IETF Logo Mail Archive

Re: [Doh] [Ext] Does the HTTP freshness lifetime need to match the TTL?

Paul Hoffman <paul.hoffman@icann.org> Sat, 12 May 2018 23:31 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B585129BBF for <doh@ietfa.amsl.com>; Sat, 12 May 2018 16:31:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jUxrl1zAnZ_A for <doh@ietfa.amsl.com>; Sat, 12 May 2018 16:31:48 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-2.pexch112.icann.org [64.78.40.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A73E1241F5 for <doh@ietf.org>; Sat, 12 May 2018 16:31:48 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sat, 12 May 2018 16:31:46 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1178.000; Sat, 12 May 2018 16:31:46 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Mark Nottingham <mnot@mnot.net>
CC: DoH WG <doh@ietf.org>
Thread-Topic: [Doh] [Ext] Does the HTTP freshness lifetime need to match the TTL?
Thread-Index: AQHT5mEMbkO3Y2FrSECwXZLZvhlEfaQmKoUAgAAEuACABwwhgA==
Date: Sat, 12 May 2018 23:31:46 +0000
Message-ID: <DC35DB99-D0D6-4F50-A3A2-B0E765A66BF8@icann.org>
References: <15A1809C-2CA3-4A3B-A5B1-279227C30223@icann.org> <3E34581E-E2DC-48B7-A4AD-6B9FDA418179@icann.org> <31900328-8813-47D3-9F89-0B863CE673B3@mnot.net> <CAOdDvNoQC=e8GTHU5Bw1KkR0r+dyKhqsVDRXvuyJb+jQSKn8GQ@mail.gmail.com> <058CD4DD-28F3-44FD-B616-2544EBDB7676@mnot.net>
In-Reply-To: <058CD4DD-28F3-44FD-B616-2544EBDB7676@mnot.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.32.234]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <C4194C3DE31CA84F920727DC544DA1F9@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/Q1BGZDCXk-3hy5GzG_UMsGS55gQ>
Subject: Re: [Doh] [Ext] Does the HTTP freshness lifetime need to match the TTL?
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 May 2018 23:31:49 -0000

On May 8, 2018, at 4:54 AM, Mark Nottingham <mnot@mnot.net> wrote:
> It looks like you're using RFC2119 requirements to bring attention to important parts of the specification ("we really mean that this could trip you up"), rather than stating actual requirements for interoperability.

I would like to see the RFC 2119 language for security. That is, if a resolver vendor says "eh, I don't see 2119 words here so I won't implement it", their resolver will cause clients to use data that it would not have gotten if it had been using DNS-over-port-53.

> These MUSTs aren't testable,

Agree.

> and they may be too confining in some deployments.

Such as...?

> This stuff really is advice, of the "if it hurts, don't do that" sort -- not requirements.

The 2119 language being suggested is for DNS API servers, and there is no concept of "if it hurts" for them. The hurt comes to their clients. Thus, the stronger language is warranted.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email