Re: [Doh] [Technical Errata Reported] RFC8484 (6033)
Barry Leiba <barryleiba@computer.org> Mon, 30 March 2020 16:37 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 135BF3A18A2 for <doh@ietfa.amsl.com>; Mon, 30 Mar 2020 09:37:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.252
X-Spam-Level:
X-Spam-Status: No, score=0.252 tagged_above=-999 required=5 tests=[FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pcyoT_mSXlsN for <doh@ietfa.amsl.com>; Mon, 30 Mar 2020 09:37:57 -0700 (PDT)
Received: from mail-io1-f68.google.com (mail-io1-f68.google.com [209.85.166.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C2363A1913 for <doh@ietf.org>; Mon, 30 Mar 2020 09:37:53 -0700 (PDT)
Received: by mail-io1-f68.google.com with SMTP id b12so2244433ion.8 for <doh@ietf.org>; Mon, 30 Mar 2020 09:37:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=R/ADHEFQbI0IYPZMJGToxsAKsHvVm9YEufax/NnwCzc=; b=E2g/znYq1h0pzDLWX7/T0ICwgKIpqrhdX/pba1XPgsK2rHjMrKx6NIyebz15b8LwL6 h+lgeWJEgybkyFn77q8BQalJ6SPALi8Grsi2B1nSHOsJYseDvOQ+M9LcL4Cp9EG7w086 KcbZnT7O9EfieDnKbvf/i0HnysNLeVqre1q83kg4E2pyLS6PdgHEj1cGSduErpZ5Uzoj gM2rqzKEnPct1V9BPSqctEpsRGivCC7ja7VLYujGHWGo7yDuUSM9THy/JQa7T8wvbHqi PRG38fE9PlJaypJNswwxEDeZjCMdHZq5I9kgE+6bPhEjXDZX4z8L2MGKTdH4l2A0vM1c PfMw==
X-Gm-Message-State: ANhLgQ3Zu9h3zrxlWsrJyLVVCDrVp936GloertiLpJDj1OgGfhNBziNs JXWx4H/+KIxGbvZTQRPKKioZNMu4D+mahLunA2Q=
X-Google-Smtp-Source: ADFU+vv0OpeJkuY3kbb2j5IkoUms1wF883CY2Y0ooaGfrTBtE4egNCK48zgQ4CzbC8p8JUlTORQgJAa7Usu1F97JBSs=
X-Received: by 2002:a02:484:: with SMTP id 126mr11509901jab.118.1585586272333; Mon, 30 Mar 2020 09:37:52 -0700 (PDT)
MIME-Version: 1.0
References: <20200330155304.45AD8F4074B@rfc-editor.org> <CALaySJJ3dAEebgyz==PoSqnhSzFiHcxh0kmynRYBcD6Vjvm+6w@mail.gmail.com>
In-Reply-To: <CALaySJJ3dAEebgyz==PoSqnhSzFiHcxh0kmynRYBcD6Vjvm+6w@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 30 Mar 2020 12:37:41 -0400
Message-ID: <CALaySJ+VbyjwDdKrB7HLFTNz1xsa9xwrtpYPi_rPwSGzVBomOQ@mail.gmail.com>
To: mohamed.boucadir@orange.com
Cc: Paul Hoffman <paul.hoffman@icann.org>, Patrick McManus <mcmanus@ducksong.com>, Murray Kucherawy <superuser@gmail.com>, Ben Schwartz <bemasc@google.com>, Dave Lawrence <tale@dd.org>, doh@ietf.org, RFC Editor <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/3vnuoQBK0ksRbMRKHy9Xk19kmwc>
Subject: Re: [Doh] [Technical Errata Reported] RFC8484 (6033)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2020 16:38:09 -0000
Re-sending after fixing Mohamed's email address, which seems to be mis-typed in the errata report. Barry On Mon, Mar 30, 2020 at 12:32 PM Barry Leiba <barryleiba@computer.org> wrote: > > The proposed change substantively changes the text and cannot be > approved through an errata report. My inclination is "Rejected", as I > do believe the text says what it's intended to say (so it's not an > erratum), but I could be convinced that "held for document update" is > better if the document editors weigh in. > > In particular: > > Forbidding discovery of URI outside the configuration contradicts the above excerpt. The text is as such incorrect. > > > > (6) Also, I suggest to remove "simply" from the text. Not sure what message is supposed to convey. > > "Simply" is critical, and addresses your line above. Consider: > > A DoH client MUST NOT use a different URI that was discovered outside > of the client's configuration > > That's your substitution, and *that* forbids discovery outside the > configuration. But with "simply", as written, it says that there must > be another reason for using a different URI. It can discover the URI > from outside the configuration, but that can't be the only reason for > using it. That discovery has to be augmented by some other knowledge. > > Barry > > On Mon, Mar 30, 2020 at 11:53 AM RFC Errata System > <rfc-editor@rfc-editor.org> wrote: > > > > The following errata report has been submitted for RFC8484, > > "DNS Queries over HTTPS (DoH)". > > > > -------------------------------------- > > You may review the report below and at: > > https://www.rfc-editor.org/errata/eid6033 > > > > -------------------------------------- > > Type: Technical > > Reported by: Mohamed Boucadair <mohamed.boucaadir@orange.com> > > > > Section: 3 > > > > Original Text > > ------------- > > A DoH client MUST NOT use a different URI simply because it was > > discovered outside of the client's configuration (such as through > > HTTP/2 server push) or because a server offers an unsolicited > > response that appears to be a valid answer to a DNS query. > > > > Corrected Text > > -------------- > > A DoH client MUST NOT use a different URI that was discovered outside > > of the client's configuration (except via HTTP redirection discussed > > in Section 6.4 of [RFC7231]). Also, the DoH client MUST ignore an > > unsolicited response (such as through HTTP/2 server push) that > > appears to be a valid answer to a DNS query unless that response > > comes from a configured URI (as described in Section 5.3). > > > > Notes > > ----- > > (1) The intent of this text is confusing. > > > > (2) I checked the mailing list and found that the text was updated late in the publication process to address this comment: https://mailarchive.ietf.org/arch/msg/doh/f_V-tBgB-KRsLZhttx9tGt75cps/. > > > > (3) The example provided in the thread (server push) is related to the second part of the OLD text. It is mistakenly attached to the first part. > > > > (4) The push example may be interpreted as if server push is disallowed. This is conflicting with Section 5.3. > > > > Hence, this change: > > > > Also, the DoH client MUST ignore an > > unsolicited response (such as through HTTP/2 server push) that > > appears to be a valid answer to a DNS query ** unless that response > > comes from a configured URI (as described in Section 5.3) **. > > > > (5) An intuitive way to discover the URI outside the configuration is redirection. RFC8484 indicates clearly the following: > > > > The described approach is more than a tunnel over HTTP. It > > establishes default media formatting types for requests and responses > > but uses normal HTTP content negotiation mechanisms for selecting > > alternatives that endpoints may prefer in anticipation of serving new > > use cases. In addition to this media type negotiation, it ** aligns > > itself with HTTP features ** such as caching, **redirection**, proxying, > > authentication, and compression. > > > > Forbidding discovery of URI outside the configuration contradicts the above excerpt. The text is as such incorrect. > > > > (6) Also, I suggest to remove "simply" from the text. Not sure what message is supposed to convey. > > > > Instructions: > > ------------- > > This erratum is currently posted as "Reported". If necessary, please > > use "Reply All" to discuss whether it should be verified or > > rejected. When a decision is reached, the verifying party > > can log in to change the status and edit the report, if necessary. > > > > -------------------------------------- > > RFC8484 (draft-ietf-doh-dns-over-https-14) > > -------------------------------------- > > Title : DNS Queries over HTTPS (DoH) > > Publication Date : October 2018 > > Author(s) : P. Hoffman, P. McManus > > Category : PROPOSED STANDARD > > Source : DNS Over HTTPS > > Area : Applications and Real-Time > > Stream : IETF > > Verifying Party : IESG
- [Doh] [Technical Errata Reported] RFC8484 (6033) RFC Errata System
- Re: [Doh] [Technical Errata Reported] RFC8484 (60… Barry Leiba
- Re: [Doh] [Technical Errata Reported] RFC8484 (60… Barry Leiba
- Re: [Doh] [Technical Errata Reported] RFC8484 (60… Barry Leiba
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Paul Hoffman
- Re: [Doh] [Technical Errata Reported] RFC8484 (60… mohamed.boucadair
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… mohamed.boucadair
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Barry Leiba
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Paul Hoffman
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… mohamed.boucadair
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Ben Schwartz
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Patrick McManus