Re: [Doh] Draft -09 and WGLC #2

Andrew Sullivan <ajs@anvilwalrusden.com> Wed, 30 May 2018 14:47 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7C2E127698 for <doh@ietfa.amsl.com>; Wed, 30 May 2018 07:47:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=EzRS8XMD; dkim=pass (1024-bit key) header.d=yitter.info header.b=Zgr3Dctr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MDic2xn3dV7l for <doh@ietfa.amsl.com>; Wed, 30 May 2018 07:47:53 -0700 (PDT)
Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26A1B12E037 for <doh@ietf.org>; Wed, 30 May 2018 07:47:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id 85FAEBDEF9 for <doh@ietf.org>; Wed, 30 May 2018 14:47:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1527691642; bh=2V22q3sCOdUAhsqWEUOzgqdaXSRf88m/00UfcutxHR4=; h=Date:From:To:Subject:References:In-Reply-To:From; b=EzRS8XMDo0b5lzR9ZhEcZMiD5QWLISSXppNV2AxR/bV+xJlf1Fu7xROwHVflBK8+i R+Iwhv44WtStolkzCwlTIag6xFmBQpJikbNDs+5Ai9nYeEbUygLeBKwCF+9SmwIJCq Rpqa+E1GihGaOUOPZxX5HRHpyx4+pHP1GjUCicF8=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1BKTzVCSB1TF for <doh@ietf.org>; Wed, 30 May 2018 14:47:21 +0000 (UTC)
Date: Wed, 30 May 2018 10:47:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1527691641; bh=2V22q3sCOdUAhsqWEUOzgqdaXSRf88m/00UfcutxHR4=; h=Date:From:To:Subject:References:In-Reply-To:From; b=Zgr3Dctr2kY2Os7y3DTfcvpVYLrQI69QKvcinMCxGCpg6NT7PqE/D1VbUtCP/mstZ m8Dlq0MUWAaCwY7sPUVAyTOn0MfTrSb4mC+f8oQcY45SWkFg6/peG8dC1PEXJOk9gK PG+fYODZ5yUZ2CHjvHNSYMDtkcBv32ZvEq+Hkjb0=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: doh@ietf.org
Message-ID: <20180530144718.GC3110@mx4.yitter.info>
References: <CAHbrMsCxkogJ-fzubf7cPgvbeGAhWUFKV3crrmn4ee6=fDnqwQ@mail.gmail.com> <382ba525100a4561b086fe8b8b6527be@ustx2ex-dag1mb3.msg.corp.akamai.com> <603D7553-D1A9-4DCC-9E74-199059C56A9F@sinodun.com> <1daad94d-99c1-803a-f52c-1dd17adefb7a@o2.pl> <CAOdDvNrpLwF5jpn1YA4-HXsfGxVkdds+xHVd6Bxy0Ux+3nrcrA@mail.gmail.com> <CA9BEE64-9F16-4CCC-A1E0-4C7FD45C455C@icann.org> <20180528161043.GB12038@mx4.yitter.info> <CAOdDvNoE_UT9Lb1sng3GkC3nKSqSqSvh0oOKxaMYv9DsNj=Ldg@mail.gmail.com> <20180529033519.GB18049@mx4.yitter.info> <CAOdDvNrfqYXJpa8ueiYcX3FAYomc3ZPTvac3WXj_FKMY02EyDw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAOdDvNrfqYXJpa8ueiYcX3FAYomc3ZPTvac3WXj_FKMY02EyDw@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/Bz-FjVhli13tQaRpJfaOQjHsftY>
Subject: Re: [Doh] Draft -09 and WGLC #2
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 14:47:55 -0000

On Tue, May 29, 2018 at 10:19:23PM -0400, Patrick McManus wrote:
> I think my objection is that there is no assumption a client is passing
> anything along - much less passing it along in dns wireformat.

It's probably because the "client" and "server" roles in the document
feel more http-y, and less dns-y, at least to me.  I think this stance
is defensible, but it's not immediately obvious to a reader who comes
to the document fresh.

If a DNS API client is functioning as part of a general-purpose
resolution stack, then it is entirely possible that it is also feeding
what it gets on to other components.  In the DNS, as we know, the
distinction between "client" and "server" is not really the right one:
the question is, for any given message, what is the role of the
component sending or receiving data with respect to that message.  A
recursive resolver (yes, yes, a misnomer) can be thought of in that
way as having a resolver side and a server side.  The resolver side is
going to pass on data it gets from other servers to the server side.
And the resolver side itself might not be querying authoritative
servers.  We all know the whole thing is much more complicated than
the usual neat "stub -> full-service-resolver -> authoritative server"
diagram that everyone usually produces.

I'm worried that failing to call attention to this here will cause
implementers to believe in the simple-minded model, and then that a
DNS API client will go on to feed RRsets it gets into some other
subsystem.  And the point is that they can't, because before doing so
they need to decrement the TTL in the handed-on RRset.

Anyway, that was the basis for the comment.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com