Re: [dnsoverhttp] New version of draft-hoffman-dns-over-http

Paul Hoffman <paul.hoffman@icann.org> Tue, 18 October 2016 02:28 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsoverhttp@ietfa.amsl.com
Delivered-To: dnsoverhttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7D1E1294D7 for <dnsoverhttp@ietfa.amsl.com>; Mon, 17 Oct 2016 19:28:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.632
X-Spam-Level:
X-Spam-Status: No, score=-4.632 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5HpBc4EKMip for <dnsoverhttp@ietfa.amsl.com>; Mon, 17 Oct 2016 19:28:32 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D100D129461 for <dnsoverhttp@ietf.org>; Mon, 17 Oct 2016 19:28:32 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 17 Oct 2016 19:28:30 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1178.000; Mon, 17 Oct 2016 19:28:30 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Patrick McManus <pmcmanus@mozilla.com>
Thread-Topic: [dnsoverhttp] New version of draft-hoffman-dns-over-http
Thread-Index: AQHSJudY7Go9JvtNNkGCJqNv9Ps+uKCtn7OAgABWdoA=
Date: Tue, 18 Oct 2016 02:28:29 +0000
Message-ID: <B69C1CDF-F1AF-4335-9014-AA9E2E121C0D@icann.org>
References: <5E9B74C7-6B48-4CF7-B952-084DC7F81141@icann.org> <CAOdDvNoTrf1rXZ+tFzrKoZhQp3sK9NSXWOUn6Sn5L3jPvWKE0Q@mail.gmail.com>
In-Reply-To: <CAOdDvNoTrf1rXZ+tFzrKoZhQp3sK9NSXWOUn6Sn5L3jPvWKE0Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <F2006B598892444A97921EB4179FA768@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsoverhttp/GM0CwD1Ayns5Cd2pK6luPDF20II>
Cc: "dnsoverhttp@ietf.org" <dnsoverhttp@ietf.org>
Subject: Re: [dnsoverhttp] New version of draft-hoffman-dns-over-http
X-BeenThere: dnsoverhttp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of DNS over HTTP <dnsoverhttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsoverhttp/>
List-Post: <mailto:dnsoverhttp@ietf.org>
List-Help: <mailto:dnsoverhttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 02:28:34 -0000

On Oct 17, 2016, at 2:19 PM, Patrick McManus <pmcmanus@mozilla.com> wrote:
> I don't have a chance this minute to propose text - but I have a few notes. I can help with text down the line if it would help.

It would, for the second one.

> But I didn't want to just sit on my comments.

Thanks! 
>   If no PREFIX is configured as above, the client MAY query a DNS
>    resolver for which they have an IP address.  The query is
> 
>       https://<IPADDRESS>/.well_known/TBD1
> 
>  If the DNS server knows about API support, the returned URI will be
>    the PREFIX.
> 
> I don't really know what this means for sure. Is the query an https query or a DNS query? methods etc? What is a returned URI?

Good catch. It is an HTTPS query, using GET. The returned URI becomes the PREFIX in the template.

> 
>    TODO: Full discussion about using this protocol in HTTP/2 for server
>    push.  This will also hopefully cover caching and DNS TTLs.
>  
> I don't think the push section will satisfy the caching considerations language - that is independent of push

I thought that someone linked them in the earlier thread.

> The primary thing to define here is what path and origin the pushed request is for.
> 
> Secondarily you get to decide whether that lives in the scope of an existing stream (e.g. an html document) or is attached to the whole session (aka stream 0) - this relationship is defined by push. If it is stream 0 you would need to define an h2 extension and negotiate it with settings - so I would probably avoid that.
> 
> Thirdly, as we've discussed there are security considerations around the scope in which you want to use the response. My argument would be to require it to be signed and not restrict its usage, while discussing the implications of that.

Wording (from anyone on the list) would be a good start to getting conversation on this topic, which seemed of interest to many.

--Paul Hoffman