[Doh] DoH client-server interoperability vs. strict HTTP parameter checking
Christoph <cm@appliedprivacy.net> Sat, 01 June 2019 12:36 UTC
Return-Path: <cm@appliedprivacy.net>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F8851202CE for <doh@ietfa.amsl.com>; Sat, 1 Jun 2019 05:36:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=appliedprivacy.net header.b=O4LmgajC; dkim=pass (2048-bit key) header.d=appliedprivacy.net header.b=PoMjASXZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rm4yiMQbYcF4 for <doh@ietfa.amsl.com>; Sat, 1 Jun 2019 05:36:26 -0700 (PDT)
Received: from mx1.mailbox.org (mx1.mailbox.org [IPv6:2001:67c:2050:104:0:1:25:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D74912007C for <doh@ietf.org>; Sat, 1 Jun 2019 05:36:24 -0700 (PDT)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 01F734F22C for <doh@ietf.org>; Sat, 1 Jun 2019 14:36:21 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= appliedprivacy.net; h=content-transfer-encoding:content-language :content-type:content-type:mime-version:date:date:message-id :subject:subject:from:from:received; s=v20171117; t=1559392570; bh=tfEkuTbeCyyDWxJ77bc4lodWEvPsctyQY/gfmx1NHRY=; b=O4LmgajCuczA q1cYB5TWNoTLk7nMK5DIdwRyTHU6dC+Ombr7mwxBwmcRKN1PEuR3Y9D6ZMm56Yc0 Ov8D9B98eVSquXkVZH9oj9CudFQrEH7r+rDKAal6Q4lsxC9Ce7r95wryA5ujTKXS PqzQWZ5QqXGieaLhhdBxzMC2LiOpcURQeW0Zn+9NxTKih2sUSQDjWxCggSN2F70h 12IvzdF1WLYRemCS01YdPCdTXxm1VI4QcZ0dXziM9uEIyP16EpLAF6nHvGGs8hYY MOn3D+043I7bvyhPMhmMg6SoglavhX9Cs35lSnUClqfnrTfF6PuQ8l9JAEyBUjtp vKQpZ56jcw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=appliedprivacy.net; s=v20171117; t=1559392581; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=tfEkuTbeCyyDWxJ77bc4lodWEvPsctyQY/gfmx1NHRY=; b=PoMjASXZskIC7VCBFb7p6ysbse9Ul0yH77ZCEzUz9wZEpzCLNMIlDDt6N6Z6vFWv/1SnE0 MuNNJMMX3KQT858KK9W3uKM2h8KIWSy1fd+Ix3R+eV2SIw9bDm9ah+U4gxhW75xSw5XOsy kNFbOjT4wRVC3cwiJrcGpZPr8QltzpsgWtvKR55iUP5srVpUj65ZQ6SvXlhlSDgeREZIwo BfHJdOSovWgp2iIIS44r2e3pUGYLdzPPU6+zJf8XfN8RzG0m+QUcIzYmWuzHH1AQ+U581t duAkD0JmgtAKPHKPR+ZTscuJwBti/bqDzol3l4WtEBfpyHhGMyUHI0M9NFdyRw==
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter06.heinlein-hosting.de (spamfilter06.heinlein-hosting.de [80.241.56.125]) (amavisd-new, port 10030) with ESMTP id y4tnMIrFpHYe for <doh@ietf.org>; Sat, 1 Jun 2019 14:36:10 +0200 (CEST)
To: doh@ietf.org
From: Christoph <cm@appliedprivacy.net>
Message-ID: <770d0bf0-0a93-4d9a-4cb1-1f1e44c584aa@appliedprivacy.net>
Date: Sat, 01 Jun 2019 12:36:00 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/naLd8rVW1HWmghlCs6qmtNq-5RE>
Subject: [Doh] DoH client-server interoperability vs. strict HTTP parameter checking
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Jun 2019 12:36:28 -0000
Hello, we run a public DoH service and while running and comparing different DoH server implementations in practice we noticed that some have a higher error rate than others. The error rate was measured by looking at the fraction of each HTTP response code. It turned out that those server implementations with a higher error rate just do stricter HTTP parameter checking. Not necessarily the content of the parameter but the list of parameters contained in the request. The result is that some DoH clients are not compatible with some DoH servers. The error condition is caused by DoH clients that have additional HTTP parameters in the request that is not specified in section 4.1 of RFC8484 in combination with DoH server implementations that enforce the absence of any additional parameters. To increase interoperability we reached out to (some) affected DoH client and server vendors but we would also like to hear opinions from this WG. Should DoH servers reject requests with a '400 Bad Request' response when the request contains HTTP parameters not defined in RFC8484 or should DoH servers be less strict and simply ignore additional HTTP parameters and proceed with processing the relevant HTTP parameters required to provide an answer? thanks, Christoph
- [Doh] DoH client-server interoperability vs. stri… Christoph
- Re: [Doh] [Ext] DoH client-server interoperabilit… Paul Hoffman
- Re: [Doh] [Ext] DoH client-server interoperabilit… Mark Delany
- Re: [Doh] [Ext] DoH client-server interoperabilit… Christoph
- Re: [Doh] DoH client-server interoperability vs. … Patrick McManus
- Re: [Doh] [Ext] DoH client-server interoperabilit… bert hubert
- Re: [Doh] [Ext] DoH client-server interoperabilit… Mark Delany
- Re: [Doh] [Ext] DoH client-server interoperabilit… Joe Abley
- [Doh] signalling client expectations and server c… Jim Reid
- Re: [Doh] signalling client expectations and serv… Mark Delany
- Re: [Doh] DoH client-server interoperability vs. … Vladimír Čunát
- Re: [Doh] DoH client-server interoperability vs. … Joe Abley
- Re: [Doh] DoH client-server interoperability vs. … Patrick McManus