Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal for transport indication in draft-ietf-dnsop-dns-wireformat-http
Ray Bellis <ray@bellis.me.uk> Wed, 04 April 2018 14:22 UTC
Return-Path: <ray@bellis.me.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 266AA127601; Wed, 4 Apr 2018 07:22:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I3Z5bVXtcVeG; Wed, 4 Apr 2018 07:22:03 -0700 (PDT)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0A7F12025C; Wed, 4 Apr 2018 07:22:02 -0700 (PDT)
Received: from 88-212-170-147.customer.gigaclear.net ([88.212.170.147]:55900 helo=rays-mbp.local) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) id 1f3jIV-0005rz-Ab (Exim 4.72) (return-path <ray@bellis.me.uk>); Wed, 04 Apr 2018 15:21:59 +0100
To: Paul Vixie <paul@redbarn.org>
Cc: dnsop@ietf.org, doh@ietf.org
References: <152168039295.5550.9572034766968749020.idtracker@ietfa.amsl.com> <CAAObRXLm3c-p9rZkn6H6tcEoh3-UT5JW06NXQ_FMyyr2NFMmyw@mail.gmail.com> <23219.33838.166003.614689@gro.dd.org> <CAAObRX+xF5SwVd3x3iXSWd-A0Kpr_ubbOJzn0yTrSk8pc+tm6Q@mail.gmail.com> <23219.56569.2064.711002@gro.dd.org> <CA+nkc8ANQh2wAr6==eNuM82mbD+E2ELzHGizdqF_sGdY-kkOqg@mail.gmail.com> <5AB3E3B7.3080607@redbarn.org> <69AA6C5D-D348-4956-8A31-FE1EC3A2042E@icann.org> <CABkgnnX2jGY_JpVbqJuQdDVUyVzsuM_2CDg4nppfqQHZQm0F+w@mail.gmail.com> <CAAObRXKHhk51DxNt5uiYB0gunJ=DNde2j9FJSU=Ky2m4Q1UkhQ@mail.gmail.com> <CABkgnnVL0XaUDS-WzDGaN9-kLx9p3x1+UVuWhvx=Zyo5oRos+w@mail.gmail.com> <19BED07A-942E-4A46-93A6-09770083EFF9@icann.org> <CABkgnnX-=n-reO9yjA8a2pHAD+JtoS5wX1w-dXMnDFdt4HXu-g@mail.gmail.com> <23236.18671.182273.977633@gro.dd.org> <28199575-e2e2-6966-fe17-f678f9f397f3@bellis.me.uk> <5AC4C2F7.7050906@redbarn.org>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <3630b151-9628-235e-a5b1-c838b777d9d2@bellis.me.uk>
Date: Wed, 04 Apr 2018 15:22:00 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <5AC4C2F7.7050906@redbarn.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/I4BmVMfRKPfcWlsfPGcazPvnA2s>
Subject: Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal for transport indication in draft-ietf-dnsop-dns-wireformat-http
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2018 14:22:05 -0000
On 04/04/2018 13:20, Paul Vixie wrote: > tcp and udp are the two ways a query might have reached the > initiating proxy, and that distinction is the only thing the > responding proxy needs to know. I disagree, I don't think that transport protocols should continue to be used as things that should be used for policy decisions. Per my previous message, they were a suitable proxy (no pun intended) for "this came from an unspoofable address", or "this channel can handle large responses" but there are other ways to achieve that now that aren't strictly transport. For example, presence of EDNS cookies satisfies the "unspoofable address" and therefore would permit RRL to be skipped for that client, but "UDP with Cookies" isn't a transport. [I appreciate that this isn't the best example because that cookie *might* get all the way through to the backend server anyway. But it also might not]. > if DOH becomes a standard transport, then we could add that > identifier as well -- but i don't think a client capable of DOH is > going to be using this particular proxy method. We already have DNS-over-TLS, DNS-over-DTLS, and folks are working on DNS-over-QUIC too. None of those are true "transports", but server operators may wish to make policy decisions based on the resulting meta-properties of them. Ray
- [DNSOP] Fwd: New Version Notification for draft-i… Davey Song
- Re: [DNSOP] Fwd: New Version Notification for dra… Richard Gibson
- Re: [DNSOP] Fwd: New Version Notification for dra… Dave Lawrence
- Re: [DNSOP] Fwd: New Version Notification for dra… Davey Song
- Re: [DNSOP] Fwd: New Version Notification for dra… Bob Harold
- Re: [DNSOP] Fwd: New Version Notification for dra… Davey Song
- Re: [DNSOP] Fwd: New Version Notification for dra… Dave Lawrence
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Bob Harold
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- [DNSOP] Alternate proposal for transport indicati… Paul Hoffman
- Re: [DNSOP] Alternate proposal for transport indi… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Hoffman
- Re: [DNSOP] Alternate proposal for transport indi… Davey Song
- Re: [DNSOP] [Doh] [Ext] Re: Alternate proposal fo… Davey Song
- Re: [DNSOP] [Doh] [Ext] Re: Alternate proposal fo… Paul Hoffman
- Re: [DNSOP] [Doh] Alternate proposal for transpor… Martin Thomson
- Re: [DNSOP] [Doh] Alternate proposal for transpor… Ray Bellis
- Re: [DNSOP] [Doh] Alternate proposal for transpor… Davey Song
- Re: [DNSOP] [Doh] Alternate proposal for transpor… Martin Thomson
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Hoffman
- Re: [DNSOP] [Doh] Alternate proposal for transpor… Dave Lawrence
- Re: [DNSOP] [Doh] Alternate proposal for transpor… Ted Lemon
- Re: [DNSOP] [Doh] Alternate proposal for transpor… Davey Song
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Martin Thomson
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Dave Lawrence
- Re: [DNSOP] [Doh] [Ext] Re: Alternate proposal fo… Davey Song
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ray Bellis
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ray Bellis
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ray Bellis
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ted Lemon
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ted Lemon
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ted Lemon
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ben Schwartz
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ted Lemon
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ted Lemon
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ted Lemon
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Paul Vixie
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Ted Lemon
- Re: [DNSOP] [Ext] Re: [Doh] Alternate proposal fo… Tony Finch
- Re: [DNSOP] [Doh] [Ext] Re: Alternate proposal fo… Martin Thomson