IETF Logo Mail Archive

Re: [dnsoverhttp] [EXTERNAL] You've got DNS in my HTTP! No, you've got HTTP in my DNS!!!!

Spencer Sevilla <smsevill@ucsc.edu> Thu, 24 November 2016 18:32 UTC

Return-Path: <smsevill@ucsc.edu>
X-Original-To: dnsoverhttp@ietfa.amsl.com
Delivered-To: dnsoverhttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0491D129590 for <dnsoverhttp@ietfa.amsl.com>; Thu, 24 Nov 2016 10:32:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ucsc.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pq6efy1LI0Mj for <dnsoverhttp@ietfa.amsl.com>; Thu, 24 Nov 2016 10:32:50 -0800 (PST)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98C1A1294A8 for <dnsoverhttp@ietf.org>; Thu, 24 Nov 2016 10:32:50 -0800 (PST)
Received: by mail-pf0-x235.google.com with SMTP id 189so10873932pfz.3 for <dnsoverhttp@ietf.org>; Thu, 24 Nov 2016 10:32:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucsc.edu; s=ucsc-google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=p5IhiVjMThUfU6+1G3HJht5cglRbDXHYZhz5FfeB5QM=; b=iCkiHnzb/2fvtuv0sWl9vZugHKCS5JdGuFhLkR8jfUbtC+c7Y6eAj//1pm4LPkGP8n wJceid0NgChw34dcxHnNNsopNUnEyGpeRpuART1hdruD79qM3SGiE2rGAgOAVlN8f60O JlYD1B+jWBf3WfFWJN+2cL51JJUaxKVkeAqUI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=p5IhiVjMThUfU6+1G3HJht5cglRbDXHYZhz5FfeB5QM=; b=M+DHmy+7YuJbKOZplqdajKeMtwpclpJiM9vyw6lYw/cckJNdX00xGwYggZeqcTLS9h iBimt2727sgC4J/b2nBa5IrbgVGvUVdpDzaCpZdom1Mt1xcEReXkkl3dZx/9ZbFvA7Ha Ny6w52WuwQQraGI7p0VLGSLqdaC0BA3QftMPEYB4ArLINQRFvaoLd3u7jBiTIZOwdJGK wj3cfFKME3lf1lKibVUP3dggUbmGIsTCIuQh/sFPIQnE2nPcW1NXRnKjNYL7R2/wLk9h VXdr+01j0/aAw79dP5MeaG5F5RALYazrIi37ChYYV506SAVYru4bAo4PsWWIRgCz/DpN w9GQ==
X-Gm-Message-State: AKaTC01Me+ycix5m+712CK9jLsnwkXG1g8ShfLINP0v23ww2IYRA0NPuxFAs5CbSEmaRnJeT
X-Received: by 10.99.108.8 with SMTP id h8mr6438907pgc.93.1480012369568; Thu, 24 Nov 2016 10:32:49 -0800 (PST)
Received: from [192.168.1.68] (99-51-72-129.lightspeed.snjsca.sbcglobal.net. [99.51.72.129]) by smtp.gmail.com with ESMTPSA id 16sm61965411pfk.54.2016.11.24.10.32.48 for <dnsoverhttp@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 24 Nov 2016 10:32:48 -0800 (PST)
To: dnsoverhttp@ietf.org
References: <20161123124740.37487c13@pallas.home.time-travellers.org> <CAKr6gn19=h9kiPEweXMiO50nrE0kYek2Wb0KAyw0M15T-9S87Q@mail.gmail.com> <CABkgnnW2XrPVt-89pG5=huMtbFanD=8e5y_R=9G+zpG+LVo-mw@mail.gmail.com> <749C0D92-3D8F-40EC-B102-0E398E14038F@icann.org>
From: Spencer Sevilla <smsevill@ucsc.edu>
Message-ID: <5b033956-018c-052a-e557-149485d451be@ucsc.edu>
Date: Thu, 24 Nov 2016 10:32:47 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.5.0
MIME-Version: 1.0
In-Reply-To: <749C0D92-3D8F-40EC-B102-0E398E14038F@icann.org>
Content-Type: multipart/alternative; boundary="------------56E0E1CFCCF5816FF4B4507F"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsoverhttp/YlX1gMtN1UC2tHtCLJbx7jvXFtE>
Subject: Re: [dnsoverhttp] [EXTERNAL] You've got DNS in my HTTP! No, you've got HTTP in my DNS!!!!
X-BeenThere: dnsoverhttp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of DNS over HTTP <dnsoverhttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsoverhttp/>
List-Post: <mailto:dnsoverhttp@ietf.org>
List-Help: <mailto:dnsoverhttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2016 18:32:52 -0000

This is a really, really good point, especially when its considered that 
anyone writing an implementation might only be familiar with one of the 
models/assumptions, or just making assumptions informed by prior work on 
DNS and/or HTTP. Going back to the original idea of this thread, I think 
that no matter where we lie on duplicating functionalities or code, we 
need to have a single and consistent security model that helps inform 
assumptions about data.

Spencer

On 11/23/16 10:17 AM, Paul Hoffman wrote:
> On Nov 22, 2016, at 9:09 PM, Martin Thomson <martin.thomson@gmail.com> wrote:
>> The code duplication bothers me a little.
> Having two (or more) security models for the same data bothers me more than a little. That is, if addressing information has a particular set of security properties if it was gotten through a DNS query, but a different set of security properties if it was gotten from HTTP server push, that seems like an invitation to bad security assumptions in implementations. (It would probably also lead to pages of confusing and subtle security considerations in the document...)
>
> --Paul Hoffman
>
>
> _______________________________________________
> dnsoverhttp mailing list
> dnsoverhttp@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsoverhttp

v2.23.0 | Report a Bug | By Email