Re: [Doh] [Ext] Does the HTTP freshness lifetime need to match the TTL?
Tony Finch <dot@dotat.at> Tue, 08 May 2018 11:36 UTC
Return-Path: <dot@dotat.at>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C0E912DA21 for <doh@ietfa.amsl.com>; Tue, 8 May 2018 04:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iAPkL8mw5TrN for <doh@ietfa.amsl.com>; Tue, 8 May 2018 04:36:02 -0700 (PDT)
Received: from ppsw-40.csi.cam.ac.uk (ppsw-40.csi.cam.ac.uk [131.111.8.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CB0612D94F for <doh@ietf.org>; Tue, 8 May 2018 04:36:02 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:36294) by ppsw-40.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.138]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1fG0uT-000Cug-kf (Exim 4.89_2) (return-path <dot@dotat.at>); Tue, 08 May 2018 12:35:57 +0100
Date: Tue, 08 May 2018 12:35:57 +0100
From: Tony Finch <dot@dotat.at>
To: Mark Nottingham <mnot@mnot.net>, Miek Gieben <miek@miek.nl>
cc: Paul Hoffman <paul.hoffman@icann.org>, DoH WG <doh@ietf.org>
In-Reply-To: <20180508094545.itl6cvpsekzrpxs4@miek.nl>
Message-ID: <alpine.DEB.2.11.1805081229550.1809@grey.csi.cam.ac.uk>
References: <15A1809C-2CA3-4A3B-A5B1-279227C30223@icann.org> <3E34581E-E2DC-48B7-A4AD-6B9FDA418179@icann.org> <31900328-8813-47D3-9F89-0B863CE673B3@mnot.net> <20180508094545.itl6cvpsekzrpxs4@miek.nl>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/tCDnaYbzEiS8w69zSruqzScr9ME>
Subject: Re: [Doh] [Ext] Does the HTTP freshness lifetime need to match the TTL?
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2018 11:36:04 -0000
Miek Gieben <miek@miek.nl> wrote: > [ Quoting <mnot@mnot.net> in "Re: [Doh] [Ext] Does the HTTP fresh..." ] > > > > Cache Interaction {#caching} > > I like this text, but is the working-group OK with *not* mentioning DNSSEC? > > If you only look a the TTL and not the inception and expiry dates of RRSIGs > you can easily serve BAD data. Mark's suggestion is pretty comprehensive in other areas, so I think it ought to mention RRSIG expiry dates. (The upstream DNS server should have fixed up the TTLs, but if you're going through the DNS packet to work out an expiry time you might as well do it properly.) The other possible addition is a reference to draft-ietf-dnsop-serve-stale alongside the HTTP staleness considerations. But serve-stale is still a draft and you probably don't want to make DoH wait for it. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Biscay: Northwesterly 4 or 5, occasionally 6 at first in northeast, becoming variable 4 later. Moderate, becoming rough in west. Occasional drizzle. Moderate or good, occasionally poor.
- [Doh] Does the HTTP freshness lifetime need to ma… Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Mark Nottingham
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Miek Gieben
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Tony Finch
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Patrick McManus
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Mark Nottingham
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Patrick McManus
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Ben Schwartz
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Ted Hardie
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Martin Thomson
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Mark Nottingham
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Tony Finch
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Paul Hoffman
- Re: [Doh] [Ext] Does the HTTP freshness lifetime … Tony Finch