[DNSOP] draft-ietf-dnsop-session-signal-00
Edward Lewis <edward.lewis@icann.org> Thu, 18 August 2016 13:04 UTC
Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59FF412DDA7 for <dnsop@ietfa.amsl.com>; Thu, 18 Aug 2016 06:04:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.448
X-Spam-Level:
X-Spam-Status: No, score=-5.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RxuJKfyI8B3r for <dnsop@ietfa.amsl.com>; Thu, 18 Aug 2016 06:04:22 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDD4612DDC0 for <dnsop@ietf.org>; Thu, 18 Aug 2016 06:04:22 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Thu, 18 Aug 2016 06:04:20 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1178.000; Thu, 18 Aug 2016 06:04:20 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: dnsop <dnsop@ietf.org>
Thread-Topic: draft-ietf-dnsop-session-signal-00
Thread-Index: AQHR+VEIhURtRPo/zE+jlkuhLz3TlA==
Date: Thu, 18 Aug 2016 13:04:19 +0000
Message-ID: <D7B0C183-7E97-46B0-AED6-5A692C784DF5@icann.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.18.0.160709
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.234]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3554355859_973401937"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/CQ_qRzpm_omXivdY7eELQq-fX5I>
Subject: [DNSOP] draft-ietf-dnsop-session-signal-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 13:04:24 -0000
Comments on draft-ietf-dnsop-session-signal-00 (Finally reading a document before all deadlines pass. See, Tim, I can be good.) Overall, defining session layer semantics in the DNS is something significant. In my estimation, one of the DNS architecture's weakest points is the management of the transport layer (resulting in the ANY/DDoS fiascos), as much as the abuse seen is abuse of the transport, the DNS contributes via relying blindly on the transports. So, addressing this by applying a session layer is a promising step. Initially reading the document I was a little confused, and perhaps the document can address this. From what I know of sessions, they can exist independent of transport connections. So this line in section 3.1 threw me a bit: "A session begins when a client makes a new connection to a server." The phrase "a new connection" could mean, "a connection" or "a connection after some time passes (if the two have connected at all before)." A "new connection" - perhaps "establishes a connection"? And mentioning when a session ends would be helpful. I assume, after reading the document, that when a connection is closed, the session ends. (Is that so?) In that case all session management is discarded. The implication includes - if the server sheds load, the clients no longer are in sessions with the server (thus the timeout parameter diddling is lost too, if it was diddled). To help clarify, whether a session can cover multiple transport connections - in parallel or sequentially in time - should be addressed. (I'd hoped that the session could also manage UDP too. If not be managed over UDP, but include UDP transports within the session.) There is a sentence I can't figure out in section 3's beginning. ## Where a middle box (e.g. a DNS proxy, ## forwarder, or session multiplexer) is in the path the message MUST ## NOT be blindly forwarded in either direction by that middle box. I don't get that at all. I'm not sure what is meant by "blindly forwarded." And as a final request for clarification, the terms client and server are defined to be "in the usual DNS sense". (Joking, what's usual about DNS?) In the sense an authoritative server (for queries) can act like an AXFR client for zone updates, does client and server refer to the individual mechanisms and not the process. (What if a primary server uses TCP to ask questions of a secondary while also answering AXFR requests? As I say, what's "usual.")
- [DNSOP] draft-ietf-dnsop-session-signal-00 Edward Lewis