IETF Logo Mail Archive

Re: [Doh] [Ext] WGLC on draft-ietf-doh-dns-over-https

Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com> Fri, 04 May 2018 11:54 UTC

Return-Path: <alex.mayrhofer.ietf@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B47BD126CBF for <doh@ietfa.amsl.com>; Fri, 4 May 2018 04:54:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0elPBrtnVNHv for <doh@ietfa.amsl.com>; Fri, 4 May 2018 04:54:51 -0700 (PDT)
Received: from mail-ot0-x229.google.com (mail-ot0-x229.google.com [IPv6:2607:f8b0:4003:c0f::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 342141201F2 for <doh@ietf.org>; Fri, 4 May 2018 04:54:51 -0700 (PDT)
Received: by mail-ot0-x229.google.com with SMTP id j27-v6so24144614ota.5 for <doh@ietf.org>; Fri, 04 May 2018 04:54:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=NOztDM1pJs390H2dM3NC/ZQdvijKQd9MBoYBHCGdjZA=; b=IVx6wLO1KLFZ/VH2qMnfaEQGcVOZXexOAE4J9scQ3RzPyc7O+mEHjRtorfjiwvvej3 wQmPnSkAyOEffmTQ0z+LEsjeoaA1w9gPdjXrVPOz16KJIFdtCFpvwd8T83WLS2Jv46fL /80HhSMMd+hzg/OQZ8yUdQMjWCfm09h04ypDqPPjY6U2UYM4p8r38iwpKrC/N9ZoZI8+ bixXd1odJqHrHAn0Ycr5tMuZwMan1ztK2uTJB5Gjo77aC6j6nUS8xT4LCMqfVVJlT9cE ZqXSsjjb7MLneao4fDM6QW0b7mMheo5CQ0pSHxoL670cakJDEyTnIi+gNqXQq5N0u7qt +ALQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=NOztDM1pJs390H2dM3NC/ZQdvijKQd9MBoYBHCGdjZA=; b=mgD3Sd8fCfA3uOWfx8kzhazuoXvvvn73bE4NVlBNw4TbFPeTnnaxwIxWb0rQGZR8/2 Tl5m3wpNfT4gMeSuGM+XsKwjpT4hpR0o0xG+g7LTbfvYqydhroYChyKrji7Uhjjpk11/ TLnUSlkSwF1kiS/zXM4LxfH4av9mYQBx6GMrQ1fqM1/RA1/uyIyv+jr892TyzLWEjbSC mOSAdDdDY9FPcFgiQIl5zUAgtJrvZWOikToUzgrGWU6PSHyIUZDVhR+wPF3I4RAp05sQ qs5UPHW+29W8x5vM4a7kvf1XVuZzF1CJwTWQo7GMVoWyFDYOWWtZDSqBsxLrc52fcPb+ mRwg==
X-Gm-Message-State: ALQs6tAO/u++oGxrVEiMgwuomGhJSjaspDMPDUObxJkOk5JS5LIiwXBE JReyzhleDVkSoFo8zh23JaRSf9BhL8Kis/0gdiY=
X-Google-Smtp-Source: AB8JxZr5tGrv88jlDQ5u/jPtWg0VB+w16UHTAjmIGhKxAabR7mqCCNO/tVfNYhGA90t5UsYy5SdBnW1j+6h5RqwvbrI=
X-Received: by 2002:a9d:1b6d:: with SMTP id l100-v6mr19640948otl.127.1525434890655; Fri, 04 May 2018 04:54:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.194.24 with HTTP; Fri, 4 May 2018 04:54:50 -0700 (PDT)
In-Reply-To: <2A0E3E8D-2D0C-4164-9EAC-6535686725DB@sinodun.com>
References: <EB0551FD-B7D6-4834-9979-75D162FC5A62@sinodun.com> <DBFFE98A-972D-44BE-AD20-5F3C7B378312@sinodun.com> <9452C542-6F2F-4167-AE71-7A48C8C8055C@icann.org> <2A0E3E8D-2D0C-4164-9EAC-6535686725DB@sinodun.com>
From: Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com>
Date: Fri, 04 May 2018 13:54:50 +0200
Message-ID: <CAHXf=0ofCcig6cHJSpK+Ph0zOtaUtqB82ahiSt1JsLKQM_2K7w@mail.gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Cc: Paul Hoffman <paul.hoffman@icann.org>, DoH WG <doh@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/fYuEpGghg5Mrbar6tdAxjb3artg>
Subject: Re: [Doh] [Ext] WGLC on draft-ietf-doh-dns-over-https
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 11:54:54 -0000

Hello,

[comments inline on Padding]

On Wed, May 2, 2018 at 1:42 PM, Sara Dickinson <sara@sinodun.com> wrote:
>> I'm not sure why there are "problems" with these. For padding, the server can use it or not.
>
> For me the issue is simply that HTTP padding is specifically mentioned in the draft (several times) but that EDNS(0) isn’t mentioned at all. A simple statement in Section 6 to the effect that ‘DNS API clients and servers may use EDNS(0) padding [RFC7830] in the DNS wire format independently of whether or not HTTP padding is used.’ would suffice I think.

I do agree with Sara on this. It seems incomplete to mention HTTP
padding a few times, but not mention DNS padding at all, given that
the protocol is a "mixture" of both worlds.

And remembering a few discussions i had with fellow encryption gurus,
it seems preferrable to perform padding at the "innermost" level,
where the application has the greatest extent of control over whether
or not padding has been performed, and to what extent. Looking at the
layering of DOH, that probably means that EDNS padding gives an app
more control than HTTP padding, and HTTP padding gives an application
more control than padding on the TLS layer.

Therefore, i do suggest that we do mention EDNS padding as at least an
equal choice to HTTP padding.  I can prepare text (or a pull request
if that is preferred).

best,
Alex

v2.23.0 | Report a Bug | By Email