Re: [Doh] [Technical Errata Reported] RFC8484 (6033)
Barry Leiba <barryleiba@computer.org> Mon, 30 March 2020 16:33 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A09513A1859 for <doh@ietfa.amsl.com>; Mon, 30 Mar 2020 09:33:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.252
X-Spam-Level:
X-Spam-Status: No, score=0.252 tagged_above=-999 required=5 tests=[FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xWYvJ429jtE for <doh@ietfa.amsl.com>; Mon, 30 Mar 2020 09:32:59 -0700 (PDT)
Received: from mail-io1-f46.google.com (mail-io1-f46.google.com [209.85.166.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 295693A184F for <doh@ietf.org>; Mon, 30 Mar 2020 09:32:59 -0700 (PDT)
Received: by mail-io1-f46.google.com with SMTP id y14so1313641iol.12 for <doh@ietf.org>; Mon, 30 Mar 2020 09:32:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yagB2BiF1O2ztjdOB2L2RPE4vj4FKlCiKAlU5dNtlx0=; b=YDKUffCjQy6qr3G01ZIeZkQ1AhUcFcUDD1+GECzpdkEDu6HT80IIms0Aaah1M+8U8J g2L5bl+HlLdXLgsead19yaE4ovs1y7w+QE2gTxQytnPvxej26lt99N5eW0F3RK+2m7Yk utFrLNGIXp+oP+A2bUJcabO1x9MjdmJ2N73KbrLXXylh+6ZNtyZV60EDGr5+WDd9xY1h 9ufrPHnOwX/Wq3pkwxqXlFXxgQd2Fg/bDQWgiy9sFBIVEzeBEnHaTQuquAanwescBP+w D0pNiD5pfycr2yiifT/nb0Ue/eWE3zCw30tgQ9EEGbSmnNVUJ0rHapbgV8Gnj6kryxhi UVYw==
X-Gm-Message-State: ANhLgQ0EZfyddlbZWBNQVm/ye6ZrnEhCJ4RLLsKyKC9bj+3JUGf9mZEF 4yN4s/q6p8pr9ljcV3pjYCQ0oscQzBoUFZiFkVYG7x7/oFA=
X-Google-Smtp-Source: ADFU+vswf0DKMaNYB0AhLwHgA3jIwH1or/g1a6TbIjTAi9qAPmmvqKTwr4enI0V9XjNlT6omNF5+jY8K0sMueoTtZ1M=
X-Received: by 2002:a5d:80d6:: with SMTP id h22mr11247503ior.177.1585585978174; Mon, 30 Mar 2020 09:32:58 -0700 (PDT)
MIME-Version: 1.0
References: <20200330155304.45AD8F4074B@rfc-editor.org>
In-Reply-To: <20200330155304.45AD8F4074B@rfc-editor.org>
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 30 Mar 2020 12:32:47 -0400
Message-ID: <CALaySJJ3dAEebgyz==PoSqnhSzFiHcxh0kmynRYBcD6Vjvm+6w@mail.gmail.com>
To: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: Paul Hoffman <paul.hoffman@icann.org>, Patrick McManus <mcmanus@ducksong.com>, Murray Kucherawy <superuser@gmail.com>, Ben Schwartz <bemasc@google.com>, Dave Lawrence <tale@dd.org>, mohamed.boucaadir@orange.com, doh@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/jdM8Y0QG_XvjeYE68p0YqzEypTI>
Subject: Re: [Doh] [Technical Errata Reported] RFC8484 (6033)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Mar 2020 16:33:01 -0000
The proposed change substantively changes the text and cannot be approved through an errata report. My inclination is "Rejected", as I do believe the text says what it's intended to say (so it's not an erratum), but I could be convinced that "held for document update" is better if the document editors weigh in. In particular: > Forbidding discovery of URI outside the configuration contradicts the above excerpt. The text is as such incorrect. > > (6) Also, I suggest to remove "simply" from the text. Not sure what message is supposed to convey. "Simply" is critical, and addresses your line above. Consider: A DoH client MUST NOT use a different URI that was discovered outside of the client's configuration That's your substitution, and *that* forbids discovery outside the configuration. But with "simply", as written, it says that there must be another reason for using a different URI. It can discover the URI from outside the configuration, but that can't be the only reason for using it. That discovery has to be augmented by some other knowledge. Barry On Mon, Mar 30, 2020 at 11:53 AM RFC Errata System <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for RFC8484, > "DNS Queries over HTTPS (DoH)". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6033 > > -------------------------------------- > Type: Technical > Reported by: Mohamed Boucadair <mohamed.boucaadir@orange.com> > > Section: 3 > > Original Text > ------------- > A DoH client MUST NOT use a different URI simply because it was > discovered outside of the client's configuration (such as through > HTTP/2 server push) or because a server offers an unsolicited > response that appears to be a valid answer to a DNS query. > > Corrected Text > -------------- > A DoH client MUST NOT use a different URI that was discovered outside > of the client's configuration (except via HTTP redirection discussed > in Section 6.4 of [RFC7231]). Also, the DoH client MUST ignore an > unsolicited response (such as through HTTP/2 server push) that > appears to be a valid answer to a DNS query unless that response > comes from a configured URI (as described in Section 5.3). > > Notes > ----- > (1) The intent of this text is confusing. > > (2) I checked the mailing list and found that the text was updated late in the publication process to address this comment: https://mailarchive.ietf.org/arch/msg/doh/f_V-tBgB-KRsLZhttx9tGt75cps/. > > (3) The example provided in the thread (server push) is related to the second part of the OLD text. It is mistakenly attached to the first part. > > (4) The push example may be interpreted as if server push is disallowed. This is conflicting with Section 5.3. > > Hence, this change: > > Also, the DoH client MUST ignore an > unsolicited response (such as through HTTP/2 server push) that > appears to be a valid answer to a DNS query ** unless that response > comes from a configured URI (as described in Section 5.3) **. > > (5) An intuitive way to discover the URI outside the configuration is redirection. RFC8484 indicates clearly the following: > > The described approach is more than a tunnel over HTTP. It > establishes default media formatting types for requests and responses > but uses normal HTTP content negotiation mechanisms for selecting > alternatives that endpoints may prefer in anticipation of serving new > use cases. In addition to this media type negotiation, it ** aligns > itself with HTTP features ** such as caching, **redirection**, proxying, > authentication, and compression. > > Forbidding discovery of URI outside the configuration contradicts the above excerpt. The text is as such incorrect. > > (6) Also, I suggest to remove "simply" from the text. Not sure what message is supposed to convey. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If necessary, please > use "Reply All" to discuss whether it should be verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, if necessary. > > -------------------------------------- > RFC8484 (draft-ietf-doh-dns-over-https-14) > -------------------------------------- > Title : DNS Queries over HTTPS (DoH) > Publication Date : October 2018 > Author(s) : P. Hoffman, P. McManus > Category : PROPOSED STANDARD > Source : DNS Over HTTPS > Area : Applications and Real-Time > Stream : IETF > Verifying Party : IESG
- [Doh] [Technical Errata Reported] RFC8484 (6033) RFC Errata System
- Re: [Doh] [Technical Errata Reported] RFC8484 (60… Barry Leiba
- Re: [Doh] [Technical Errata Reported] RFC8484 (60… Barry Leiba
- Re: [Doh] [Technical Errata Reported] RFC8484 (60… Barry Leiba
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Paul Hoffman
- Re: [Doh] [Technical Errata Reported] RFC8484 (60… mohamed.boucadair
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… mohamed.boucadair
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Barry Leiba
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Paul Hoffman
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… mohamed.boucadair
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Ben Schwartz
- Re: [Doh] [Ext] [Technical Errata Reported] RFC84… Patrick McManus