Re: [Doh] [Ext] DNS Camel thoughts: TC and message size

Andrew Sullivan <ajs@anvilwalrusden.com> Sun, 10 June 2018 16:16 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F37E9130E74 for <doh@ietfa.amsl.com>; Sun, 10 Jun 2018 09:16:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.002
X-Spam-Level:
X-Spam-Status: No, score=-0.002 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=KKfnjR5G; dkim=pass (1024-bit key) header.d=yitter.info header.b=ArhGL4+c
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QEstdNLynocV for <doh@ietfa.amsl.com>; Sun, 10 Jun 2018 09:16:48 -0700 (PDT)
Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A9DC130E32 for <doh@ietf.org>; Sun, 10 Jun 2018 09:16:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id A68A0BDEF9 for <doh@ietf.org>; Sun, 10 Jun 2018 16:16:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1528647406; bh=kzNULsb7RzpRVY0BtB5Y3orhUPBnn13svQITfxaE24E=; h=Date:From:To:Subject:References:In-Reply-To:From; b=KKfnjR5G9N8IP6His0C00HwTm1lbjeNYW/0NsiyZq9aKzPM30x3IcVQt8t17CIbIh MWaa1j2F6oFey+VZSVz2jgcokYBNR2AaILbwUGMGbk3b/x73KsDRx7NqL6A8Bboi2X vcGePDYxKCEtu3CP0I/g/Fj5YpJv6E9b/FN/2GLM=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QOC3N1u0sPKp for <doh@ietf.org>; Sun, 10 Jun 2018 16:16:45 +0000 (UTC)
Date: Sun, 10 Jun 2018 12:16:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1528647405; bh=kzNULsb7RzpRVY0BtB5Y3orhUPBnn13svQITfxaE24E=; h=Date:From:To:Subject:References:In-Reply-To:From; b=ArhGL4+cOegmvgKYjf5vDU7JnhDyZCCDqOEEPCmpPSd8yimvQO24EKPg2n9zQ1pMy LRZD4JOTmQs9zvMpDz50dewAzrlzMU4DhTKwmuVHnEx9al8rMNMDcPBH39rs7UjVQR svGy01hsFw8oEP0ZrzvTgm36qykoeIlvAo/Amsq8=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: doh@ietf.org
Message-ID: <20180610161645.GF8515@mx4.yitter.info>
References: <CAOdDvNriZDjU9yqUQjqN4fO84ENPWO3si-QePiKRgt+7VJVK0g@mail.gmail.com> <23321.27027.73356.94056@gro.dd.org> <CAOdDvNr=kLHPCtCHRx4=rpA1oDogQqdAJ0nR156BWABiFP_bzA@mail.gmail.com> <20180607215851.GA32738@server.ds9a.nl> <CAOdDvNqNpZ8fKPCO5sEqjROBHjg4wx-GGPMYSSynode10jeC0Q@mail.gmail.com> <9381B529-B2F4-459A-88EB-4410A4C4DB6F@mnot.net> <CAN6NTqxA4PcrtS_3umwGERLt9WPoX4p0a0u8pL-O2=CKKTBfyA@mail.gmail.com> <23322.62892.251560.128565@gro.dd.org> <20180608221700.GC8515@mx4.yitter.info> <23323.5488.915402.337488@gro.dd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <23323.5488.915402.337488@gro.dd.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/K_jvm7-qMKPzd8Ne4RPbjSXOud8>
Subject: Re: [Doh] [Ext] DNS Camel thoughts: TC and message size
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jun 2018 16:16:50 -0000

On Fri, Jun 08, 2018 at 07:46:56PM -0400, Dave Lawrence wrote:
> Andrew Sullivan writes:
> > On Fri, Jun 08, 2018 at 05:31:24PM -0400, Dave Lawrence wrote:
> > > I'm a DNS person
> > 
> > …
> 
> You're questioning that assertion?

Certainly not!  That was very much my point -- that you have a lot of
experience with the protocol and know how far it sometimes is in
practice from what the documents say.

> Completely agree.  So if Patrick and Paul add the warning, you're on
> board?

I think if we can come up with the right words, then it'll make things
less risky, but I also worry about the deployment story unless we can
figure out what to do if something in the pipeline can't take the
"jumbo" messages.

> code should be able to avoid.  If someone is writing DoH code and
> concerned that they might be pumping a message longer than 64k
> directly into a API that you are even a little unsure of its ability
> to handle messages of that size, then don't do that.

That's the kind of risk I would rather not take: IMO the protocol
needs to say what happens in case something can't take these
new-fangled messages, I think.

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com