Re: [Doh] Mirja Kühlewind's No Objection on draft-ietf-doh-dns-over-https-13: (with COMMENT)
Patrick McManus <pmcmanus@mozilla.com> Mon, 13 August 2018 17:06 UTC
Return-Path: <pmcmanus@mozilla.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8004E130FA3; Mon, 13 Aug 2018 10:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oHU4Mc9Dk86g; Mon, 13 Aug 2018 10:06:43 -0700 (PDT)
Received: from linode64.ducksong.com (www.ducksong.com [192.155.95.102]) by ietfa.amsl.com (Postfix) with ESMTP id 22C56130FBA; Mon, 13 Aug 2018 10:06:40 -0700 (PDT)
Received: from mail-oi0-f47.google.com (mail-oi0-f47.google.com [209.85.218.47]) by linode64.ducksong.com (Postfix) with ESMTPSA id 51DB23A024; Mon, 13 Aug 2018 13:06:39 -0400 (EDT)
Received: by mail-oi0-f47.google.com with SMTP id q11-v6so28486050oic.12; Mon, 13 Aug 2018 10:06:39 -0700 (PDT)
X-Gm-Message-State: AOUpUlF0UT8EnPHUUhj5X0Ui6RjORxq70JbqwcxVsbEFU8lFB2CJXdj4 M8WmcfaL0jvlf55NbAcsNuy+ZzqY52HevNs5lEE=
X-Google-Smtp-Source: AA+uWPxJ4669kGecsfomuBYZ48CSPkiEWlcpVpmIOLkcRRGQw4KQablZf1u+UnXx1yBoqu+n2lH++fhgf8EYn7C6Jng=
X-Received: by 2002:aca:5f0a:: with SMTP id t10-v6mr17718429oib.337.1534179999021; Mon, 13 Aug 2018 10:06:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4a:8a22:0:0:0:0:0 with HTTP; Mon, 13 Aug 2018 10:06:38 -0700 (PDT)
In-Reply-To: <153417233866.25070.3751592720564238859.idtracker@ietfa.amsl.com>
References: <153417233866.25070.3751592720564238859.idtracker@ietfa.amsl.com>
From: Patrick McManus <pmcmanus@mozilla.com>
Date: Mon, 13 Aug 2018 13:06:38 -0400
X-Gmail-Original-Message-ID: <CAOdDvNoqVxETNz4JxgrcZSRZ-Tb2+oQPcOCjjS3gH4z+YHcptQ@mail.gmail.com>
Message-ID: <CAOdDvNoqVxETNz4JxgrcZSRZ-Tb2+oQPcOCjjS3gH4z+YHcptQ@mail.gmail.com>
To: Mirja Kühlewind <ietf@kuehlewind.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-doh-dns-over-https@ietf.org, Benjamin Schwartz <bemasc@google.com>, doh-chairs@ietf.org, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dd027b0573541d60"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/ru0iGIGb_IJ3bYEjvJiOGTHW3LU>
Subject: Re: [Doh] Mirja Kühlewind's No Objection on draft-ietf-doh-dns-over-https-13: (with COMMENT)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2018 17:06:45 -0000
Thanks Mirja. On Mon, Aug 13, 2018 at 10:58 AM, Mirja Kühlewind <ietf@kuehlewind.net> wrote: > > One question: > In case DoH doesn't work for some reason, is this supposed to fallback to > DNS > over TLS? I guess if the selected host name would allow detection of DNS > and > SNI is used, it wouldn't be too hard to block DoH requests....? Is that a > concern? > > DoH doesn't proscribe any particular path to choosing servers and protocols (even for choosing the DoH server) - each protocol has different properties and particular servers might have properties only the configurer can understand (e.g. trust in the service, not just authentication) in the context of the endpoints it knows about. So whether fallback is suitable is something DoH can only really comment on by describing its properties (encrypted and authenticated transport). There is no expectation that the same server run DNS service using more than one protocol (i.e. there is no expectation that you use the same host and ratchet down from doh, to dot, to plaintext tcp, to dns.) > Also one smallish comment: > As already brought up in the TSV-ART review (Thanks Ferando!) I would > recommend > to further clarify this sentence in section 5.1: "Using the GET method is > friendlier to many HTTP cache implementations." What does "friendlier" > mean...? > Or at least maybe provide a forward reference to sec 6.1 roughly it means more likely to work for a variety of reasons.. I'm not sure delving into those reasons really is helpful to the DoH reader - the important property is that HTTP caching works-well with GET and not-so-well with POST. Is friendly a bad word for that? its commonly used in the http and application space around caching afaict. -P
- [Doh] Mirja Kühlewind's No Objection on draft-iet… Mirja Kühlewind
- Re: [Doh] Mirja Kühlewind's No Objection on draft… Patrick McManus
- Re: [Doh] Mirja Kühlewind's No Objection on draft… Rene 'Renne' Bartsch, B.Sc. Informatics
- Re: [Doh] Mirja Kühlewind's No Objection on draft… Star Brilliant
- Re: [Doh] Mirja Kühlewind's No Objection on draft… Mirja Kuehlewind (IETF)