Re: [Doh] [Ext] Review of draft-ietf-doh-dns-over-https-04

Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com> Sun, 25 March 2018 20:18 UTC

Return-Path: <alex.mayrhofer.ietf@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 664D9129515 for <doh@ietfa.amsl.com>; Sun, 25 Mar 2018 13:18:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ERoLAMwcyUyF for <doh@ietfa.amsl.com>; Sun, 25 Mar 2018 13:18:41 -0700 (PDT)
Received: from mail-ot0-x233.google.com (mail-ot0-x233.google.com [IPv6:2607:f8b0:4003:c0f::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DB22128C0A for <doh@ietf.org>; Sun, 25 Mar 2018 13:18:41 -0700 (PDT)
Received: by mail-ot0-x233.google.com with SMTP id r30-v6so18489833otr.2 for <doh@ietf.org>; Sun, 25 Mar 2018 13:18:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xoVawogxP6XgxZGpQoI0veIZ2wK1nG4+KN9rbxd+WFA=; b=RcAA1xFimHbFG+yjS5KSDTTRM15YYNZxEX2QRxDvDw+sQFBN35WxPsDJQ1cdALDDh+ 5lkSvpEh+OlPSC7tkp//JG+skGr1zG9YJyzjcYjJDsw6WjyRRk+Y9vjHf0Pl5MFhVjYW bVgqBHc6kO4mVAXItJ6BmRWTnhKdhiMRtEKsNVWdcJgC1v+BQ4NzhZo5yWq/ysm2Qz8s uTa3pkyC6ZCa36abMdk7FQUlTbSUj8f6WZIE6X1pcYFBMQKTIFjafxz/o+07QzIq+LVV rNgORdpuL0Uan+ahhpIXnRUgaPLxvoRniinYcs1IODmS42lKTEQwrLGbef51+HY3Kovr P7rQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xoVawogxP6XgxZGpQoI0veIZ2wK1nG4+KN9rbxd+WFA=; b=g1Ebw1CrLnic31x8CpyvfEgacgqCMY7PN3Z+5va4sQu+2omB0E9nvN6z/5mnuGSKYd PyaWMLMfCMJ2CNYgbqN0m2HKTATMuWSPJZhwkJjkZTI6MJQ9aUR3vAx/0rr0NWf6ed9z Av3UwaS7m4JuFMzAwMReuD0IhkxRttpX74xc2UmtnOUGtXPdxv78MAlaMl2iJIY5kFua fYYPV9nz125z+SUmbEudkUcHVY7TPfLSDL6lWU7YAjFnm4X7dWdGCjpV8etcuf9+pSUE FrwYd92qV/y2eDdFW6yfsiz4snvVWfmblcmFV0L5sbbbode7ZZn+LA+c3hgJsJ62X7iW K9Bw==
X-Gm-Message-State: AElRT7H2pYObrCE8ZZwFt9Y2mOlVjFgC8Q5ET+Q8LQgOmhlpVoOO1fEP hLYRS9vpXJEW6+xHExYR9MMmfZuqfRTRsKiGKn4=
X-Google-Smtp-Source: AIpwx4/0g3oIZNJjxPYyUM2729rZFKB9Lk9zQoRdMef+uBLqGY6bWdHnfhz2OUqgdYos6i3ESGFK7Bd7veUOz0pJOuA=
X-Received: by 2002:a9d:57c4:: with SMTP id q4-v6mr3421434oti.47.1522009120847; Sun, 25 Mar 2018 13:18:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.155.70 with HTTP; Sun, 25 Mar 2018 13:18:40 -0700 (PDT)
In-Reply-To: <715DB690-12D4-474C-8D60-FA03E6E9CA19@icann.org>
References: <CAHXf=0rUnVT1jLyaeb4GSdVtUsC1uz5oKoVgyY1Xy1M64YwPXg@mail.gmail.com> <715DB690-12D4-474C-8D60-FA03E6E9CA19@icann.org>
From: Alexander Mayrhofer <alex.mayrhofer.ietf@gmail.com>
Date: Sun, 25 Mar 2018 21:18:40 +0100
Message-ID: <CAHXf=0ocoE2xvE5AAAJLs4uQYogVQxX98Yh1-2U2ygyxgg5vUQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: "doh@ietf.org" <doh@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/kkHGZpsYQlqSmXZQTHw8OGbQUB4>
Subject: Re: [Doh] [Ext] Review of draft-ietf-doh-dns-over-https-04
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Mar 2018 20:18:43 -0000

On Sun, Mar 25, 2018 at 5:30 PM, Paul Hoffman <paul.hoffman@icann.org> wrote:
>> - Section 5, expiration: I think this should be reworded to be more
>> concise, i do suggest the following text:
>>
>> The HTTP response freshness
>>   lifetime ([RFC7234] Section 4.2) should SHOULD be set to expire at
>>   the same time the first of the DNS resource record sets in the Answer section
>>   reach a 0 TTL, and MUST NOT be greater
>>   than that indicated by the DNS resource record set with the smallest TTL
>>   in the DNS response.
>>
>> (does the MUST NOT consider additional sections as well, or just the
>> answer section - clarification needed..)
>
> Your proposed text talks about the first RRset in the Answer section. Why? If there are multiple RRsets with different TTLs, shouldn't the HTTP expiration be based on the shortest of them, not just the first?

It was meant to be a temporal, not spatial "first" ("first .. to reach
a 0 TTL") - so we mean the same thing (I believe "first" was already
in the text, but there was a third clause in that sentence that
confused me).

Anyways - the gist is, it should be set so that the HTTP response
freshness lifetime expires before any of the DNS RRsets expire.

>> Same for the remaining freshness text - all sections, or just "answer" section?
>
> I used the Answer section because it is the one that is likely to be put into a cache. The data from the other sections might be used by the recursive, but are unlikely to be put in the cache because of the anti-poisoning rules.

Understood!

Alex