Re: [Doh] A question of trust (was Re: Draft -09 and WGLC #2)

Mateusz Jończyk <mat.jonczyk@o2.pl> Wed, 30 May 2018 15:59 UTC

Return-Path: <mat.jonczyk@o2.pl>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9735112E046 for <doh@ietfa.amsl.com>; Wed, 30 May 2018 08:59:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0XHN87YwDlW for <doh@ietfa.amsl.com>; Wed, 30 May 2018 08:59:26 -0700 (PDT)
Received: from mx-out.tlen.pl (mx-out.tlen.pl [193.222.135.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D35612E86E for <doh@ietf.org>; Wed, 30 May 2018 08:59:26 -0700 (PDT)
Received: (wp-smtpd smtp.tlen.pl 26602 invoked from network); 30 May 2018 17:59:22 +0200
Received: from agkj186.neoplus.adsl.tpnet.pl (HELO [192.168.1.22]) (mat.jonczyk@o2.pl@[217.99.137.186]) (envelope-sender <mat.jonczyk@o2.pl>) by smtp.tlen.pl (WP-SMTPD) with ECDHE-RSA-AES256-GCM-SHA384 encrypted SMTP for <doh@ietf.org>; 30 May 2018 17:59:22 +0200
To: Patrick McManus <pmcmanus@mozilla.com>, DoH WG <doh@ietf.org>
References: <CAHbrMsCxkogJ-fzubf7cPgvbeGAhWUFKV3crrmn4ee6=fDnqwQ@mail.gmail.com> <382ba525100a4561b086fe8b8b6527be@ustx2ex-dag1mb3.msg.corp.akamai.com> <603D7553-D1A9-4DCC-9E74-199059C56A9F@sinodun.com> <1daad94d-99c1-803a-f52c-1dd17adefb7a@o2.pl> <CAOdDvNrpLwF5jpn1YA4-HXsfGxVkdds+xHVd6Bxy0Ux+3nrcrA@mail.gmail.com> <CA9BEE64-9F16-4CCC-A1E0-4C7FD45C455C@icann.org> <20180528161043.GB12038@mx4.yitter.info> <CABkgnnV3kKFCzKLfPf_0WZh95jr2vEt652Rb4EozfqROCVsJdA@mail.gmail.com> <CAOdDvNrPU9WM3WgcX1AVF39D3bGdxCKgPAF_afhfv2Qt0pZR5g@mail.gmail.com> <DB7D40D6-455A-48DD-AB98-DF2CF0866222@sinodun.com> <CAOdDvNopKvs18jQizgyiAQq8UyB4GwdqyXfXPa+25pNrxWg8pA@mail.gmail.com> <CAOdDvNq9A2PsE9c4oW9XEPq8adVSDWSMqWzta4MfMrRktbLNkA@mail.gmail.com>
From: =?UTF-8?Q?Mateusz_Jo=c5=84czyk?= <mat.jonczyk@o2.pl>
Openpgp: preference=signencrypt
Message-ID: <9c437a7f-a109-c9f3-ee14-b4274313563f@o2.pl>
Date: Wed, 30 May 2018 17:59:06 +0200
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <CAOdDvNq9A2PsE9c4oW9XEPq8adVSDWSMqWzta4MfMrRktbLNkA@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2uVL5Ovd9Ig77ze9cyisOHcGRhdQDgkvQ"
X-WP-MailID: b4f37ae718618bca9a5b4eda7479c94c
X-WP-AV: skaner antywirusowy Poczty o2
X-WP-SPAM: NO 0000000 [sXPk]
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/z0SZ734OCm0kt8sHBpVIyf-nEe0>
Subject: Re: [Doh] A question of trust (was Re: Draft -09 and WGLC #2)
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 May 2018 15:59:30 -0000

Hello,

>+A DNS API client MUST NOT use a different URI simply because it was discovered
>+outside of the client's configuration, or because a DNS API server offers an
>+unsolicited response
>+that appears to be a valid answer to a DNS query.

The second part of this sentence is unclear to me. Some people may read it as
prohibiting all Server Pushed messages.
I would reword it as:
	... or simply because some web server offers an unsolicited response
	that appears to be a valid answer to a DNS query.


I think the previous wording in the "Security considerations" section was much
better:
	A client MUST NOT use arbitrary DNS API servers.
	Instead, a client MUST only use DNS
	API servers specified using mechanisms such as explicit configuration.

It only required a rewording of the section "Selection of DNS API server" to
match it.

------------------

By the way, we should clarify the section "Server push". I propose it to read so:

	A DNS API client MUST ignore pushed DNS API requests (see {{RFC7540}}
	Section 8.2) whose pushed request URI is not one that the client
	would have directed the same query to if the client had initiated the
	request.

(which is a modification of the text proposed in
	https://github.com/dohwg/draft-ietf-doh-dns-over-https/pull/185
and suits the comments there).



Greetings,
Mateusz Jończyk



W dniu 30.05.2018 o 04:14, Patrick McManus pisze:
> I've proposed https://github.com/dohwg/draft-ietf-doh-dns-over-https/pull/189
> 
> Mateusz, it also harmonizes with the security considerations a bit.