Re: [Doh] [Ext] DNS Camel thoughts: TC and message size

Andrew Sullivan <ajs@anvilwalrusden.com> Sun, 10 June 2018 23:17 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E267130F28 for <doh@ietfa.amsl.com>; Sun, 10 Jun 2018 16:17:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=fbLf9Lq6; dkim=pass (1024-bit key) header.d=yitter.info header.b=Al2QC0ul
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fpxz1lE_eOt4 for <doh@ietfa.amsl.com>; Sun, 10 Jun 2018 16:17:39 -0700 (PDT)
Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF18D130EDE for <doh@ietf.org>; Sun, 10 Jun 2018 16:17:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id 00019BDEF9 for <doh@ietf.org>; Sun, 10 Jun 2018 23:17:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1528672629; bh=njhtp63IJx60WldY0wltnguESKTkQ+9Jhy5O7SwJ6o4=; h=Date:From:To:Subject:References:In-Reply-To:From; b=fbLf9Lq699ngpfyWHvh6XvKvmeGfs00lYs8j+EuWhzEDKv7IlCK/pzokOF+S7xzBD xYOoTo7M1E9qsTRSrCTr0HoztHUqNKBmaAt0gSOLCcP/x8awTXPm6FzVxB+MLy5sQS VBPBS15G3MeXU99rnAUaxAWVxaKW8PTaVp5PtlO8=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ze0MZHsTPWJZ for <doh@ietf.org>; Sun, 10 Jun 2018 23:17:07 +0000 (UTC)
Date: Sun, 10 Jun 2018 19:17:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1528672627; bh=njhtp63IJx60WldY0wltnguESKTkQ+9Jhy5O7SwJ6o4=; h=Date:From:To:Subject:References:In-Reply-To:From; b=Al2QC0ul9JMs0l4VksrR7HOmXhPxbtTsnX6OxePsef6M6+9cmzLNoNhFBV1AUTTn5 hkeH+uiSswiEd/1VaJ/sdljf5+GawXGcPaA3EdT9cFeQbmFMBbqoF8vRhYlVoldDgQ 2SS9zHG8EiKyAbopNq+2UI2PIAVIlwvXql+ENa2w=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: doh@ietf.org
Message-ID: <20180610231704.GB18326@mx4.yitter.info>
References: <CAOdDvNr=kLHPCtCHRx4=rpA1oDogQqdAJ0nR156BWABiFP_bzA@mail.gmail.com> <20180607215851.GA32738@server.ds9a.nl> <CAOdDvNqNpZ8fKPCO5sEqjROBHjg4wx-GGPMYSSynode10jeC0Q@mail.gmail.com> <9381B529-B2F4-459A-88EB-4410A4C4DB6F@mnot.net> <CAN6NTqxA4PcrtS_3umwGERLt9WPoX4p0a0u8pL-O2=CKKTBfyA@mail.gmail.com> <23322.62892.251560.128565@gro.dd.org> <20180608221700.GC8515@mx4.yitter.info> <23323.5488.915402.337488@gro.dd.org> <20180610161645.GF8515@mx4.yitter.info> <CAOdDvNrj20OVysaQHMczeMaiDhup4f5B=2n0xxQWmtTtm-OROA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAOdDvNrj20OVysaQHMczeMaiDhup4f5B=2n0xxQWmtTtm-OROA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/GunNcLmQ9BhFT3DAiX9ieGhtF5A>
Subject: Re: [Doh] [Ext] DNS Camel thoughts: TC and message size
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jun 2018 23:17:42 -0000

On Sun, Jun 10, 2018 at 07:10:18PM -0400, Patrick McManus wrote:
> I believe the concern is "traditional -> doh -> doh" where the doh -> doh link
> could use wireformat-64 and then the initial traditional client cannot consume
> wireformat-64 but ends up with it anyhow. Is that right?
> 
> That shouldn't happen. The middle node realizes it is a gateway for a
> traditional client

It's the part where the middle node _doesn't know_ it's a gateway for
a "traditional client" that I've been worried about, because someone
takes their existing code, plops an HTTPS transit on it, and thinks
they're golden.  I know Tale thinks I'm worrying about something that
Shouldn't Happen, but I think experience tells us this kind of thing
happens _all the time_ in poorly-constructed DNS implementations. 

In any case, I haven't read it carefully but my quick scan of what
Paul sent to the list makes me think it's enough to prevent that naïve
sort of implementation (or anyway, at least the document will have
said it so that if you do the wrong thing it's obviously your own
fault).

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com