Re: [DNSOP] Benjamin Kaduk's Discuss on draft-ietf-dnsop-session-signal-12: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Tue, 31 July 2018 20:25 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB78D130E83; Tue, 31 Jul 2018 13:25:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sHDxAHbzGBoJ; Tue, 31 Jul 2018 13:25:55 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0E38130E80; Tue, 31 Jul 2018 13:25:54 -0700 (PDT)
X-AuditID: 1209190f-ce1ff70000004cdc-1e-5b60c5d04c72
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id FC.F4.19676.1D5C06B5; Tue, 31 Jul 2018 16:25:53 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id w6VKPlGB031574; Tue, 31 Jul 2018 16:25:49 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w6VKPgpa006731 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 31 Jul 2018 16:25:45 -0400
Date: Tue, 31 Jul 2018 15:25:42 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Tom Pusateri <pusateri@bangj.com>
Cc: tjw.ietf@gmail.com, dnsop@ietf.org, dnsop-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-dnsop-session-signal@ietf.org
Message-ID: <20180731202542.GO96369@kduck.kaduk.org>
References: <153270509617.32757.1191915890190419981.idtracker@ietfa.amsl.com> <EFFB4DC5-5A4B-4EAB-8B9F-56229080CDF0@bangj.com> <C2528F63-6B39-4E50-92E6-B089E776BA3F@bangj.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <C2528F63-6B39-4E50-92E6-B089E776BA3F@bangj.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBKsWRmVeSWpSXmKPExsUixG6nrnvxaEK0wZGv2hZvtk9isbj75jKL xbz1a5gsZvyZyGzR/CXIYlrbZmYHNo+1M06zeeycdZfdY8mSn0wBzFFcNimpOZllqUX6dglc GdvW9bMXHOeu+PPqDWMD43+OLkZODgkBE4lnj5+xdTFycQgJLGaSeHxyHjOEs5FR4v6XDWwg VUICV5kk2meGgtgsAqoSkz+2MYHYbAIqEg3dl5lBbBGg+IN129hBmpkFuhglns04wQKSEBYo lLh++xQriM0LtG5L3zSodZsZJX7fmccEkRCUODnzCVgDs4C6xJ95l4CmcgDZ0hLL/3FAhOUl mrfOBlvGKWAr8Wv9SnYQW1RAWWJv3yH2CYyCs5BMmoVk0iyESbOQTFrAyLKKUTYlt0o3NzEz pzg1Wbc4OTEvL7VI10QvN7NELzWldBMjKBI4Jfl3MM5p8D7EKMDBqMTDe6I6IVqINbGsuDL3 EKMkB5OSKK/1YaAQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEV4bmfhoId6UxMqq1KJ8mJQ0B4uS OO+9mvBoIYH0xJLU7NTUgtQimKwMB4eSBO+eI0BDBYtS01Mr0jJzShDSTBycIMN5gIa/B6nh LS5IzC3OTIfIn2LU5fjzfuokZiGWvPy8VClxXkGQIgGQoozSPLg5oAQmkb2/5hWjONBbwrzW wHQmxANMfnCTXgEtYQJaoh0SC7KkJBEhJdXAyPaNR0/ZsuJp9XouE1/X3cvEJl1wF7NJqH13 3W65ew3TsVVHkz3/bsos2DVBpqjip9Qyc+H7TzbdKT8dN3+Ot8sR420B59/tFs5cxX1e8q6P sG0ap8EX6T2RqqsU3rnH5jbt5Ljz9UW0/K8Ngmd7eleXTfukfehA7e6V6lNDQjPP/5of1Du1 XYmlOCPRUIu5qDgRAKuWBhE7AwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/icINgRBc9grx6tHeRbCSSl2zWOA>
Subject: Re: [DNSOP] Benjamin Kaduk's Discuss on draft-ietf-dnsop-session-signal-12: (with DISCUSS and COMMENT)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2018 20:25:57 -0000

On Tue, Jul 31, 2018 at 04:14:41PM -0400, Tom Pusateri wrote:
> 
> 
> > On Jul 31, 2018, at 3:53 PM, Tom Pusateri <pusateri@bangj.com> wrote:
> > 
> >> 
> >>   If the RCODE is set to any value other than NOERROR (0) or DSOTYPENI
> >>   ([TBA2] tentatively 11), then the client MUST assume that the server
> >>   does not implement DSO at all.  In this case the client is permitted
> >>   to continue sending DNS messages on that connection, but the client
> >>   SHOULD NOT issue further DSO messages on that connection.
> >> 
> >> I'm confused how the server would still have proper framing for subsequent
> >> DNS messages, since the DSO TLVs would be "spurious extra data" after a
> >> request header and potentially subject to misinterpretation as the start of
> >> another DNS message header.
> > 
> > Yes, this is a serious oversight. I think we are going to need to encode differently to make all the TLVs look like an RR externally so the RDLEN can be used to skip them and add a single count or switch the TLV syntax back to RR syntax. The existing DNS header format / RR format is less than ideal...
> > 
> 
> My co-authors reminded me about the TCP framing for DNS which gives the length of the DNS message so it can easily be skipped so this isn’t a problem.

Ah, that would do the trick.  It looks like I only chased up through the
header format in 1035 and didn't scroll down to the "TCP usage" section.
Sorry for the noise.

-Benjamin