Re: [Doh] [Ext] DNS Camel thoughts: TC and message size
Martin Thomson <martin.thomson@gmail.com> Fri, 08 June 2018 12:57 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67931130EA4 for <doh@ietfa.amsl.com>; Fri, 8 Jun 2018 05:57:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hlonwC_rdH1i for <doh@ietfa.amsl.com>; Fri, 8 Jun 2018 05:57:21 -0700 (PDT)
Received: from mail-ot0-x242.google.com (mail-ot0-x242.google.com [IPv6:2607:f8b0:4003:c0f::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F97C124C04 for <doh@ietf.org>; Fri, 8 Jun 2018 05:57:21 -0700 (PDT)
Received: by mail-ot0-x242.google.com with SMTP id 101-v6so15554409oth.4 for <doh@ietf.org>; Fri, 08 Jun 2018 05:57:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hakalB80Y/kaqxvbE5kVRPAk9Uk7vwioQrzf/F3Pufw=; b=HYHp8JIgpTZMMerAA6cy6+yRq5Qy6mj+vKzZztYuhuLhMQ/nFzqI4qh7T50FnlVS6i 00yq+xoyUOQ03YybVVDCqgWjlRYyhWh2AfPrrZIIZXGFW5VYd5cl+Wcu8SjlPtHjbSZD ygjs36MRJhgXmBZ4v8m9MyrK/FJyp02jrLvMnbgZaEPv/2wUjVPtTryvBfTXNsbYPKAk na1XjDfcs8UlKhUloByyUb7UOFIv1RPO20u7zbxOrIO/53krPtrvYO/ADNZx4QThPZI1 OYhafgYIwa6zwiaJL0mu8xxnr5+3OwLGiuGxTMAVaXiONlvpqYpFBiBJCREuPXFD9l+q QR2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hakalB80Y/kaqxvbE5kVRPAk9Uk7vwioQrzf/F3Pufw=; b=s18RSbaUv9+/wakbw6Aeos2+BWsKSBPDb0tf+9At/gNo3tRvj48lL78ErPOQVM2m/q kkqcDK8tPvcvK72BOPDcILvooRqgxWsP5WaOlK++Uqa5NNcaQUoyi9z83qnBdEJT2UAM cWwBPhMp9HI2/KdV09drsIxHgqz72RvytuFhNg6zGF1iQsDTr8mMMS9LSOd5SjYrROVe G8v9usHuMrohHtLhG+VPsMYaxZLlMi15IPEMOc/Vyc3s5G8exU7zpNGdFHv2PmnRAYUh Ikl27j0EwbK6DoBH5qEJMajCNj16VtFSelH6r9o2OKNdeQl/nPdLY1QWDjyJCgBVuS65 w+gg==
X-Gm-Message-State: APt69E2Mi9XYUE7RFN5jp0L1l2aNhH3nIaMkDvD4E+Pw7I9vRj8z+Myt z8wzJEY2ySpohWok3JLz4A56L3R7dRTS2dLnme+QUNom
X-Google-Smtp-Source: ADUXVKJgoTHQX1oIaXkzdvU1Ykcr6nFYKiudFBEVoOGv/uUnSR8KJNaMrmoD/oaRsfJN918G7sHKSLxIPT0DbRsoEEw=
X-Received: by 2002:a9d:4044:: with SMTP id o4-v6mr3328121oti.283.1528462640718; Fri, 08 Jun 2018 05:57:20 -0700 (PDT)
MIME-Version: 1.0
References: <20180606093212.GA23880@server.ds9a.nl> <alpine.DEB.2.11.1806061501340.10764@grey.csi.cam.ac.uk> <F5774061-35B9-477F-ADDA-8BB3472F30EF@icann.org> <CAOdDvNq9g3ghbg9fkfhP+ZA4-6E5oDNFCGo6NN9bydqUX76cLA@mail.gmail.com> <20180607093647.GB32326@server.ds9a.nl> <CAOdDvNriZDjU9yqUQjqN4fO84ENPWO3si-QePiKRgt+7VJVK0g@mail.gmail.com> <23321.27027.73356.94056@gro.dd.org> <CAOdDvNr=kLHPCtCHRx4=rpA1oDogQqdAJ0nR156BWABiFP_bzA@mail.gmail.com> <20180607215851.GA32738@server.ds9a.nl> <CAOdDvNqNpZ8fKPCO5sEqjROBHjg4wx-GGPMYSSynode10jeC0Q@mail.gmail.com> <20180608101102.GA12334@jurassic>
In-Reply-To: <20180608101102.GA12334@jurassic>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 08 Jun 2018 14:57:09 +0200
Message-ID: <CABkgnnUyjNyAFWpS5z6wJ=o=H3JcGZmOjMxOUmQhiwEYJHDsPA@mail.gmail.com>
To: muks@mukund.org
Cc: patrick mcmanus <pmcmanus@mozilla.com>, DoH WG <doh@ietf.org>, bert.hubert@powerdns.com, tale@dd.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/JkzqdRjc_nydTo2iQasCHJNXTPw>
Subject: Re: [Doh] [Ext] DNS Camel thoughts: TC and message size
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 12:57:24 -0000
Have we agreed that limiting DOH (which might use multiple encodings) is nonsensical? And that this is just a discussion about the wireformat? On Fri, Jun 8, 2018 at 12:11 PM Mukund Sivaraman <muks@mukund.org> wrote: > for a long time implementations have assumed > 64kB for message formats and these are implicit assumptions OK, if this is correct, let's examine the consequences. If we limit the size, that's an artificial limit that will be hard to remove. But it is easy to understand. And future versions of ourselves will be smarter and more experienced than current us, so it's really tempting to have them deal with any problems. YAGNI and all that. On the other hand, if we fail to limit the size, it's a little harder to reason about, but I haven't seen anything significant on the thread to suggest that this would be a genuine problem. Implementations that aren't prepared to receive very large messages will break. But we have to consider that all DOH implementations will be new even if they use an existing parser. Those implementations can therefore check that they don't break. And I can't see any way for a message larger than 64k to end up in DNS over UDP or TCP. Both contain length fields that just don't permit it[1]. So the consequences seem limited to those implementations that copy queries and answers from DOH (copying *to* DOH would obviously be safe if the limit were higher). This isn't materially different from moving from TCP to UDP in that sense. Requests that go from a DOH leg to a non-DOH leg and won't fit can be immediately turned around with an error code; responses that go from a DOH leg to a non-DOH leg and won't fit can be truncated, or turned into an error response. So I'm not seeing any need to change text here. I can see how putting some fluff in about how it might be sensible to allow for limitations of decoders and so forth might seem attractive, but it doesn't appear to be *necessary*. Of course, I wouldn't object if someone wanted to insist. Cheers, Martin [1] Absent an implementation of RFC 2675, which I believe is not relevant on the internet and probably needs to be made Historic.
- Re: [Doh] Are we missing an architecture? (was Re… Patrick McManus
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Puneet Sood
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ted Lemon
- Re: [Doh] [Ext] Are we missing an architecture? (… Ted Lemon
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ted Lemon
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Mateusz Jończyk
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Sara Dickinson
- Re: [Doh] [Ext] Are we missing an architecture? (… Daniel Stenberg
- Re: [Doh] [Ext] Are we missing an architecture? (… Sara Dickinson
- Re: [Doh] [Ext] Are we missing an architecture? (… Daniel Stenberg
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ray Bellis
- Re: [Doh] [Ext] Are we missing an architecture? (… Patrick McManus
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ben Schwartz
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Mukund Sivaraman
- Re: [Doh] [Ext] Are we missing an architecture? (… Ben Schwartz
- Re: [Doh] [Ext] Are we missing an architecture? (… Petr Špaček
- Re: [Doh] [Ext] Are we missing an architecture? (… Ray Bellis
- Re: [Doh] [Ext] Are we missing an architecture? (… bert hubert
- Re: [Doh] [Ext] Are we missing an architecture? (… Ray Bellis
- Re: [Doh] [Ext] Are we missing an architecture? (… Dave Lawrence
- Re: [Doh] [Ext] Are we missing an architecture? (… Dave Lawrence
- Re: [Doh] [Ext] Are we missing an architecture? (… Paul Hoffman
- Re: [Doh] [Ext] Are we missing an architecture? (… Tom Pusateri
- [Doh] DNS Camel thoughts: TC and message size bert hubert
- Re: [Doh] DNS Camel thoughts: TC and message size Petr Špaček
- Re: [Doh] DNS Camel thoughts: TC and message size Tony Finch
- Re: [Doh] DNS Camel thoughts: TC and message size Hewitt, Rory
- Re: [Doh] DNS Camel thoughts: TC and message size Benno Overeinder
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… George Michaelson
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Paul Hoffman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Tony Finch
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… bert hubert
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Paul Hoffman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Martin J. Dürst
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Paul Hoffman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Tony Finch
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Ray Bellis
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Ray Bellis
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… bert hubert
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Robert Edmonds
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mateusz Jończyk
- [Doh] AXFR as several messages Re: [Ext] DNS Came… bert hubert
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… John Dickinson
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Ray Bellis
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mukund Sivaraman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mukund Sivaraman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Tony Finch
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Martin Thomson
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mark Nottingham
- [Doh] DNS Camel thoughts: TC and message size Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Ólafur Guðmundsson
- [Doh] Are we missing an architecture? (was Re: DN… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… bert hubert
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] Are we missing an architecture? (was Re… Mark Nottingham
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Mukund Sivaraman
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] Are we missing an architecture? (was Re… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Andrew Sullivan
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Patrick McManus
- Re: [Doh] [Ext] DNS Camel thoughts: TC and messag… Dave Lawrence
- Re: [Doh] Are we missing an architecture? (was Re… Dave Lawrence
- Re: [Doh] Are we missing an architecture? (was Re… bert hubert
- Re: [Doh] Are we missing an architecture? (was Re… Dave Lawrence
- Re: [Doh] [Ext] Are we missing an architecture? (… Ray Bellis