Re: [Doh] A question of trust (was Re: Draft -09 and WGLC #2)

Patrick McManus <pmcmanus@mozilla.com> Wed, 30 May 2018 16:20 UTC

Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDAAF12E8AF for <doh@ietfa.amsl.com>; Wed, 30 May 2018 09:20:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KFrayBpFu7dK for <doh@ietfa.amsl.com>; Wed, 30 May 2018 09:20:35 -0700 (PDT)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id 4BC3012E8C4 for <doh@ietf.org>; Wed, 30 May 2018 09:20:35 -0700 (PDT)
Received: from mail-oi0-f42.google.com (mail-oi0-f42.google.com [209.85.218.42]) by linode64.ducksong.com (Postfix) with ESMTPSA id B0FF53A051 for <doh@ietf.org>; Wed, 30 May 2018 12:20:34 -0400 (EDT)
Received: by mail-oi0-f42.google.com with SMTP id 14-v6so8841388oie.3 for <doh@ietf.org>; Wed, 30 May 2018 09:20:34 -0700 (PDT)
X-Gm-Message-State: APt69E0BiPSyc2Ro/u8hpdnixEDWHWsPfVM87DVMhPHJUxlHI4pfv5rh WuADkhI2tFErkByVEKCzpjtbJRu6ZjdD123BakI=
X-Google-Smtp-Source: ADUXVKJ419gR8q5Nw811tF3bXb+4XFXTAwhKfMDodvyai4JxCCisY6NWGjQvvoF8oP+cRK8+aoB0gRNyU2UV9cTeSb4=
X-Received: by 2002:aca:bec6:: with SMTP id o189-v6mr1802693oif.337.1527697234432; Wed, 30 May 2018 09:20:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:8a32:0:0:0:0:0 with HTTP; Wed, 30 May 2018 09:20:33 -0700 (PDT)
In-Reply-To: <9c437a7f-a109-c9f3-ee14-b4274313563f@o2.pl>
References: <CAHbrMsCxkogJ-fzubf7cPgvbeGAhWUFKV3crrmn4ee6=fDnqwQ@mail.gmail.com> <382ba525100a4561b086fe8b8b6527be@ustx2ex-dag1mb3.msg.corp.akamai.com> <603D7553-D1A9-4DCC-9E74-199059C56A9F@sinodun.com> <1daad94d-99c1-803a-f52c-1dd17adefb7a@o2.pl> <CAOdDvNrpLwF5jpn1YA4-HXsfGxVkdds+xHVd6Bxy0Ux+3nrcrA@mail.gmail.com> <CA9BEE64-9F16-4CCC-A1E0-4C7FD45C455C@icann.org> <20180528161043.GB12038@mx4.yitter.info> <CABkgnnV3kKFCzKLfPf_0WZh95jr2vEt652Rb4EozfqROCVsJdA@mail.gmail.com> <CAOdDvNrPU9WM3WgcX1AVF39D3bGdxCKgPAF_afhfv2Qt0pZR5g@mail.gmail.com> <DB7D40D6-455A-48DD-AB98-DF2CF0866222@sinodun.com> <CAOdDvNopKvs18jQizgyiAQq8UyB4GwdqyXfXPa+25pNrxWg8pA@mail.gmail.com> <CAOdDvNq9A2PsE9c4oW9XEPq8adVSDWSMqWzta4MfMrRktbLNkA@mail.gmail.com> <9c437a7f-a109-c9f3-ee14-b4274313563f@o2.pl>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Wed, 30 May 2018 12:20:33 -0400
X-Gmail-Original-Message-ID: <CAOdDvNr28T9+LEHrm967zDiaLgit7H0eFK-5Dp5nbjboqjVsDA@mail.gmail.com>
Message-ID: <CAOdDvNr28T9+LEHrm967zDiaLgit7H0eFK-5Dp5nbjboqjVsDA@mail.gmail.com>
To: =?UTF-8?Q?Mateusz_Jo=C5=84czyk?= <mat.jonczyk@o2.pl>
Cc: Patrick McManus <pmcmanus@mozilla.com>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fb998d056d6eba61"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/X836nARby9wBHGN1XkNMPiPDsUA>
Subject: Re: [Doh] A question of trust (was Re: Draft -09 and WGLC #2)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 16:20:38 -0000

I appreciate the comments.

On Wed, May 30, 2018 at 11:59 AM, Mateusz Jończyk <mat.jonczyk@o2.pl>; wrote:

The server selection text that ended up merged is a little different than
what you quoted (partly because we had a similar reaction when rereading)

"A DNS API client MUST NOT use a different URI simply because it was
discovered outside of the client's configuration, or because a server
offers an unsolicited response that appears to be a valid answer to a DNS
query."

the key and clear part there is "a different URI".


> I think the previous wording in the "Security considerations" section was
> much
> better:
>         A client MUST NOT use arbitrary DNS API servers.
>         Instead, a client MUST only use DNS
>         API servers specified using mechanisms such as explicit
> configuration.
>
>
While I normally favor concise (and do like your text), the feedback has
been to err on the side of being more explanatory especially in justifying
use of MUST NOT - so editorially I think what we have is the right thing to
do and I think you did make it better by reconciling it more tightly with
the server selection section.



> It only required a rewording of the section "Selection of DNS API server"
> to
> match it.
>
> ------------------
>
> By the way, we should clarify the section "Server push". I propose it to
> read so:
>
>         A DNS API client MUST ignore pushed DNS API requests (see
> {{RFC7540}}
>         Section 8.2) whose pushed request URI is not one that the client
>         would have directed the same query to if the client had initiated
> the
>         request.
>
> (which is a modification of the text proposed in
>         https://github.com/dohwg/draft-ietf-doh-dns-over-https/pull/185
> and suits the comments there).
>
>
Basically, my response is that this is the same as the security
considerations reasoning. Its helpful to explain a little bit of rationale
and highlight how this differs between push and pull..