[DNSOP] review of qname-minimisation-01 draft
"Rose, Scott W." <scott.rose@nist.gov> Fri, 06 March 2015 21:12 UTC
Return-Path: <scott.rose@nist.gov>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50EDD1A870A for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 13:12:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q3TWgmS4VaLi for <dnsop@ietfa.amsl.com>; Fri, 6 Mar 2015 13:12:46 -0800 (PST)
Received: from wsget1.nist.gov (wsget1.nist.gov [129.6.13.150]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 841E71A8709 for <dnsop@ietf.org>; Fri, 6 Mar 2015 13:12:46 -0800 (PST)
Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget1.nist.gov (129.6.13.150) with Microsoft SMTP Server (TLS) id 14.3.224.2; Fri, 6 Mar 2015 16:12:24 -0500
Received: from postmark.nist.gov (129.6.16.94) by WSXGHUB1.xchange.nist.gov (129.6.18.96) with Microsoft SMTP Server (TLS) id 8.3.389.2; Fri, 6 Mar 2015 16:12:45 -0500
Received: from [129.6.222.69] ([129.6.222.69]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id t26LCdQK028954 for <dnsop@ietf.org>; Fri, 6 Mar 2015 16:12:39 -0500
From: "Rose, Scott W." <scott.rose@nist.gov>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-ID: <6CD16832-4217-454A-9FC2-7437991A623C@nist.gov>
Date: Fri, 06 Mar 2015 16:12:38 -0500
To: IETF DNSOP WG <dnsop@ietf.org>
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-NIST-MailScanner-Information:
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/I7Ak6FZ46jAWAg9vkiJGiXCs8Ro>
Subject: [DNSOP] review of qname-minimisation-01 draft
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 21:12:49 -0000
I think the draft is good enough to be advanced. Since it is on the Experimental track, there isn't too much risk. It only affects the resolver that chooses to do it, not any other entity and doesn't change the DNS protocol. Basic copy-edit comments: 1. Section 1. Introduction and background s/etc/etc. (Depends on style guide used I guess) 2. Section 3 I would prefer the sentence on legal issues dropped. It may decrease the usefulness of the logging, but maybe not the obligation to do it). 3. Section 3, paragraph 5 "Other strange and illegal practices..." Perhaps illegal is too strong of a word - replace with "unsafe"? If it is illegal somewhere, keep the language as is. There also used to be a very poorly implemented load balancer that would always return A RR's for whatever qtype that was asked. So a query for "example.com NS" would always return "www.example.com A". A couple of .gov sites used them, but replaced them when deploying DNSSEC. Not sure if they are still being used elsewhere. Like the other broken load balancers, they are only found on leaf nodes so not a major stumbling block. Security Considerations: While it does reduce the the amount of data seen by wire sniffers, it depends on where the wire sniffers are - if one is on the ISP somewhere in front of the recursive resolver, it could construct the entire query by recording all the minimized queries. Maybe rewrite as "Minimising the amount of data sent also, in part, addresses the case of a wire sniffer on transit networks as well as the case of privacy violation by the servers." also: s/improvment/improvement Scott =================================== Scott Rose NIST scott.rose@nist.gov +1 301-975-8439 Google Voice: +1 571-249-3671 http://www.dnsops.gov/ https://www.had-pilot.com/ ===================================
- [DNSOP] review of qname-minimisation-01 draft Rose, Scott W.
- Re: [DNSOP] review of qname-minimisation-01 draft Stephane Bortzmeyer