[Doh] ICMPv6 Option for DoH
"Rayhaan Jaufeerally (IETF)" <ietf@rayhaan.ch> Mon, 25 March 2019 23:08 UTC
Return-Path: <rayhaan@rayhaan.ch>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 707ED120176 for <doh@ietfa.amsl.com>; Mon, 25 Mar 2019 16:08:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rayhaan-ch.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWqdAFR2kn93 for <doh@ietfa.amsl.com>; Mon, 25 Mar 2019 16:08:08 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E65CA120175 for <doh@ietf.org>; Mon, 25 Mar 2019 16:08:07 -0700 (PDT)
Received: by mail-ed1-x531.google.com with SMTP id q3so9115090edg.0 for <doh@ietf.org>; Mon, 25 Mar 2019 16:08:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rayhaan-ch.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=xY/MYTmfhTJ2t6yyp1Dr9MXQd6AoIKpeKANm2KAq85I=; b=PHqd/Fi5evpSrMTAPQfe2JIY/601+pJi7iKJ5tcALv+rClq+6pvXMGhECmTT70NNcl z4MkTUnKSE7WQYnoIyrvyXcjQlEjZqg+J5s372Rx23rDh9wE2OhXcuGWZajuN9njZdom 2nxl72j+fBsOhiyqzGee9XROU0BXzuki2mVZtcMpWZMUkBd1r5aEMYanHUebmOlxRsQB UcIvjB03vTAZICMYAMIspdEMUu4SB8CRJv9m5JbvBk2KHePfrVuQk40tDhDkQvjl33Kd 6nm+lt69JB+IrL1B5pw+uU2RBWavh7jsjn6OlZTNqMZWfg0sc8matFcLJgoo6zhc+Jyt Hm9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=xY/MYTmfhTJ2t6yyp1Dr9MXQd6AoIKpeKANm2KAq85I=; b=R/LY2hppJicdfirGe++FroV+DFwO2ACSCbk534fB9i49DEtmC8pV42p+X27LMZ0eHm YaUCHSOxvb8O4/ihrnnSE1CwF3SO8ma/RRMtG8v3G0H2/lRf74rEWKbsJ1VGAysgN41g sdl4zlxXxln2+U2N9gIw+YmADoW6g6MaPT6GZRpurf9SUlh7WdGkpT3dgwxhvm0yzFK5 4Dj570CuMt6YW4suwAhjG68MTBpc5seoXrxF8GkW972GxazbCsZa9Bxunx8AIy4/Cgun kr77lT7Ze0XhNfLtfDul0d8Jrbcy+5BXdlAmS3m49eDHc3a3mHG5ZiD0Z1YbcogKc8sp 8A5w==
X-Gm-Message-State: APjAAAV3D8MTQZxySBUlw6cskx27VEJO35fRP/hZmPIsVE05kZGPbhvk 7ntc1FnJkQhBLdkUpBBwm4eGZs8rfGnzV7Q77Xrk1s/7aG4=
X-Google-Smtp-Source: APXvYqxECI2d30wDycQ+Z5+3ZJj+HTJl7JnfRmPQ1mDt5/gMrtX80nyihs78r/NTx4PfW78Obw2Q9Et0cjPkvgyZUFo=
X-Received: by 2002:a50:94fa:: with SMTP id t55mr17613179eda.229.1553555285882; Mon, 25 Mar 2019 16:08:05 -0700 (PDT)
MIME-Version: 1.0
From: "Rayhaan Jaufeerally (IETF)" <ietf@rayhaan.ch>
Date: Tue, 26 Mar 2019 00:07:42 +0100
Message-ID: <CACcWx2GeKL=wN_DPbgZY=js4uyQcWi5AaFXxsyJrWaiVS2U3jQ@mail.gmail.com>
To: doh@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f44b6e0584f346f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/dMXw7a3CMgImbGVY-SkkGRyewFU>
Subject: [Doh] ICMPv6 Option for DoH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 23:08:23 -0000
Dear DoH WG, I came across your `draft-ietf-doh-resolver-associated-doh` whilst thinking about how to propagate DoH configuration information to end hosts. Specifically, I was thinking about proposing an ICMPv6 Router Advertisement option which would embed this information in an RA message, in a similar manner to the Provisioning Domain architecture ( https://datatracker.ietf.org/doc/draft-ietf-intarea-provisioning-domains/?include_text=1 ). The information contained in this option could be the URL template, and current IP address of the resolver, and a lifetime. This would be to bootstrap the resolution process (i.e. instead of fetching the /.well-known/doh-servers-associated/ path). In my opinion two advantages of this approach would be that the configuration information passing through this channel can be secured using Secure Neighbor Discovery (as opposed to do53 which is more easily intercepted). Furthermore, using a domain name to refer to the server means that end host can refresh the IP address of the server by periodically looking up the FQDN of the DNS server. This could simplify processing of RA messages since only a lifetime timer needs to be kept to re-query for the FQDN (assuming the same FQDN is being distributed by the RA). Unfortunately, I cannot make it to IETF 104 in Prague this week, but do let me know if anyone has any opinions on this proposal. Regards, Rayhaan -- Rayhaan Jaufeerally -- https://www.rayhaan.ch NOC contact: +41 078 636 7556 / noc@rayhaan.ch
- [Doh] ICMPv6 Option for DoH Rayhaan Jaufeerally (IETF)
- [Doh] Question/proposal for DoH, for discussion a… Brian Dickson