuSvyU7h7duBxJ64VUPuq9nwZ0>
Subject: Re: [DNSOP] Genart telechat review of draft-ietf-dnsop-session-signal-11
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 01:27:40 -0000
Thank you Ted. Those address my concerns. Yours, Joel On 7/9/18 9:07 PM, Ted Lemon wrote: > I got a bit wound up about not making the three changes that Joel called > out in the updated session signal comment, and insisted on not making > the changes because they didn't seem that important. I had a bit more > private conversation with Joel about it, and after some reflection > decided that it might be worth suggesting some changes after all based > on Joel's comments. > > What I would propose to fix these three issues are the following three > changes. > > In 5.1.3: > > OLD: > > Where an application-layer middlebox (e.g., a DNS proxy, forwarder, > or session multiplexer) is in the path, the middlebox MUST NOT > blindly forward DSO messages in either direction, and MUST treat the > inbound and outbound connections as separate sessions. This does not > preclude the use of DSO messages in the presence of an IP-layer > middlebox, such as a NAT that rewrites IP-layer and/or transport- > layer headers but otherwise preserves the effect of a single session > between the client and the server. > > NEW: > > Where an application-layer middlebox (e.g., a DNS proxy, forwarder, > or session multiplexer) is in the path, care must be taken to avoid > > inappropriately passing session signaling through the middlebox. > > > In cases where a DSO session is terminated on one side of a middlebox, > > and then some session is opened on the other side of the middlebox in > > order to satisfy requests sent over the first DSO session, any such session > > MUST be treated as a separate session. > > > This does not > > preclude the use of DSO messages in the presence of an IP-layer > middlebox, such as a NAT that rewrites IP-layer and/or transport- > layer headers but otherwise preserves the effect of a single session > between the client and the server. And of course it does not apply > > to middleboxes that do not implement DNS Stateless Operations. > > > These restrictions do not apply to middleboxes that do not implement > > DSO: since they have no way to understand a DSO message, a pass-through > > middlebox like the one described in the previous paragraph will pass > > DSO messages unchanged or drop them (or possibly drop the connection). > > A middlebox that is not doing a strict pass-through will have no way > > to know on which connection to forward a DSO message, and therefore > > will not be able to behave incorrectly. > > > In 5.2.2: > OLD: > > A DSO response message may contain no TLVs, or it may be specified to > contain one or more TLVs appropriate to the information being > communicated. This includes "Primary TLVs" and "Additional TLVs" > defined in this document as well as in future TLV definitions. > > > NEW: > > A DSO response message may contain no TLVs, or it may be specified to > contain one or more TLVs appropriate to the information being > communicated. This includes "Primary TLVs" and "Additional TLVs" > defined in this document as well as in future TLV definitions. > > It may be permissible for an additional TLV to appear in a response > > to a primary TLV even though the specification of that primary TLV > > does not specify it explicitly. See section 8.2 for more information. > > > In 5.4: > OLD: > > With most TCP implementations, for DSO requests that generate a > response, the TCP data acknowledgement (generated because data has > been received by TCP), the TCP window update (generated because TCP > has delivered that data to the receiving software), and the DSO > response (generated by the receiving application-layer software > itself) are all combined into a single IP packet. Combining these > three elements into a single IP packet can give a significant > improvement in network efficiency. > > > NEW: > With most TCP implementations, for DSO requests that generate a > > response, the TCP data acknowledgement (generated because data has > been received by TCP), the TCP window update (generated because TCP > has delivered that data to the receiving software), and the DSO > response (generated by the receiving application-layer software > itself) are all combined into a single IP packet. Combining these > three elements into a single IP packet can give a significant > improvement in network efficiency, assuming that the DSO response > > is sent before the TCP Delayed Acknowledgement timer goes off. > >
- Re: [DNSOP] Genart telechat review of draft-ietf-… Joel M. Halpern
- Re: [DNSOP] Genart telechat review of draft-ietf-… Ted Lemon
- Re: [DNSOP] Genart telechat review of draft-ietf-… Ted Lemon
- [DNSOP] Genart telechat review of draft-ietf-dnso… Joel Halpern
- Re: [DNSOP] Genart telechat review of draft-ietf-… Joel M. Halpern
- Re: [DNSOP] Genart telechat review of draft-ietf-… Ted Lemon
- Re: [DNSOP] Genart telechat review of draft-ietf-… Joel M. Halpern