Re: [Doh] [Ext] Re: Use cases and URLs

Patrick McManus <pmcmanus@mozilla.com> Wed, 07 March 2018 23:03 UTC

Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F5291242F5 for <doh@ietfa.amsl.com>; Wed, 7 Mar 2018 15:03:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.102
X-Spam-Level: **
X-Spam-Status: No, score=2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_SBL_CSS=3.335, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19bN4gWhE7Qh for <doh@ietfa.amsl.com>; Wed, 7 Mar 2018 15:03:18 -0800 (PST)
Received: from linode64.ducksong.com (linode6only.ducksong.com [IPv6:2600:3c02::f03c:91ff:fe6e:e8da]) by ietfa.amsl.com (Postfix) with ESMTP id AFCF5120727 for <doh@ietf.org>; Wed, 7 Mar 2018 15:03:18 -0800 (PST)
Received: from mail-ot0-f182.google.com (mail-ot0-f182.google.com [74.125.82.182]) by linode64.ducksong.com (Postfix) with ESMTPSA id 07B643A067 for <doh@ietf.org>; Wed, 7 Mar 2018 18:03:18 -0500 (EST)
Received: by mail-ot0-f182.google.com with SMTP id f11so3688314otj.12 for <doh@ietf.org>; Wed, 07 Mar 2018 15:03:18 -0800 (PST)
X-Gm-Message-State: APf1xPDPqz318xVPHEgJlcKYPj+9STiPPuTOpQluaFXqE1b/HAUSyLCE UHrAQ7X5k0oHFipezi0UeXoR2UikhG2sV3gGEGc=
X-Google-Smtp-Source: AG47ELutmAgmrib8dO/4qCuZp2KwoGO8acbFBi4joQsSlb2ZHWTiLi2PrYq3WJ57aMcy731ObHfq+ekHUYnv7oHIv/Y=
X-Received: by 10.157.18.228 with SMTP id g91mr17613108otg.2.1520463797714; Wed, 07 Mar 2018 15:03:17 -0800 (PST)
MIME-Version: 1.0
Received: by 10.74.66.212 with HTTP; Wed, 7 Mar 2018 15:03:17 -0800 (PST)
In-Reply-To: <53FF5085-D22D-4EEB-83DA-F5DB2CB2347C@icann.org>
References: <24DEFAAB-D2A3-45E5-8CEE-E2E4EA23B9C2@icann.org> <5bca3f4f-e40a-4afc-c71a-25ede395a065@nostrum.com> <497ECCA2-5453-40CC-8385-7FEBE1A3FB0D@icann.org> <CAOdDvNr-uDrQjpmB9RVfqqNtj+65QJoM+-bqQLbgYvfGKG4EQQ@mail.gmail.com> <53FF5085-D22D-4EEB-83DA-F5DB2CB2347C@icann.org>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Wed, 7 Mar 2018 18:03:17 -0500
X-Gmail-Original-Message-ID: <CAOdDvNrg5VOv5NusOWsv2PUuRfSD-=c474Jiu2xs4OJJ8cGh7A@mail.gmail.com>
Message-ID: <CAOdDvNrg5VOv5NusOWsv2PUuRfSD-=c474Jiu2xs4OJJ8cGh7A@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: Patrick McManus <pmcmanus@mozilla.com>, "doh@ietf.org" <doh@ietf.org>
Content-Type: multipart/alternative; boundary="001a114c59d68e84bb0566da905f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/byvUzx6HmUb6sCYxZ3KRB2Ur2RQ>
Subject: Re: [Doh] [Ext] Re: Use cases and URLs
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 23:03:20 -0000

I believe that the level of discovery (i.e. you need to configure it) is
fine for the work the WG has adopted and the recursive resolver scope we're
working on. It is the normal approach for a web service.

While I don't see a lot of value in starting a separate new work item on
discovery I don't have a strong opinion on whether the wg should do that
beyond my suspicion that it wouldn't be widely used.

On Wed, Mar 7, 2018 at 4:49 PM, Paul Hoffman <paul.hoffman@icann.org>; wrote:

>
> See above. In the edge case that I hear that my bank runs this secure DNS
> server but I don't know my bank's hostname, I am out of luck with DOH.
> That's fine.
>
>
I don't understand why we are talking about your bank's DNS server.  I
presume you mean that in context only with your interactions with the bank?

I know you mentioned some use cases around the browser using it to resolve
http urls instead of its global recursive resolver, but that's not
something that is in scope for the DoH WG (that would imo best be a HTTPbis
item - as it is how to route HTTP requests.. for which one possibility
among many is to define a discovery algorithm for a DoH endpoint based on
first party and define the scope of the result from that endpoint.. but
that's speculative and nobody is chartered to do that work.)

>
> OS configuration for DNS service has always been based on IP addresses
> because using a domain name to identify a server causes a pretty obvious
> chicken-and-egg problem. How is that relevant for DOH, which is based on
> URLs that already have a hostname in them?
>

it is relevant here because your proposal effectively maps a hostname to a
URL. It kinda looks like it maps it to N URLs but because there is no
useful way to discriminate between them other than configuration (which
could just use the URL), it is effectively just one. Your example did use
redundant servers, which wouldn't really need discrimination other than
perf/reachability, but the web already has plenty of ways of building
redundancies into unique urls and its ideal if the url descirbes the
resource, not the routing,

[..]

>
> Correct. This proposal is to make configuration easier. Are you objecting
> to making configuration easier, or to the notion that the DNS API server
> URL should be discoverable, or ...?
>
>
I'm definitely saying the DoH protocol doc does not need to further define
discovery.