Re: [dnsoverhttp] Fwd: New Version Notification for draft-hoffman-dns-over-https-00.txt
Ben Schwartz <bemasc@google.com> Thu, 04 May 2017 15:30 UTC
Return-Path: <bemasc@google.com>
X-Original-To: dnsoverhttp@ietfa.amsl.com
Delivered-To: dnsoverhttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAFBE129B59 for <dnsoverhttp@ietfa.amsl.com>; Thu, 4 May 2017 08:30:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IEM8WKWn2S3f for <dnsoverhttp@ietfa.amsl.com>; Thu, 4 May 2017 08:30:54 -0700 (PDT)
Received: from mail-ua0-x22d.google.com (mail-ua0-x22d.google.com [IPv6:2607:f8b0:400c:c08::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8550412EAB7 for <dnsoverhttp@ietf.org>; Thu, 4 May 2017 08:30:41 -0700 (PDT)
Received: by mail-ua0-x22d.google.com with SMTP id e55so11185099uaa.2 for <dnsoverhttp@ietf.org>; Thu, 04 May 2017 08:30:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VNb13AY4qpFo8ZNhN/4kRl5eyjG9C5pj3svHRr0nuNc=; b=A5eg6QEyXzbXKOb8Yt18P8QfAuuFvcvQ23blhpRn3BCIjGuu/2P6K2lhHeaZyKfQFr KZZesm1yxc/GdnC/ne3JcWn3DgOCt/8oMyWqC0q93TQeDtKvwWNJlLWDikhyIOB0wgON 1/INyI/t3HF+/F6tDRdYxmosBii1q0JNImW2s+trQ18UhFFbpCOunECK5AgKZOnKE6cv x6OTj16pnnwI6SyPpcQaDiU05URPjQ3HPXGhQS8zi9U9p4TFpAgXqxKLxdVEJrMsHy1X /zXDLE5jxivRz+a4eDbpTRv0mDkKUqsVEQRlP/RHxgVyP17bBHibfRiMlEzVY7RfTCn9 bkBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VNb13AY4qpFo8ZNhN/4kRl5eyjG9C5pj3svHRr0nuNc=; b=Hi/+ukZ23Qa2NOt85WcRoneb1u5Aj2iBv7dlGaWXZ9DHANnTNUMK57Ru8uqRORgEj6 oTZymyRA5wgfpK4aehWFwK+++DOS8IKoVSg/bYDWACylMlfwyqii93rrtDfVsug0ITuz Z6Kfe9QMJ4xXOMumk85pHlEHkxkcUkqvNp39TYpNnJXuUJzECNJAyShUNUVvwyOGzVMf Ob7wzSaOQnYGfPIQAh4zi40cmF2Po9IItjA9xjG/4ceQtJ+6dd9WFz/Fxq0TiJgEBk4P winGlpsx3tT7EoMzUjirsR1WiVkh5DzH026Spe5NscWliWiIn8nHZun7OYue6T285r8n Fh+Q==
X-Gm-Message-State: AN3rC/6s/bPMnpFyz3gSutFMzQqOV0sBuQm2asfBy33xgk9XxFsVbJ9+ 7Io0sHhzsNTXRvM6E8DkN8K1QNKqYq5K
X-Received: by 10.159.34.196 with SMTP id 62mr22013738uan.42.1493911840246; Thu, 04 May 2017 08:30:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.153.88 with HTTP; Thu, 4 May 2017 08:30:39 -0700 (PDT)
In-Reply-To: <CAOdDvNqhU2z4-Lq4iN=fw_NXLMmoDo1qy8-qfDps3YOvX4MpyQ@mail.gmail.com>
References: <149386734028.4783.5496348785626743035.idtracker@ietfa.amsl.com> <CAOdDvNpKuFB0hB33Dpc_oyR6SPOeDVbfD0oGxgpF3KzHf03bgA@mail.gmail.com> <CABkgnnV9AV-_qWq6tAA8AVaQgdf74pHWdSc3c7hy42PqvEnY-A@mail.gmail.com> <CAOdDvNqhU2z4-Lq4iN=fw_NXLMmoDo1qy8-qfDps3YOvX4MpyQ@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 04 May 2017 11:30:39 -0400
Message-ID: <CAHbrMsDg0cDSRcD3A+t94Xtf-Ccmtu4zr5m7Q1822Qw7mUcwHQ@mail.gmail.com>
To: Patrick McManus <pmcmanus@mozilla.com>
Cc: Martin Thomson <martin.thomson@gmail.com>, dnsoverhttp@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="94eb2c03c910993440054eb4748d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsoverhttp/d_t1jrRjC9kM3Odew3IXph1jBAE>
Subject: Re: [dnsoverhttp] Fwd: New Version Notification for draft-hoffman-dns-over-https-00.txt
X-BeenThere: dnsoverhttp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussion of DNS over HTTP <dnsoverhttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsoverhttp/>
List-Post: <mailto:dnsoverhttp@ietf.org>
List-Help: <mailto:dnsoverhttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 May 2017 15:30:57 -0000
On Thu, May 4, 2017 at 11:17 AM, Patrick McManus <pmcmanus@mozilla.com> wrote: > Thanks Martin. > > On Wed, May 3, 2017 at 11:52 PM, Martin Thomson <martin.thomson@gmail.com> > wrote: > >> On 4 May 2017 at 13:15, Patrick McManus <pmcmanus@mozilla.com> wrote: >> > A new version of I-D, draft-hoffman-dns-over-https-00.txt >> >> A few nits only; I need to think more about how this fits into the >> ecosystem. I am warming to the notion that you have flexibility in >> representation format, that's a key advantage of using HTTP. You have >> neatly punted on the hard parts of that by choosing the dumb option to >> document, which means that you can bootstrap effectively. >> > > ack - and I believe Paul has a JSON media-type document going on a > separate path that should dovetail nicely, but not be a blocker. I > certainly would hope to see some JSON in the wild. > > >> >> The query string uses one of the worst encodings known to man. Did >> you do any analysis here? Is base64url bad for some reason. For >> instance, I would believe that it increases the length of the string >> in the aggregate if you told me. >> > > will open an issue for more analysis.. did one example by hand and it was > a ~wash size wise.. and the hex made a clearer example :) more study would > be good, but its a micro opt given the existing bounds on the sizes > involved. > > >> >> You should use a parameter name for the query string so that you at >> least have the chance to automatically discover a service and make >> requests in other forms using the query string without sniffing or >> other such horrors (conneg works fine for the POST variant, but you >> are pushing those uses to a method that isn't a great fit). What you >> have consumes the entire usable space in the query string, so it would >> be hard to get in edgewise with an alternative query form. >> > > so this is interesting. I started down that road, but couldn't really > figure out how to do any form of negotiation beyond the MTI with it so just > stuck with the simpler variant you see in -00. 415 seems to apply > specifically to content-type and bodies so wouldn't work as a signal. Or am > I being too pessimistic? > > Strictly speaking we don't need the uglier GET variant at all - the POST > is absolutely cacheable. But realistically speaking that will not work with > a lot of existing caches. > > > >> Do you really need to encode the ID? I realize that might be >> construed as opening the floodgates, but it is going to make caching >> that much more fragmented. Can you not just trim it off? >> >> > low friction of using an existing (albeit encoded) format traded off vs a > couple bytes... that is why the normalization of ID SHOULD is in there tho. > The text is In order to maximize cache friendliness, DNS API Clients SHOULD use the same ID (the first two bytes of the header) for every DNS request. That's enough to ensure that the same client making the same request hits the cache, but it's not enough to make sure that _different_ clients can hit a shared cache. Even different tabs in the same browser won't share the browser cache unless they select matching IDs. Personally, I would just skip these two bytes. Instead of being "part of the DNS format", I think of the ID as being a generic miniature RPC protocol, which we are replacing with HTTP. Failing that, I would say the ID MUST be zero. > > > > _______________________________________________ > dnsoverhttp mailing list > dnsoverhttp@ietf.org > https://www.ietf.org/mailman/listinfo/dnsoverhttp > >
- [dnsoverhttp] Fwd: New Version Notification for d… Patrick McManus
- Re: [dnsoverhttp] Fwd: New Version Notification f… Martin Thomson
- Re: [dnsoverhttp] Fwd: New Version Notification f… Patrick McManus
- Re: [dnsoverhttp] Fwd: New Version Notification f… Ben Schwartz
- Re: [dnsoverhttp] [Ext] Fwd: New Version Notifica… Paul Hoffman
- Re: [dnsoverhttp] [Ext] Fwd: New Version Notifica… Martin Thomson
- Re: [dnsoverhttp] [Ext] Fwd: New Version Notifica… Ben Schwartz
- Re: [dnsoverhttp] [Ext] Fwd: New Version Notifica… Paul Hoffman
- [dnsoverhttp] Switch from urlencoded to base64url… Paul Hoffman
- Re: [dnsoverhttp] Switch from urlencoded to base6… Martin Thomson
- Re: [dnsoverhttp] [Ext] Fwd: New Version Notifica… Ben Schwartz
- Re: [dnsoverhttp] [Ext] Fwd: New Version Notifica… Paul Hoffman