IETF Logo Mail Archive

Re: [dnsoverhttp] [EXTERNAL] You've got DNS in my HTTP! No, you've got HTTP in my DNS!!!!

Paul Hoffman <paul.hoffman@icann.org> Wed, 23 November 2016 18:17 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsoverhttp@ietfa.amsl.com
Delivered-To: dnsoverhttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9253D1299E6 for <dnsoverhttp@ietfa.amsl.com>; Wed, 23 Nov 2016 10:17:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.698
X-Spam-Level:
X-Spam-Status: No, score=-5.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nkaszaTp6IXm for <dnsoverhttp@ietfa.amsl.com>; Wed, 23 Nov 2016 10:17:10 -0800 (PST)
Received: from out.west.pexch112.icann.org (pfe112-ca-2.pexch112.icann.org [64.78.40.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CE92129570 for <dnsoverhttp@ietf.org>; Wed, 23 Nov 2016 10:17:10 -0800 (PST)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 23 Nov 2016 10:17:07 -0800
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1178.000; Wed, 23 Nov 2016 10:17:07 -0800
From: Paul Hoffman <paul.hoffman@icann.org>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [EXTERNAL] [dnsoverhttp] You've got DNS in my HTTP! No, you've got HTTP in my DNS!!!!
Thread-Index: AQHSRbXMgEL/tjewykaosd3w3LXf8A==
Date: Wed, 23 Nov 2016 18:17:07 +0000
Message-ID: <749C0D92-3D8F-40EC-B102-0E398E14038F@icann.org>
References: <20161123124740.37487c13@pallas.home.time-travellers.org> <CAKr6gn19=h9kiPEweXMiO50nrE0kYek2Wb0KAyw0M15T-9S87Q@mail.gmail.com> <CABkgnnW2XrPVt-89pG5=huMtbFanD=8e5y_R=9G+zpG+LVo-mw@mail.gmail.com>
In-Reply-To: <CABkgnnW2XrPVt-89pG5=huMtbFanD=8e5y_R=9G+zpG+LVo-mw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: multipart/signed; boundary="Apple-Mail=_13CD96D2-7D03-4318-9A92-A894D30F2ACF"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsoverhttp/DcRDeOPR6NyFExypLyDiXlfCcW0>
Cc: "dnsoverhttp@ietf.org" <dnsoverhttp@ietf.org>
Subject: Re: [dnsoverhttp] [EXTERNAL] You've got DNS in my HTTP! No, you've got HTTP in my DNS!!!!
X-BeenThere: dnsoverhttp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of DNS over HTTP <dnsoverhttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsoverhttp/>
List-Post: <mailto:dnsoverhttp@ietf.org>
List-Help: <mailto:dnsoverhttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 18:17:11 -0000

On Nov 22, 2016, at 9:09 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
> The code duplication bothers me a little.

Having two (or more) security models for the same data bothers me more than a little. That is, if addressing information has a particular set of security properties if it was gotten through a DNS query, but a different set of security properties if it was gotten from HTTP server push, that seems like an invitation to bad security assumptions in implementations. (It would probably also lead to pages of confusing and subtle security considerations in the document...)

--Paul Hoffman

v2.23.0 | Report a Bug | By Email