IETF Logo Mail Archive

Re: [Doh] Changes for draft-ietf-doh-dns-over-https-03

John Mattsson <john.mattsson@ericsson.com> Tue, 20 March 2018 18:27 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 593B3128896 for <doh@ietfa.amsl.com>; Tue, 20 Mar 2018 11:27:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=fkcjTgFZ; dkim=pass (1024-bit key) header.d=ericsson.com header.b=Uijqry00
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1wuKg4vndtdI for <doh@ietfa.amsl.com>; Tue, 20 Mar 2018 11:27:07 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87707127867 for <doh@ietf.org>; Tue, 20 Mar 2018 11:27:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1521570425; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=0QTpqpj6Ru7vyesKXJaQztzq95xHy5aN1fMNVdtTxgU=; b=fkcjTgFZ77mGUIG95nzpAs5n/II7S5qzN17fTFirP3sw8mT9UthKJ+zmTtNYApdO xmnDgJTuA6c91uOY4wPaHwsQv2GZnv+ACT3edgktpJLLk/ByyIJx1FWdGMsyKb0R ZYBV9kIt+5/fPmORlL4XaRTJcfUNlmANHouhubfFj70=;
X-AuditID: c1b4fb30-ad4c19c00000095a-d6-5ab1527995d4
Received: from ESESSHC023.ericsson.se (Unknown_Domain [153.88.183.87]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id E4.30.02394.97251BA5; Tue, 20 Mar 2018 19:27:05 +0100 (CET)
Received: from ESESSMB501.ericsson.se (153.88.183.162) by ESESSHC023.ericsson.se (153.88.183.87) with Microsoft SMTP Server (TLS) id 14.3.382.0; Tue, 20 Mar 2018 19:27:02 +0100
Received: from ESESBMB504.ericsson.se (153.88.183.171) by ESESSMB501.ericsson.se (153.88.183.162) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.26; Tue, 20 Mar 2018 19:27:02 +0100
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESBMB504.ericsson.se (153.88.183.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1034.26 via Frontend Transport; Tue, 20 Mar 2018 19:27:03 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=0QTpqpj6Ru7vyesKXJaQztzq95xHy5aN1fMNVdtTxgU=; b=Uijqry00OlU7YAK1Mlz4sSuBzVhauROQXE3ppwIeq2sLG04LdUS3NFGuSPW2EtkmM6zcGQs8QaJsPFHzbhmc1IR64wQxfjrk60k0u+luEEOEHjH8JFw/rGY+mdXnkkcj+B2Ct8zWYNBSqc5fmG6TLviOT2rgUHm5ho1wxWe3Obs=
Received: from HE1PR0701MB2011.eurprd07.prod.outlook.com (10.167.189.149) by HE1SPR00MB244.eurprd07.prod.outlook.com (10.171.98.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.609.6; Tue, 20 Mar 2018 18:27:02 +0000
Received: from HE1PR0701MB2011.eurprd07.prod.outlook.com ([fe80::7d80:1860:283c:5ef2]) by HE1PR0701MB2011.eurprd07.prod.outlook.com ([fe80::7d80:1860:283c:5ef2%3]) with mapi id 15.20.0609.009; Tue, 20 Mar 2018 18:27:00 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: "doh@ietf.org" <doh@ietf.org>
Thread-Topic: [Doh] Changes for draft-ietf-doh-dns-over-https-03
Thread-Index: AQHTwHkG1qQ6gzKSr02wCWw32XXQ8g==
Date: Tue, 20 Mar 2018 18:26:58 +0000
Message-ID: <0108299C-2CA0-4E56-B59F-C268A319FACA@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.a.0.180210
authentication-results: spf=none (sender IP is ) smtp.mailfrom=john.mattsson@ericsson.com;
x-originating-ip: [80.5.95.90]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; HE1SPR00MB244; 7:LE0X9k59N2nO81v/cOJvE54wrBCo8OMAY2B6LHavOtRiGg9uEI07fz4jskXiVe+aMNIfTQMS8CSklpCcaq7w210mAgkZW0nW+vDb4g35dGq5L0ET51M6Vjh+1qkwxcqxCZlZDxIgsvVRKk87tR5xn7Vd4PqX9puBjrwPd5wuqwskRUU+bvfCdCqcDaG7K2xMthaJTJX7Mtl88FhE0aB2snKHO49AAhB/xoBpzUmkx/5Y0HpRy9ywmDdCbOSDosoN
x-ms-office365-filtering-correlation-id: b6ab70c8-7b2d-4bcd-bc25-08d58e902ba9
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:HE1SPR00MB244;
x-ms-traffictypediagnostic: HE1SPR00MB244:
x-microsoft-antispam-prvs: <HE1SPR00MB244E98E7B198B7665B77A3B89AB0@HE1SPR00MB244.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231221)(944501313)(52105095)(3002001)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123562045)(6072148)(201708071742011); SRVR:HE1SPR00MB244; BCL:0; PCL:0; RULEID:; SRVR:HE1SPR00MB244;
x-forefront-prvs: 061725F016
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(39380400002)(396003)(346002)(376002)(366004)(199004)(189003)(66066001)(102836004)(8676002)(305945005)(3846002)(6116002)(7736002)(6916009)(5640700003)(33656002)(83716003)(53936002)(68736007)(6246003)(36756003)(86362001)(25786009)(6512007)(316002)(229853002)(3660700001)(58126008)(3280700002)(5660300001)(105586002)(14454004)(2906002)(478600001)(99286004)(6486002)(6506007)(8936002)(97736004)(2351001)(186003)(106356001)(81166006)(6436002)(81156014)(1730700003)(2900100001)(5250100002)(82746002)(2501003)(26005); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1SPR00MB244; H:HE1PR0701MB2011.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: m2b2IJ37qQxUjsbsTkmllk+LY2zy1JRVfO7JUSaMzdTyMAu/Hfq408Bmkp3ES4GzJErhAfdbmCknU3UJvHalap5M1F1EkFHAonojl4QO0bO1AU/A0Nmmvxzhp9Jnqu5sWafQv7kr7TzlGJFee1PUhlJfvXbsF0iywlVtjK3fOQlFH62eRgBgI3xW+PadnmrQkvYtUtDCMeTdmQZoFXWzSm6TL9HWv3LiWXoT3bIogJHguRZbfNgelwy8AA5qmFc6nGWG7GSbXkDS2h957XHdY9xUyXbUF9IEQFQSuoZhfPxC64pnYWa5n1WASFLkjm678LE5BXKENg60GrarA0RLyw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <E04E37FC5ABBDB41AE370EA90521D1A1@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: b6ab70c8-7b2d-4bcd-bc25-08d58e902ba9
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2018 18:26:58.8333 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1SPR00MB244
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupgleLIzCtJLcpLzFFi42KZGbE9XLcyaGOUweo1ShbX7l5kc2D0WLLk J1MAYxSXTUpqTmZZapG+XQJXxpXDv1gK+gQqPjw9wN7AeIO/i5GTQ0LAROLMjvMsXYxcHEIC hxklzm5cwA7hbGGUeDf3CBOE851R4vOB5YwQzlImib6fX8B6WAQ+MUnsvbSUGSIzhUli6ccu qGnPGCWOdK5hBVnDJmAgMXdPA1sXIweHiICixP0LziBhYQF7iQuv1jGC2CICDhKvZ85hg7D1 JN7cnQoWZxFQlbi67jrYGF6g+utNu5lAbEYBMYnvp9aA2cwC4hK3nsxngvhIQGLJnvPMELao xMvH/8B6RYFmNn+6zg7RGyvR2jqdFaJGTuLs00lsELasxKX53WBvSghsYZK4M/M+VJGvxO7V nVCJE0CP3d4EtI0dyNGS6CuDKMmWWL3hINQcH4lLTw+zQ5QvZZbY0vMc6jgZiek901kgEsdZ Jda1b2WewKg/C8kTs4BhxCygKbF+F1TYQ2L59r+MELaixJTuh+yzwGEhKHFy5hOWBYysqxhF i1OLk3LTjYz0Uosyk4uL8/P08lJLNjEC08fBLb8NdjC+fO54iFGAg1GJh9fDemOUEGtiWXFl 7iFGCQ5mJRHeTAWgEG9KYmVValF+fFFpTmrxIUZpDhYlcd6TnrxRQgLpiSWp2ampBalFMFkm Dk6pBsYo7ZOnBPll/sx6V/XmyI1j4tPO/Uibekpz3f/ud4kNk30XKsvMkWxRW+YS4l3dsvFs dub5DVdj7ouvOnRqxl/tHtWjzc8zG8XeWc8Ti2HdI6oXf+mJ7PNf604puDdZxRilu+8533xh +8Wiu9nBdqWPV3ZO9V5pEJG8er+Ucu27fZdusPqyzuZXYinOSDTUYi4qTgQAnOJsphsDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/hmqrWCHmEfg7OADAmfhaR71-4GA>
Subject: Re: [Doh] Changes for draft-ietf-doh-dns-over-https-03
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 18:27:09 -0000

Hi,

Looks good. Some comments:

- Section 1.
"On-path network devices may spoof DNS responses, block DNS requests, or just redirect DNS queries to different DNS servers that give less-than-honest answers."

Could mention more things regarding the "different DNS servers". Suggestion:
"On-path network devices may spoof DNS responses, block DNS requests, or just redirect DNS queries to different DNS servers that may give less-than-honest answers, have large or variable latency, or may simply not support the wanted DNS features."


- Section 2.
The draft should use the updated boilerplate in RFC8174
     "The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
      NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
      "MAY", and "OPTIONAL" in this document are to be interpreted as
      described in BCP 14 [RFC2119] [RFC8174] when, and only when, they
      appear in all capitals, as shown here."


- Section 3.      	
- "clients - whether operating systems or individual applications"

What about home routers?


- Section 5. 
- "potentially encoded with base64url"

Why potentially? Seems like something that need to be standardized. Suggestion: "encoded with base64url"


- Somewhere
I think the draft should mention other benefits at well. Suggestion:
"The use of DOH mitigates DNS amplification attacks and allows for authentication of the DNS API server and authentication/authorization of the DNS API client."

Cheers,
John

v2.23.0 | Report a Bug | By Email