Re: [Doh] [Ext] Review of draft-ietf-doh-dns-over-https-04
Paul Hoffman <paul.hoffman@icann.org> Sun, 25 March 2018 16:30 UTC
Return-Path: <paul.hoffman@icann.org>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2C77127136 for <doh@ietfa.amsl.com>; Sun, 25 Mar 2018 09:30:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQYD6XPD_DuN for <doh@ietfa.amsl.com>; Sun, 25 Mar 2018 09:30:30 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-2.pexch112.icann.org [64.78.40.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39DA51200F1 for <doh@ietf.org>; Sun, 25 Mar 2018 09:30:30 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sun, 25 Mar 2018 09:30:28 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1178.000; Sun, 25 Mar 2018 09:30:28 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com>
CC: "doh@ietf.org" <doh@ietf.org>
Thread-Topic: [Ext] [Doh] Review of draft-ietf-doh-dns-over-https-04
Thread-Index: AQHTwgTZbfyj/LwYUE2fJEakfilxAaPhnnSA
Date: Sun, 25 Mar 2018 16:30:27 +0000
Message-ID: <715DB690-12D4-474C-8D60-FA03E6E9CA19@icann.org>
References: <CAHXf=0rUnVT1jLyaeb4GSdVtUsC1uz5oKoVgyY1Xy1M64YwPXg@mail.gmail.com>
In-Reply-To: <CAHXf=0rUnVT1jLyaeb4GSdVtUsC1uz5oKoVgyY1Xy1M64YwPXg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.234]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <CF2EA37246AE164CB1F8F2BC64963099@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/UNnHL-rNuQkE7SMViMCBEnn2MX8>
Subject: Re: [Doh] [Ext] Review of draft-ietf-doh-dns-over-https-04
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Mar 2018 16:30:32 -0000
Some comments on your bigger suggested changes. On Mar 22, 2018, at 5:40 PM, Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com> wrote: > - Section 5: Looking at the range of 2XX HTTP responses, i'm wondering > whether it makes sense to restrict the valid HTTP responses further? > I'm not a HTTP guru, so i'm specifically careful about this. Eg. 201 > and 202 probably don't make any sense in the context of a DNS > query/response transaction, 204 shouldn't happen if the DNS API server > provides a valid DNS response, and 205 gives me the crazy ID that this > could be used to "update" a local DNS cache with updated > information... The WG seemed hesitant to start listing speicfic types of response codes. > - Section 5, expiration: I think this should be reworded to be more > concise, i do suggest the following text: > > The HTTP response freshness > lifetime ([RFC7234] Section 4.2) should SHOULD be set to expire at > the same time the first of the DNS resource record sets in the Answer section > reach a 0 TTL, and MUST NOT be greater > than that indicated by the DNS resource record set with the smallest TTL > in the DNS response. > > (does the MUST NOT consider additional sections as well, or just the > answer section - clarification needed..) Your proposed text talks about the first RRset in the Answer section. Why? If there are multiple RRsets with different TTLs, shouldn't the HTTP expiration be based on the shortest of them, not just the first? > Same for the remaining freshness text - all sections, or just "answer" section? I used the Answer section because it is the one that is likely to be put into a cache. The data from the other sections might be used by the recursive, but are unlikely to be put in the cache because of the anti-poisoning rules. --Paul Hoffman
- [Doh] Review of draft-ietf-doh-dns-over-https-04 Alexander Mayrhofer
- Re: [Doh] [Ext] Review of draft-ietf-doh-dns-over… Paul Hoffman
- Re: [Doh] [Ext] Review of draft-ietf-doh-dns-over… Alexander Mayrhofer
- Re: [Doh] [Ext] Review of draft-ietf-doh-dns-over… Stephane Bortzmeyer