Re: [Doh] DoH client-server interoperability vs. strict HTTP parameter checking

Joe Abley <jabley@hopcount.ca> Thu, 06 June 2019 17:26 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C205120092 for <doh@ietfa.amsl.com>; Thu, 6 Jun 2019 10:26:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBZF5qh07x62 for <doh@ietfa.amsl.com>; Thu, 6 Jun 2019 10:26:21 -0700 (PDT)
Received: from mail-it1-x133.google.com (mail-it1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 574A912000F for <doh@ietf.org>; Thu, 6 Jun 2019 10:26:21 -0700 (PDT)
Received: by mail-it1-x133.google.com with SMTP id a186so1258433itg.0 for <doh@ietf.org>; Thu, 06 Jun 2019 10:26:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=1+KMEU9nLAyfnLONDvqLidSgbB0PVccjbPauknrIQtM=; b=Cpd6+baZ6EHQi9hUp2jVIUUGZByQauAXprpcwwmASwbC6CiqTlHpPxjJopBc2bygCU KdDDvZrutQS+t8m3Wp3CbW1lN/AYVrdHB7mi2IPtWA2LhaYxZJLOHd9pEhg1rd02ccS7 g4+rK22ABlb2YRP/gxKp3pXruLxWM2pS64QDo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=1+KMEU9nLAyfnLONDvqLidSgbB0PVccjbPauknrIQtM=; b=RbPr9jNCHvQMM+bG8jP1Yy8aDEwuUBf4B+p1Ff65i/7mvYTrK9hvbeLFEp9GujdDst tfq/ACLKfrf5zZdAuZqHqgsdWAoE+RuRQgNr99sCEpCs6RQPNYTJwk2dcGUu/dHsHPBQ HiRqI4OsU0EKwXjXae8uMATOvFP3gkQx0OUUaz7+CgLy/oXN3u6p3bEEjFd43HJMGRWX wUxw4Zsk45wIheYu5mRTV5J9kSRm+S4qi7uO/3bAgq9Ij6MMeNG9Um2km5cVrSCQXTwG dd31m+H1wr2/nopnaUeDU0ljYd6RdvUafB/diGZomx58OGnjIKg+ftMm6oqHVMqve/V1 KWtw==
X-Gm-Message-State: APjAAAW2kay7tuP1YdRckdVG3U2+XcOT3pbkEd8p1ZLbFUaf3i8wMu3n gd1RR+Ot1SMllUos5SiTE2ndcw==
X-Google-Smtp-Source: APXvYqwyVChGwgV22ltg9+oMJq5x/NnI4qHyA2Xi+7OP2XVAyNI5EHaNd47b2LOjclSzaZl+BekcSw==
X-Received: by 2002:a24:5285:: with SMTP id d127mr935837itb.72.1559841980383; Thu, 06 Jun 2019 10:26:20 -0700 (PDT)
Received: from [192.168.1.50] (198-84-196-112.cpe.teksavvy.com. [198.84.196.112]) by smtp.gmail.com with ESMTPSA id y134sm1300356ity.40.2019.06.06.10.26.18 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Jun 2019 10:26:19 -0700 (PDT)
From: Joe Abley <jabley@hopcount.ca>
Message-Id: <25D432C1-80C8-4ECD-B80F-F2021363BDFF@hopcount.ca>
Content-Type: multipart/signed; boundary="Apple-Mail=_257C9E8E-C68F-4452-8938-D960681C4658"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 6 Jun 2019 13:26:16 -0400
In-Reply-To: <2309d053-0bd2-25fe-ea56-b3bbb258225a@nic.cz>
Cc: "doh@ietf.org" <doh@ietf.org>, Paul Hoffman <paul.hoffman@icann.org>, Christoph <cm@appliedprivacy.net>, Patrick McManus <mcmanus@ducksong.com>, Mark Delany <d5e@xray.emu.st>
To: =?utf-8?B?VmxhZGltw61yIMSMdW7DoXQ=?= <vladimir.cunat+ietf@nic.cz>
References: <770d0bf0-0a93-4d9a-4cb1-1f1e44c584aa@appliedprivacy.net> <F46C6B72-BD56-4C5C-9E10-26AC9B187102@icann.org> <2309d053-0bd2-25fe-ea56-b3bbb258225a@nic.cz>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/4yfUhLRVXLz_fzUpfgqYWaM-Lho>
Subject: Re: [Doh] DoH client-server interoperability vs. strict HTTP parameter checking
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2019 17:26:23 -0000

On 6 Jun 2019, at 13:14, Vladimír Čunát <vladimir.cunat+ietf@nic.cz>; wrote:

> On 6/2/19 5:54 PM, Joe Abley wrote:
>>  - I want an answer to the question PIR.ORG/IN/SOA <http://pir.org/IN/SOA> with RD=1
>>  - I want query minimisation and secure transport for recursive queries
>>  - I want you to confirm explicitly that you understand the request for query minimisation
> DoH is sending binary DNS messages, i.e. they include the RD flag inside and you actually have to set it the way you want it.  You can also put EDNS inside and receive it back - that's the probable target of your second and third example, as I see nothing specific to DoH in there, but so far there aren't any standardized extensions usable for these (I believe).
> 
I haven't thought about this very hard so this is not really an opinion, but I agree: it seems sensible that if there is some kind of request/require capabilities work to be done it shouldn't be transport-specific.


Joe