Re: [Doh] [Ext] DNS Camel thoughts: TC and message size

Martin Thomson <martin.thomson@gmail.com> Fri, 08 June 2018 12:57 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67931130EA4 for <doh@ietfa.amsl.com>; Fri, 8 Jun 2018 05:57:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hlonwC_rdH1i for <doh@ietfa.amsl.com>; Fri, 8 Jun 2018 05:57:21 -0700 (PDT)
Received: from mail-ot0-x242.google.com (mail-ot0-x242.google.com [IPv6:2607:f8b0:4003:c0f::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F97C124C04 for <doh@ietf.org>; Fri, 8 Jun 2018 05:57:21 -0700 (PDT)
Received: by mail-ot0-x242.google.com with SMTP id 101-v6so15554409oth.4 for <doh@ietf.org>; Fri, 08 Jun 2018 05:57:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hakalB80Y/kaqxvbE5kVRPAk9Uk7vwioQrzf/F3Pufw=; b=HYHp8JIgpTZMMerAA6cy6+yRq5Qy6mj+vKzZztYuhuLhMQ/nFzqI4qh7T50FnlVS6i 00yq+xoyUOQ03YybVVDCqgWjlRYyhWh2AfPrrZIIZXGFW5VYd5cl+Wcu8SjlPtHjbSZD ygjs36MRJhgXmBZ4v8m9MyrK/FJyp02jrLvMnbgZaEPv/2wUjVPtTryvBfTXNsbYPKAk na1XjDfcs8UlKhUloByyUb7UOFIv1RPO20u7zbxOrIO/53krPtrvYO/ADNZx4QThPZI1 OYhafgYIwa6zwiaJL0mu8xxnr5+3OwLGiuGxTMAVaXiONlvpqYpFBiBJCREuPXFD9l+q QR2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hakalB80Y/kaqxvbE5kVRPAk9Uk7vwioQrzf/F3Pufw=; b=s18RSbaUv9+/wakbw6Aeos2+BWsKSBPDb0tf+9At/gNo3tRvj48lL78ErPOQVM2m/q kkqcDK8tPvcvK72BOPDcILvooRqgxWsP5WaOlK++Uqa5NNcaQUoyi9z83qnBdEJT2UAM cWwBPhMp9HI2/KdV09drsIxHgqz72RvytuFhNg6zGF1iQsDTr8mMMS9LSOd5SjYrROVe G8v9usHuMrohHtLhG+VPsMYaxZLlMi15IPEMOc/Vyc3s5G8exU7zpNGdFHv2PmnRAYUh Ikl27j0EwbK6DoBH5qEJMajCNj16VtFSelH6r9o2OKNdeQl/nPdLY1QWDjyJCgBVuS65 w+gg==
X-Gm-Message-State: APt69E2Mi9XYUE7RFN5jp0L1l2aNhH3nIaMkDvD4E+Pw7I9vRj8z+Myt z8wzJEY2ySpohWok3JLz4A56L3R7dRTS2dLnme+QUNom
X-Google-Smtp-Source: ADUXVKJgoTHQX1oIaXkzdvU1Ykcr6nFYKiudFBEVoOGv/uUnSR8KJNaMrmoD/oaRsfJN918G7sHKSLxIPT0DbRsoEEw=
X-Received: by 2002:a9d:4044:: with SMTP id o4-v6mr3328121oti.283.1528462640718; Fri, 08 Jun 2018 05:57:20 -0700 (PDT)
MIME-Version: 1.0
References: <20180606093212.GA23880@server.ds9a.nl> <alpine.DEB.2.11.1806061501340.10764@grey.csi.cam.ac.uk> <F5774061-35B9-477F-ADDA-8BB3472F30EF@icann.org> <CAOdDvNq9g3ghbg9fkfhP+ZA4-6E5oDNFCGo6NN9bydqUX76cLA@mail.gmail.com> <20180607093647.GB32326@server.ds9a.nl> <CAOdDvNriZDjU9yqUQjqN4fO84ENPWO3si-QePiKRgt+7VJVK0g@mail.gmail.com> <23321.27027.73356.94056@gro.dd.org> <CAOdDvNr=kLHPCtCHRx4=rpA1oDogQqdAJ0nR156BWABiFP_bzA@mail.gmail.com> <20180607215851.GA32738@server.ds9a.nl> <CAOdDvNqNpZ8fKPCO5sEqjROBHjg4wx-GGPMYSSynode10jeC0Q@mail.gmail.com> <20180608101102.GA12334@jurassic>
In-Reply-To: <20180608101102.GA12334@jurassic>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 08 Jun 2018 14:57:09 +0200
Message-ID: <CABkgnnUyjNyAFWpS5z6wJ=o=H3JcGZmOjMxOUmQhiwEYJHDsPA@mail.gmail.com>
To: muks@mukund.org
Cc: patrick mcmanus <pmcmanus@mozilla.com>, DoH WG <doh@ietf.org>, bert.hubert@powerdns.com, tale@dd.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/JkzqdRjc_nydTo2iQasCHJNXTPw>
Subject: Re: [Doh] [Ext] DNS Camel thoughts: TC and message size
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2018 12:57:24 -0000

Have we agreed that limiting DOH (which might use multiple encodings)
is nonsensical?  And that this is just a discussion about the
wireformat?

On Fri, Jun 8, 2018 at 12:11 PM Mukund Sivaraman <muks@mukund.org> wrote:
> for a long time implementations have assumed
> 64kB for message formats and these are implicit assumptions

OK, if this is correct, let's examine the consequences.

If we limit the size, that's an artificial limit that will be hard to
remove.  But it is easy to understand.  And future versions of
ourselves will be smarter and more experienced than current us, so
it's really tempting to have them deal with any problems.  YAGNI and
all that.

On the other hand, if we fail to limit the size, it's a little harder
to reason about, but I haven't seen anything significant on the thread
to suggest that this would be a genuine problem.

Implementations that aren't prepared to receive very large messages
will break.  But we have to consider that all DOH implementations will
be new even if they use an existing parser.  Those implementations can
therefore check that they don't break.

And I can't see any way for a message larger than 64k to end up in DNS
over UDP or TCP.  Both contain length fields that just don't permit
it[1].

So the consequences seem limited to those implementations that copy
queries and answers from DOH (copying *to* DOH would obviously be safe
if the limit were higher).  This isn't materially different from
moving from TCP to UDP in that sense.  Requests that go from a DOH leg
to a non-DOH leg and won't fit can be immediately turned around with
an error code; responses that go from a DOH leg to a non-DOH leg and
won't fit can be truncated, or turned into an error response.

So I'm not seeing any need to change text here.  I can see how putting
some fluff in about how it might be sensible to allow for limitations
of decoders and so forth might seem attractive, but it doesn't appear
to be *necessary*.  Of course, I wouldn't object if someone wanted to
insist.

Cheers,
Martin


[1] Absent an implementation of RFC 2675, which I believe is not
relevant on the internet and probably needs to be made Historic.