Re: [Doh] Eric Rescorla's No Objection on draft-ietf-doh-dns-over-https-13: (with COMMENT)
Patrick McManus <pmcmanus@mozilla.com> Mon, 13 August 2018 20:50 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2325C130DC6; Mon, 13 Aug 2018 13:50:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1BA053vHVuE; Mon, 13 Aug 2018 13:50:45 -0700 (PDT)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id 8AF2F131092; Mon, 13 Aug 2018 13:50:45 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) by linode64.ducksong.com (Postfix) with ESMTPSA id DB2793A019; Mon, 13 Aug 2018 16:50:44 -0400 (EDT)
Received: by mail-oi0-x236.google.com with SMTP id w126-v6so29698123oie.7; Mon, 13 Aug 2018 13:50:44 -0700 (PDT)
X-Gm-Message-State: AOUpUlGZpuiHiXN0EVsVme1V6RTlgO6L8QH0H1mUe2S+Bmmyk3hQtg/F 9jTyKRQ6o57PyMT+oqbmq8pLc+fs4jIxNbnLMm8=
X-Google-Smtp-Source: AA+uWPx/NPmSJhzMT7BCcn2jSf+iuDDUPnyuxt6EksY91BKdqNCGb+GuSTOFmf0X0V8DpBK+1RSNg+yuq/b8d1+v53I=
X-Received: by 2002:aca:2e86:: with SMTP id u128-v6mr18345927oiu.132.1534193443596; Mon, 13 Aug 2018 13:50:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:8a22:0:0:0:0:0 with HTTP; Mon, 13 Aug 2018 13:50:42 -0700 (PDT)
In-Reply-To: <451ADADC-1315-4227-A144-7CF7C1E1E666@vpnc.org>
References: <153418872923.25024.16784643673174920377.idtracker@ietfa.amsl.com> <451ADADC-1315-4227-A144-7CF7C1E1E666@vpnc.org>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Mon, 13 Aug 2018 16:50:42 -0400
X-Gmail-Original-Message-ID: <CAOdDvNrhUczEgROTSedRQEE6OBSLZ4NoMz=FL51=XV_wGxXpQQ@mail.gmail.com>
Message-ID: <CAOdDvNrhUczEgROTSedRQEE6OBSLZ4NoMz=FL51=XV_wGxXpQQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: Eric Rescorla <ekr@rtfm.com>, The IESG <iesg@ietf.org>, draft-ietf-doh-dns-over-https@ietf.org, DoH WG <doh@ietf.org>, doh-chairs@ietf.org
Content-Type: multipart/alternative; boundary="00000000000038f23f0573573f52"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/KqI3f3o7dBk8hKiv_jwGqFkH6Ok>
Subject: Re: [Doh] Eric Rescorla's No Objection on draft-ietf-doh-dns-over-https-13: (with COMMENT)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 20:50:48 -0000
On Mon, Aug 13, 2018 at 4:16 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > > > S 5.1. >> >>> DoH servers MUST implement both the POST and GET methods. >>> >>> When using the POST method the DNS query is included as the message >>> body of the HTTP request and the Content-Type request header field >>> indicates the media type of the message. POST-ed requests are >>> smaller than their GET equivalents. >>> >> >> Because? I assume b/c no encoding. With that said, it is not obvious >> that this is true because (as shown below) you have to put content- >> length and content-type in the POST version, so if you had a smallish >> request, you might gt more expansion that way, >> > > All DoH responses are at least about 17 bytes long (the 12-byte DNS > message header plus the shortest possible domain name plus the type and > class), much more typically at least 40 bytes with typical names and even a > short answer. Base64 of that will be longer than the content length and > content type. Normal answers will definitely be longer. > to clarify - the text is about requests, not responses.. which will be a bit shorter that what Paul mentions in the dns-message part. fwiw - the h2 hpack overhead here, which we expect is the common case - is on the order of 4 bytes iirc. I think we should resolve this just by hedging.. "are generally smaller than their GET equivalents." > S 6.1. >> >>> The stale-while-revalidate and stale-if-error Cache-Control >>> directives ([RFC5861]) could be well-suited to a DoH implementation >>> when allowed by server policy. Those mechanisms allow a client, at >>> the server's discretion, to reuse a cache entry that is no longer >>> fresh. In such a case, the client reuses all of a cached entry, or >>> none of it. >>> >> >> Is this a normative requirement or a statement of fact? >> > > Not sure. Input from the HTTP crowd is welcome here. > it is a statement of fact about http - its drawn out a bit here because its particularly relevant to DNS (as similar algorithms are considered elsewhere in the DNS world as well), and therefore DoH implementors, when considering whether they want to make use of conditional validations.
- [Doh] Eric Rescorla's No Objection on draft-ietf-… Eric Rescorla
- Re: [Doh] Eric Rescorla's No Objection on draft-i… Eric Rescorla
- Re: [Doh] Eric Rescorla's No Objection on draft-i… Paul Hoffman
- Re: [Doh] Eric Rescorla's No Objection on draft-i… Patrick McManus
- Re: [Doh] Eric Rescorla's No Objection on draft-i… Patrick McManus