IETF Logo Mail Archive

Re: [DNSOP] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)

Sara Dickinson <sara@sinodun.com> Wed, 21 November 2018 14:36 UTC

Return-Path: <sara@sinodun.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49A12130EE7; Wed, 21 Nov 2018 06:36:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sinodun.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kRtvhOoAAgIS; Wed, 21 Nov 2018 06:36:25 -0800 (PST)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78CA412F1A6; Wed, 21 Nov 2018 06:36:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sinodun.com ; s=haggis-2018; h=To:Date:Subject:From; bh=+KJnvObEgrqB/2zAiGv3sMWDI0mAL6DAnc7Pi38Mnks=; b=vTKw+JNvGK8Cr5hTXsB/3Vhjhj PL8aHumDObsp8XP1g2/N0130G+YeWbIWDSZ2jhVEPHhx3dADPovb002WVSNaellkKO2RYhO0XfQ2v A06Tb/NgvjTXkyy7SKnavVCTdB/ltSCsM/F8rl/rEZS+xENNniZluynFi44bEOzxzafNxcrh9GXfD cT5wcbviSJcGQULtGuHx/+tiaZdVVCVclvU7QZTGm9DylT2emmP35kzl+vQw/66UM1XT+32Twt3Mb EdKtxa6JZg1l4qWAqELPnv2p7BTehqbZL9qqwLb3sEzOFE1TW9yuzutzS6iEbmVKspPERaf3YTroH hjo1pIAw==;
Received: from [2001:b98:204:102:fffa::409] (port=54453) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <sara@sinodun.com>) id 1gPTc6-0005fh-5S; Wed, 21 Nov 2018 14:36:22 +0000
From: Sara Dickinson <sara@sinodun.com>
Message-Id: <BF3169F5-E68D-4C68-80D7-1772E7A9EDEA@sinodun.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_8C0AF2D8-25A1-41F8-B130-D968B94E1331"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
Date: Wed, 21 Nov 2018 14:36:09 +0000
In-Reply-To: <154265985064.16386.5550594646862412061.idtracker@ietfa.amsl.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dnsop-dns-capture-format@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dnsop-chairs@ietf.org, dnsop@ietf.org
To: Alexey Melnikov <aamelnikov@fastmail.fm>
References: <154265985064.16386.5550594646862412061.idtracker@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3445.100.39)
X-BlackCat-Spam-Score: 14
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EidTqDQckubeLzi1VIjZmuTomgY>
Subject: Re: [DNSOP] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 14:36:35 -0000


> On 19 Nov 2018, at 20:37, Alexey Melnikov <aamelnikov@fastmail.fm> wrote:

Hi Alexey, 

Thanks for the review.

> 
> Alexey Melnikov has entered the following ballot position for
> draft-ietf-dnsop-dns-capture-format-08: Discuss
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Thank you for this document, it is a useful contribution to RFC series. I
> enjoyed reading it.
> 
> I have a small list of issues that is hopefully easy to fix:
> 
> 1)
> 
> In 7.4.2:
> 
>   | filter           | O | T | "tcpdump" [pcap] style filter for      |
>   |                  |   |   | input.                                 |
> 
> This makes the [pcap] reference Normative. If you don't want to do that, please
> fully specify syntax in this document.

Is that true if it is an optional field? 

> 
> 2) I believe [I-D.ietf-cbor-cddl] reference needs to be Normative due to use of
> CDDL in Appendix A. If you don't think CDDL is normative, you need to state
> that in Appendix A.

Yes indeed - it should be normative, will fix. 


> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Was CDDL in Appendix A validated with a tool? This information is missing from
> the shepherding write-up.

We (the authors) have used the CDDL tool described on http://cbor.io/tools.html <http://cbor.io/tools.html> to read the CDDL in Appendix A and ensured an example instance can be created. 

Did you have some other validation tool in mind?

> 
> 6.2.3.  Storage flags
> 
>   The Storage Parameters also contains optional fields holding details
>   of the sampling method used and the anonymisation method used.  It is
>   RECOMMENDED these fields contain URIs pointing to resources
>   describing the methods used.
> 
> Please add a Normative Reference for URI spec here (RFC 3986).

Yes, will do. 

> 
> 7.5.3.2.  "QueryResponseSignature"
> 
>   | qr-transport-flags | O | U | Bit flags describing the transport   |
>   |                    |   |   | used to service the query.           |
>   |                    |   |   | Bit 0. IP version. 0 if IPv4, 1 if   |
>   |                    |   |   | IPv6                                 |
>   |                    |   |   | Bit 1-4. Transport. 4 bit unsigned   |
>   |                    |   |   | value where 0 = UDP, 1 = TCP, 2 =    |
>   |                    |   |   | TLS, 3 = DTLS. Values 4-15 are       |
>   |                    |   |   | reserved for future use.             |
>   |                    |   |   | Bit 5. 1 if trailing bytes in query  |
>   |                    |   |   | packet. See Section 11.2.            |
> 
> Would something like DoH appear as a separate transport choice?

No, we need to add DoH to this list (it didn’t exist when we started the draft!). 

> 
> How can new values be added to the list if there are no IANA Considerations?

As described in response to the DISCUSS on this issue we propose IANA create a C-DNS registry with
subregistries with keys for each of the different maps used in C-DNS.
New entries in these subregistries would follow Expert Review 

> 
> 7.5.3.5.  "MalformedMessageData"
> 
>   |                    |   |   |                                      |
>   | mm-transport-flags | O | U | Bit flags describing the transport   |
>   |                    |   |   | used to service the query. Bit 0 is  |
>   |                    |   |   | the least significant bit.           |
>   |                    |   |   | Bit 0. IP version. 0 if IPv4, 1 if   |
>   |                    |   |   | IPv6                                 |
>   |                    |   |   | Bit 1-4. Transport. 4 bit unsigned   |
>   |                    |   |   | value where 0 = UDP, 1 = TCP, 2 =    |
>   |                    |   |   | TLS, 3 = DTLS. Values 4-15 are       |
>   |                    |   |   | reserved for future use.             |
> 
> If the above bits supposed to be the same as for qr-transport-flags,
> maybe it is worth defining them once and referencing in all relevant places?

The qr-transport-flags and mm-transport-flags are different in that the qr-transport-flags include Bit 5, the trailing bytes indicator.

In the CDDL a base ’TransportFlags’ type is defined and then

mm-transport-flags     => TransportFlags,

qr-transport-flags    => QueryResponseTransportFlags,

 QueryResponseTransportFlagValues = &(
      query-trailingdata : 5,
  ) / TransportFlagValues
  QueryResponseTransportFlags = uint .bits QueryResponseTransportFlagValues

We can add some text to the table descriptions in sections 7.5.3.2 and 7.5.3.5 to clarify the relationship. 

> 
> 7.6.  "QueryResponse"
>   | query-size           | O | U | DNS query message size (see        |
>   |                      |   |   | below).                            |
>   |                      |   |   |                                    |
>   | response-size        | O | U | DNS query message size (see        |
>   |                      |   |   | below).                            |
> 
> I think "DNS response message size" for response-size.
> 
> It is odd to have RFC 2119 language in B.2, which is itself informative.


Good catch :-)

Many thanks

Sara.

v2.23.0 | Report a Bug | By Email