Re: [Doh] POST and GET
Ben Schwartz <bemasc@google.com> Tue, 18 September 2018 16:09 UTC
Return-Path: <bemasc@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9593130E2D for <doh@ietfa.amsl.com>; Tue, 18 Sep 2018 09:09:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.51
X-Spam-Level:
X-Spam-Status: No, score=-17.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id knvhm2HB3hjZ for <doh@ietfa.amsl.com>; Tue, 18 Sep 2018 09:09:19 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1726130E14 for <doh@ietf.org>; Tue, 18 Sep 2018 09:09:19 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id d10-v6so3996761itj.5 for <doh@ietf.org>; Tue, 18 Sep 2018 09:09:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z0UgzHR5tyEuSsIC2v7h4fpAeN64VcVbM2QmuP49Mpw=; b=Ho98Oa5eZdmAVHjr3zAbV+K5MLbjKLB8ie3j/g15P8xRqyFooZaF+bitMFxM6XUDk/ xn7ceABw4gybFy88Z2/8pHd/Yoqa2RmZG3FTdXM9qzNd++WoCvfQ4GpGPFfS9YgsIpX0 SOE7Biwd5sa6S/kl3Zp1Q+M1o449YinMONPPqHwDLqZQ6//VbzBDs0BODjruejtqk0+M 2aTp2kWIHtfPXMhFWgaIUtewX6JUtuGGhwlz9OWFTxFUF+yCoIvWNozAoSNPfhjoiu6B Y6P6S6uHzv+TDqVDRYTZRHh69W/JTpSD6G56QUu5sxL/ySJu4xu8d0xmCv66ETcs4Uox NK9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z0UgzHR5tyEuSsIC2v7h4fpAeN64VcVbM2QmuP49Mpw=; b=Jq+f+q0yVYoqTQPawjrMADVJPns8ocinntMVh+HCWy02nOheGWww9mKnHPHX9+RGqW +SSP7SK1YEpTaf8+K0IPROXkk8lBLsfoFzZV9c1pTZvr1qZcWozrdDcgAUK+pO80/HcW H0eC6lkBBwEvuSPwf7dRkCrHK2gWyMEz37NTnWe3B9vODOu1gB3lIumHEtjZ6/htTMTD 1BaiM7B2IE3hXaN4txr9QCeopU10CmuqDLkECnv+qQFk8q8jZDfn3jh9Yqp9RCsV6Pm5 TndwGL0GxSoYqnwQsUpB2e+lKDnDdYBJeg9XhdcKZB27exwJbNMSRMI3IPNYrUAlBm6U MpoQ==
X-Gm-Message-State: APzg51BNYIhZUU0zcpvSJIvWRt2JrqEvXCXthFLGzjpJGynPzgjPGAeJ y7NbBbyEqOHV3SjMKvxwuSTyA7iy7oeWGyjUYNetuw==
X-Google-Smtp-Source: ANB0VdaU2RoZedy6ZgWo8VslfwwsIaVwFo+tH5RA7+6fHXHOKY0Mfy/XpXHExOcZwWxvviJI77ccuxGlAKPVgq+/Idc=
X-Received: by 2002:a24:1ad1:: with SMTP id 200-v6mr7310371iti.4.1537286958631; Tue, 18 Sep 2018 09:09:18 -0700 (PDT)
MIME-Version: 1.0
References: <CADVGGb8+znpFStX4Qn3S4oCqOp1Np9uDPVXfS0V8nQecN3P+FA@mail.gmail.com>
In-Reply-To: <CADVGGb8+znpFStX4Qn3S4oCqOp1Np9uDPVXfS0V8nQecN3P+FA@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 18 Sep 2018 12:09:06 -0400
Message-ID: <CAHbrMsBDQgXgWwVNy_AML1h+HXwVObN5bT9ORhH-N5jjNnRSaw@mail.gmail.com>
To: sebdeckers83@gmail.com
Cc: DoH WG <doh@ietf.org>, kenny@machinesung.com
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000001f3f46057627838a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/7dgdHohKP0grwWHgINpARwEyVZs>
Subject: Re: [Doh] POST and GET
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Sep 2018 16:09:22 -0000
On Mon, Sep 17, 2018 at 11:22 PM Sebastiaan Deckers <sebdeckers83@gmail.com> wrote: > Draft 14, 4.1. The HTTP Request: > > > DoH servers MUST implement both the POST and GET methods. > > What is meant by the word "implement"? > > I have *implemented* both GET and POST code paths. But do they need to > exposed in every use case? I want to be able to support GET only for server > push, for example, and otherwise restrict client requests to POST. > > GET requires much more processing from a DOH proxy. I.e. parse the DNS > response packet to find the lowest TTL for HTTP cache-control header > max-age. > It sounds like you want to implement a proxy that operates without any parsing the DNS response, so it doesn't know the TTL. This is not recommended by the specification, but it is allowed. For correctness, the only requirement is: The assigned freshness lifetime MUST NOT be greater than the smallest TTL in the Answer section of the DNS response. Thus, you are permitted to implement GET just as simply as you implemented POST, by including HTTP headers that disable caching (i.e. result in an effective freshness lifetime of zero). > As an operator I may want to disable support for GET requests from the > client and return 405 or 501. > > I love the idea of pushing DNS responses as GET. This is lightweight and > can be easily injected by a DOH proxy. However the current draft, in > section 5.3, does not impose a similar "MUST implement both" requirement on > the client. Should it? > > Seb > _______________________________________________ > Doh mailing list > Doh@ietf.org > https://www.ietf.org/mailman/listinfo/doh >
- [Doh] POST and GET Sebastiaan Deckers
- Re: [Doh] POST and GET bert hubert
- Re: [Doh] POST and GET Daniel Stenberg
- Re: [Doh] POST and GET Ben Schwartz