IETF Logo Mail Archive

Re: [dnsoverhttp] New draft: draft-hoffman-dns-over-http-00.txt

Martin Thomson <martin.thomson@gmail.com> Thu, 22 September 2016 01:19 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: dnsoverhttp@ietfa.amsl.com
Delivered-To: dnsoverhttp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C22D512B7C1 for <dnsoverhttp@ietfa.amsl.com>; Wed, 21 Sep 2016 18:19:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IPGtHC4ZBG6y for <dnsoverhttp@ietfa.amsl.com>; Wed, 21 Sep 2016 18:19:17 -0700 (PDT)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19A5812BC41 for <dnsoverhttp@ietf.org>; Wed, 21 Sep 2016 18:19:17 -0700 (PDT)
Received: by mail-qk0-x235.google.com with SMTP id g67so3192593qkd.0 for <dnsoverhttp@ietf.org>; Wed, 21 Sep 2016 18:19:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=b7XbvKIv85YNA6RNiPjwNVK9KtrPR88lAGVl9Kh2xV0=; b=NSlZcz6tmKXYyJA4F+m+v8CwlS7kILA/2K4F357j4lwl0/hXZ6MR35abCc4JFuPrIw 3jvcvWCnAZEgW3SPRjAXsznFd1j6ZlceGPpFH5VgEKSutd65UopDg8QvyGx53lN6o46v bSHQgR+0F8at0CSTs9DqfKXc/WnEq2Xe8AgQUC6dAWAilQMn+AnUYXJJ3THswtiuqJbJ J2MLAqErbL3OVjyM3t5EjXRFf7bcZNgyvlLVMc1KN2u7IpKUvmvybJtehwdUcm9MNaGk 4xEjxCf98Qz4dxqBfhnTC8JOkW21Wu4oVu7PfCY9jBIvnmkZJLRniaxkcXjvvRCnwlTM nKSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=b7XbvKIv85YNA6RNiPjwNVK9KtrPR88lAGVl9Kh2xV0=; b=Ns4bYknT6ps5U0oDGeK7g9VjBMPnea4d9TTLNKnlAtCHLGRt8prP+0BFLDT6cSqC6f OnDjVY/NQPpsaMsdssmkfmFUSxmwhwEaXkpRQ84aCMrF4clMDsHwH9hV3NDtXXyiKL7+ uGQFmzEpnKKaPKx285jcpJn/tvtBq92KIMw5SdjHiqzdrfG6+q1jRKpRdmNxST769DYH c0X9pGpUM0eoYq1LU2m2gGaYUf9mnfDiGg7TngpUqCFNAZeX8Yh0WGIVIVSLayksBcOB L0n5bdC1T2M3m5dl5MKOjhcpxB7yby3xOFxW4duz3XMq185+ohf8by//YXGAMz+tWo0p 7PyA==
X-Gm-Message-State: AE9vXwNvJGkGgP6vrE+Jm5R8vfecm06A+0+S0MyHoiHwUvm75kganz9r9HTAfGrwIzcRWHjd7FK2Pkt7A6ymgw==
X-Received: by 10.55.113.197 with SMTP id m188mr43101481qkc.55.1474507156267; Wed, 21 Sep 2016 18:19:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.22.146 with HTTP; Wed, 21 Sep 2016 18:19:15 -0700 (PDT)
In-Reply-To: <A7C77948-ACEA-49F1-83CC-72E12B6EFA2B@icann.org>
References: <147438228195.28999.4355943522486567954.idtracker@ietfa.amsl.com> <D1E3CC44-FE5A-4ACE-90A1-EF9B5EE975D7@icann.org> <CAOdDvNpWdN=w0R7pOkghbwg0-SwHnD9=AqvpnAM7tQfmRpVGEw@mail.gmail.com> <A7C77948-ACEA-49F1-83CC-72E12B6EFA2B@icann.org>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 22 Sep 2016 11:19:15 +1000
Message-ID: <CABkgnnX3XBd588W5R1hK05-t9QFL0uetzVoNige0KoyiuoO69A@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsoverhttp/i9ZK7GA5DEK6dG9N41Je4IUjDb4>
Cc: "dnsoverhttp@ietf.org" <dnsoverhttp@ietf.org>, Patrick McManus <pmcmanus@mozilla.com>
Subject: Re: [dnsoverhttp] New draft: draft-hoffman-dns-over-http-00.txt
X-BeenThere: dnsoverhttp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of DNS over HTTP <dnsoverhttp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsoverhttp/>
List-Post: <mailto:dnsoverhttp@ietf.org>
List-Help: <mailto:dnsoverhttp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsoverhttp>, <mailto:dnsoverhttp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2016 01:19:20 -0000

On 22 September 2016 at 01:24, Paul Hoffman <paul.hoffman@icann.org> wrote:
>> * I don't have a strong opinion on whether or not the prefix can be discoverable for some use cases, but it seems for h2 push it needs to be in the .wk space in order to give the client enough context to recognize this is dns data. given that, it might make sense to just use .wk everywhere instead of making it discoverable.
>
> I'm maybe hearing a trend here. Does anyone have a strong argument for discoverability over .well_known?

Yes, I think that papers over the real problem.

The problem that I think Patrick is worried about is one where
arbitrary content can make claims about DNS answers.  The problem Ted
referenced is that arbitrary servers can make the same sorts of
claims.  We need a threat model and some systemic way of thinking
about the problem before we leap to conclusions.

.well-known only narrows the problem, it doesn't solve it.

v2.8.7 | Report a Bug | By Email