Re: [Doh] handling HTTP re-directs in DoH

Daniel Stenberg <daniel@haxx.se> Fri, 12 April 2019 12:44 UTC

Return-Path: <daniel@haxx.se>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ED931203A1 for <doh@ietfa.amsl.com>; Fri, 12 Apr 2019 05:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aYxfW-dYErvP for <doh@ietfa.amsl.com>; Fri, 12 Apr 2019 05:44:30 -0700 (PDT)
Received: from giant.haxx.se (www.haxx.se [IPv6:2a00:1a28:1200:9::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC294120373 for <doh@ietf.org>; Fri, 12 Apr 2019 05:44:29 -0700 (PDT)
Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id x3CCiO3L003421 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 12 Apr 2019 14:44:24 +0200
Received: from localhost (dast@localhost) by giant.haxx.se (8.15.2/8.15.2/Submit) with ESMTP id x3CCiOo0003380; Fri, 12 Apr 2019 14:44:24 +0200
X-Authentication-Warning: giant.haxx.se: dast owned process doing -bs
Date: Fri, 12 Apr 2019 14:44:24 +0200
From: Daniel Stenberg <daniel@haxx.se>
X-X-Sender: dast@giant.haxx.se
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
cc: doh@ietf.org
In-Reply-To: <925aa4c9-d28d-d4b3-1461-2dfb17f40fac@cs.tcd.ie>
Message-ID: <alpine.DEB.2.20.1904121437240.31156@tvnag.unkk.fr>
References: <925aa4c9-d28d-d4b3-1461-2dfb17f40fac@cs.tcd.ie>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
X-fromdanielhimself: yes
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/e-L87lNItD6jhjyqmSlVFMAUEcA>
Subject: Re: [Doh] handling HTTP re-directs in DoH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 12:44:32 -0000

On Fri, 12 Apr 2019, Stephen Farrell wrote:

> Discussion on another list prompted me to re-read 8484 to see if I can 
> understand what's supposed to happen if a DoH server returns a 3xx. I didn't 
> find an explicit answer in the RFC, so am wondering what implementers do in 
> that case?

I *think* the Firefox implementation will follow them if received. The curl 
implementation does not (mostly because of doing as little as possible until 
proven necessary). I've not seen any DoH server implementation actually send 
any redirects (but I also haven't looked very hard).

3xx responses are part of HTTP so why shouldn't they be acknowledged? I'd say 
that also goes for 1xx responses, 401 responses and more.

-- 

  / daniel.haxx.se