IETF Logo Mail Archive

Re: [DNSOP] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Wed, 21 November 2018 14:42 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46508129741; Wed, 21 Nov 2018 06:42:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=jf0iEw5k; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Dz/F6cs5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bd2mSMeH6QdC; Wed, 21 Nov 2018 06:42:05 -0800 (PST)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6D35128A5C; Wed, 21 Nov 2018 06:42:04 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 20EB921E72; Wed, 21 Nov 2018 09:42:04 -0500 (EST)
Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Wed, 21 Nov 2018 09:42:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= message-id:from:to:cc:mime-version:content-transfer-encoding :content-type:subject:date:references:in-reply-to; s=fm1; bh=4NB WQSyoF5Ovw14/UfasE7/9EVdSF4fkJjGXYRiIAsU=; b=jf0iEw5k2rXVlMwG5FZ aEn4KlKAbyI+WCDrfsxjgYfPnHmdB8S2jB5wdXhTX7kkITZeetIPDKv1+qlc4p2b 3Mp6trSZP761sWsko+kxwuJWLRw2oM8TK6+x0DkPh5ZaLgpHsfQck+pgF49XUNUD Yt7Bu5pr9d9edLlXQSJQQgze7+NltECLvXQevtTqgB5d3oF6ikjLr2e4NaWjGzIq 2FPO7HYvZjX3ItRuc8kdU+ZID/Ht3z3z+LXuOt3FJJuEpHZhK05OvfFbl+ljfg2u VSsN1v68TyAry8uQrWUfnifwalOUseMu6hKtHVaFggonxLGZKVBXHg9xiEar2eBA XDg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=4NBWQSyoF5Ovw14/UfasE7/9EVdSF4fkJjGXYRiIA sU=; b=Dz/F6cs5YjKpRjvF6C7aWLD5TQL7XrxtT2u/i9FtHbUAOUHw+tgS8k8hX /Kjk6P8n/7Y0arBfJkFMeVfYFCsv5+YrFW1P/DDDfCvpUvNOQr6blYgc3JpaEviT lgvBsiEVgNbxdUeiXhTDJHcsDd7yVF/z3BLi9sPSVrxvAnWPpvKhl2llPLmeMB3P DcRbYe5oGY5xPih/Q+ZuQJuVtFnebbqx0GvaGRomGkZ0VfdFg3ktK3WqM1rfHJIs 4tl52+GeT/B9TYzL4f3G2DL6pf8ZWwrkWG5A7tBGb6rNjmGS5XclxzKQdtMsJGdv ScrEWjkonHq81l7U+dt2Z2WIDcwcQ==
X-ME-Sender: <xms:um71Wymq1tY0EQhy3yIEkbJl3J0MszHQpLkagJkvfeNwCj8xuQQbRg>
X-ME-Proxy: <xmx:um71W7jNzXqWe2EKFTb8rj9kXrA6iUBWRVmevenZrK1amMm_-Wgxeg> <xmx:um71W5Z-LsgFYzceHwn-l2WfBjBGPd7fXouCTWmpjeFClImUt2lNJw> <xmx:um71W0VphWOYnatO0y9kvlOL88UAaiI36ZnBf9mutfASGrEXUTd-IQ> <xmx:um71WwiH9CHy9A5U_my8pOyAD2u8uyky1JAKdySm3zgV_plxoA7tcw> <xmx:um71W_m3dKdK_zVAfzlFV4Xx6xBsShUIzPA0sED2dmlF2Bp4rqGHNA> <xmx:vG71W3rX2rJuLPIKImOOfUOZ2WuysgCSzHOrj5PglnjTk79qQGqzwg>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id B04F69E1EC; Wed, 21 Nov 2018 09:42:02 -0500 (EST)
Message-Id: <1542811322.1310112.1584530512.0785569A@webmail.messagingengine.com>
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: Sara Dickinson <sara@sinodun.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dnsop-dns-capture-format@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dnsop-chairs@ietf.org, dnsop@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_154281132213101121"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-3449945b
Date: Wed, 21 Nov 2018 14:42:02 +0000
References: <154265985064.16386.5550594646862412061.idtracker@ietfa.amsl.com> <BF3169F5-E68D-4C68-80D7-1772E7A9EDEA@sinodun.com>
In-Reply-To: <BF3169F5-E68D-4C68-80D7-1772E7A9EDEA@sinodun.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/fbdlYFvoYdd4h3qCKQdwXkpKyVE>
Subject: Re: [DNSOP] Alexey Melnikov's Discuss on draft-ietf-dnsop-dns-capture-format-08: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Nov 2018 14:42:10 -0000

Hi Sara,

On Wed, Nov 21, 2018, at 2:36 PM, Sara Dickinson wrote:
>> On 19 Nov 2018, at 20:37, Alexey Melnikov
>> <aamelnikov@fastmail.fm> wrote:> 
> Hi Alexey, 
> 
> Thanks for the review.
> 
>> 
>> Alexey Melnikov has entered the following ballot position for
>> draft-ietf-dnsop-dns-capture-format-08: Discuss
>> ---------------------------------------------------------------
>> ------->> DISCUSS:
>> ---------------------------------------------------------------
>> ------->> 
>> Thank you for this document, it is a useful contribution to RFC
>> series. I>> enjoyed reading it.
>> 
>> I have a small list of issues that is hopefully easy to fix:
>> 
>> 1)
>> 
>> In 7.4.2:
>> 
>>    | filter           | O | T | "tcpdump" [pcap] style filter
>>    | for      |>>    |                  |   |   | input.
>>    |                  |   |   | |>> 
>> This makes the [pcap] reference Normative. If you don't want to do
>> that, please>> fully specify syntax in this document.
> 
> Is that true if it is an optional field? 
Yes, optionallity of a field doesn't make its full specification
optional.
> 
>> 
>> 2) I believe [I-D.ietf-cbor-cddl] reference needs to be Normative due
>>    to use of>> CDDL in Appendix A. If you don't think CDDL is normative, you need
>> to state>> that in Appendix A.
> 
> Yes indeed - it should be normative, will fix. 
> 
> 
>> 
>> ---------------------------------------------------------------
>> ------->> COMMENT:
>> ---------------------------------------------------------------
>> ------->> 
>> Was CDDL in Appendix A validated with a tool? This information is
>> missing from>> the shepherding write-up.
> 
> We (the authors) have used the CDDL tool described on
> http://cbor.io/tools.html to read the CDDL in Appendix A and ensured
> an example instance can be created.> 
> Did you have some other validation tool in mind?
No, this is fine. I just wanted to know.

> 
>> 
>> 6.2.3.  Storage flags
>> 
>>    The Storage Parameters also contains optional fields holding
>>    details>>    of the sampling method used and the anonymisation method used.
>>    It is>>    RECOMMENDED these fields contain URIs pointing to resources
>>    describing the methods used.
>> 
>> Please add a Normative Reference for URI spec here (RFC 3986).
> 
> Yes, will do. 
> 
>> 
>> 7.5.3.2.  "QueryResponseSignature"
>> 
>>    | qr-transport-flags | O | U | Bit flags describing the
>>    | transport   |>>    |                    |   |   | used to service the query.
>>    |                    |   |   | |>>    |                    |   |   | Bit 0. IP version. 0 if IPv4, 1 if
>>    |                    |   |   | |>>    |                    |   |   | IPv6
>>    |                    |   |   | |>>    |                    |   |   | Bit 1-4. Transport. 4 bit unsigned
>>    |                    |   |   | |>>    |                    |   |   | value where 0 = UDP, 1 = TCP, 2 =
>>    |                    |   |   | |>>    |                    |   |   | TLS, 3 = DTLS. Values 4-15 are
>>    |                    |   |   | |>>    |                    |   |   | reserved for future use.
>>    |                    |   |   | |>>    |                    |   |   | Bit 5. 1 if trailing bytes in query
>>    |                    |   |   | |>>    |                    |   |   | packet. See Section 11.2.
>>    |                    |   |   | |>> 
>> Would something like DoH appear as a separate transport choice?
> 
> No, we need to add DoH to this list (it didn’t exist when we started
> the draft!).> 
>> 
>> How can new values be added to the list if there are no IANA
>> Considerations?> 
> As described in response to the DISCUSS on this issue we propose IANA
> create a C-DNS registry with> subregistries with keys for each of the different maps used in C-DNS.> New entries in these subregistries would follow Expert Review 
Ok, great.

> 
>> 
>> 7.5.3.5.  "MalformedMessageData"
>> 
>>    |                    |   |   |                                      |
>>    | mm-transport-flags | O | U | Bit flags describing the
>>    | transport   |>>    |                    |   |   | used to service the query. Bit 0 is
>>    |                    |   |   | |>>    |                    |   |   | the least significant bit.
>>    |                    |   |   | |>>    |                    |   |   | Bit 0. IP version. 0 if IPv4, 1 if
>>    |                    |   |   | |>>    |                    |   |   | IPv6
>>    |                    |   |   | |>>    |                    |   |   | Bit 1-4. Transport. 4 bit unsigned
>>    |                    |   |   | |>>    |                    |   |   | value where 0 = UDP, 1 = TCP, 2 =
>>    |                    |   |   | |>>    |                    |   |   | TLS, 3 = DTLS. Values 4-15 are
>>    |                    |   |   | |>>    |                    |   |   | reserved for future use.
>>    |                    |   |   | |>> 
>> If the above bits supposed to be the same as for qr-transport-flags,>> maybe it is worth defining them once and referencing in all relevant
>> places?> 
> The qr-transport-flags and mm-transport-flags are different in that
> the qr-transport-flags include Bit 5, the trailing bytes indicator.> 
> In the CDDL a base ’TransportFlags’ type is defined and then
> 
> mm-transport-flags     => TransportFlags,
> 
> qr-transport-flags    => QueryResponseTransportFlags,
> 
>  QueryResponseTransportFlagValues = &(
>       query-trailingdata : 5,
>   ) / TransportFlagValues
>   QueryResponseTransportFlags = uint .bits
>   QueryResponseTransportFlagValues> 
> We can add some text to the table descriptions in sections 7.5.3.2 and
> 7.5.3.5 to clarify the relationship.Thank you for your clarification. Your explanation is sufficient.

> 
>> 
>> 7.6.  "QueryResponse"
>>    | query-size           | O | U | DNS query message size
>>    | (see        |>>    |                      |   |   | below).
>>    |                      |   |   | |>>    |                      |   |   |                                    |
>>    | response-size        | O | U | DNS query message size
>>    | (see        |>>    |                      |   |   | below).
>>    |                      |   |   | |>> 
>> I think "DNS response message size" for response-size.
>> 
>> It is odd to have RFC 2119 language in B.2, which is itself
>> informative.> 
> Good catch :-)
> 
> Many thanks
> 
> Sara.

v2.23.0 | Report a Bug | By Email