IETF Logo Mail Archive

Re: [DNSOP] comments on dnsop-qname-minimisation-02

Shumon Huque <shuque@gmail.com> Wed, 11 March 2015 18:02 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F4B61A1B89 for <dnsop@ietfa.amsl.com>; Wed, 11 Mar 2015 11:02:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7W75y-xyEGe for <dnsop@ietfa.amsl.com>; Wed, 11 Mar 2015 11:02:28 -0700 (PDT)
Received: from mail-ie0-x233.google.com (mail-ie0-x233.google.com [IPv6:2607:f8b0:4001:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9A471A1B87 for <dnsop@ietf.org>; Wed, 11 Mar 2015 11:02:27 -0700 (PDT)
Received: by ieclw3 with SMTP id lw3so382288iec.2 for <dnsop@ietf.org>; Wed, 11 Mar 2015 11:02:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=kxGUgXGu9UvYrLE0NQH0hl87AJcVfg+Oq7atofNXs4k=; b=FWanRSbf+x9gMQSWDfsbp/K37aU8rgFNTPhsy2iZgNaX3EoBs5zCXC56YVhgOVsuLI b1CiXCzP9XX6G7bfqp7aUCm3mfio7IZlsiKAYkGDVsnFj4wTzMcDMUbDJrD6sFagWUpP M19QL6CPElf5HZymEdTxtk3qJPdVJ1TkmczY9zBEOhNXc2Uovy/GCW2U2EIaZL+NcrSu M4VxS/oTdQ0xjE1+q58HLTo6bJBtrkoQTkCyj2xAyvm+XRIQNHaJ5BiYTyp3fWHJXstz 6lJ3lNxM/t01ZJ27TbKBghk2FYCnHmlTdNPBLPO0iiNe8nhx2wjCr7fpOVwV2ljAf10b J0Ew==
MIME-Version: 1.0
X-Received: by 10.42.100.73 with SMTP id z9mr43023451icn.79.1426096947299; Wed, 11 Mar 2015 11:02:27 -0700 (PDT)
Received: by 10.64.77.234 with HTTP; Wed, 11 Mar 2015 11:02:27 -0700 (PDT)
In-Reply-To: <21E44846-EAA1-4518-A4F7-20304DE78FBC@vpnc.org>
References: <CAHPuVdW6KUongqRBKE8zwK4By=ocJRpS=2MYpq1tYcPjYq6amw@mail.gmail.com> <20150311160258.GA524@nic.fr> <21E44846-EAA1-4518-A4F7-20304DE78FBC@vpnc.org>
Date: Wed, 11 Mar 2015 14:02:27 -0400
Message-ID: <CAHPuVdX52bs7Kpr_FTd7-chpQvo3AUkKARGCu7ADT2oAzVd=FQ@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="20cf301b60e3f591e005110711ec"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/4NFZWBRXc7gBWhMe3AFXh0g6Zy8>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>
Subject: Re: [DNSOP] comments on dnsop-qname-minimisation-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: shuque@gmail.com
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 18:02:29 -0000

On Wed, Mar 11, 2015 at 12:50 PM, Paul Hoffman <paul.hoffman@vpnc.org>
wrote:

> On Mar 11, 2015, at 9:02 AM, Stephane Bortzmeyer <bortzmeyer@nic.fr>
> wrote:
> >
> > On Wed, Mar 11, 2015 at 12:35:29AM -0400,
> > Shumon Huque <shuque@gmail.com> wrote
> > a message of 400 lines which said:
> >
> >> Are we standardizing on the british spelling of "minimisation" in
> >> preference to the americanized "minimization"?
> >
> > Bikeshedding is postponed until Working Group Last Call :-)
>
> Or beyond. The RFC Editor allows both types of spelling, and they will
> make it consistent.
>

Okay, that's fair!


> >
> >> One thing this document doesn't make clear is that the algorithm
> >> being presented not only minimizes the query name, but also hides
> >> the query type until it reaches the target zone (by using the NS
> >> query type rather than the actual type).
> >
> > Do note the use of NS is not mandatory. See section 3, the paragraph
> > starting with "Another way to deal with such broken name servers"
> > (which you mention later) and also section 3, 1st paragraph about the
> > statistics of qtypes.
>
> My strong preference is that this document only deal with qname
> minimization. If someone wants to extend that to qtype minimization, which
> covers a different threat model, that should be done in a different
> document.
>

I'm not yet fully decided on this, but I think I'm leaning in Paul's
direction. By deferring
the qtype hiding feature, we have a simpler resolution algorithm & smaller
changes to
existing code. And perhaps more importantly, we have easier deployability -
we don't
have to implement a specific set of workarounds for known problems such as
authority
servers not responding to NS queries, or middleboxes that don't allow them.
And we save
the wasted time & cycles involved in executing those workarounds.

Shumon Huque

v2.23.0 | Report a Bug | By Email