Re: [Doh] Seeking input on draft-03
Justin Henck <henck@google.com> Fri, 09 February 2018 15:04 UTC
Return-Path: <henck@google.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 351CA129C5D for <doh@ietfa.amsl.com>; Fri, 9 Feb 2018 07:04:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRDYaTgzBKso for <doh@ietfa.amsl.com>; Fri, 9 Feb 2018 07:04:27 -0800 (PST)
Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D28A124205 for <doh@ietf.org>; Fri, 9 Feb 2018 07:04:27 -0800 (PST)
Received: by mail-it0-x22a.google.com with SMTP id 196so10971610iti.5 for <doh@ietf.org>; Fri, 09 Feb 2018 07:04:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=spL7C07Y+asFgrYB4zvzRunrZMk1mmZ9zF/aSx2i2NM=; b=u2sTTj5H73jii+ZIH12wKrjwbsdH+Bt/m307+kqFNQjjXi02MHgL0O4FVjDrIvq7a+ QIPL3jl1ggcIo6cU3dStIT4Glu+OxEX5VvtEYUI8j9D+yxYVfOiNTfr6GySKVbeCsLPT YPmZtAD+kpAP23gMVyhGCk8aHurOKuPvetlQDrY8YzcwvBTl9FNdcJ608sMNYQrBmxHB rjUomlKCecjDSVWoGDw8AV4RRASTJN1a+8PvJOZbz1Q2vICGMYopOV8dV/mUu9lf0Sgq hVq8X4VndaOma2PVIsSXra3d0dJkSvYX49RyvI0ZnPYD0BDGYbTbwNKzGgK/ylf270VI sjcQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=spL7C07Y+asFgrYB4zvzRunrZMk1mmZ9zF/aSx2i2NM=; b=GxceU1+NG3xT08ZBQIyrsfCC0PjoZcOkIwdzRng1ndaevgog9xZPxRf/D02HT7tTej UM3VB4zXdXmaWPdD2DBSCoexV1mUHCzC6sBpMNS6XA8SMbPfS/zZ2DRKbCgwTnwj6gRa UocYgK9TuxbdtajPVucjZH2rAa6ZlynR4prwN4jboAF4ZC4HPE9Tz/AcEhi4mbOYDpqP n+5oyFjj/AFUWiY72WpEz7wQWvtMBv694NQLNlBmu/ypDJSwfn+/IANWaOaehRK2EP1D hr+SmkZ2Xc5IyrLEUAqjzrPURPRck4RD1b6gy0DgsWoJk4MGpPtSiBUOEMOsVP5CZrbp Qf9Q==
X-Gm-Message-State: APf1xPC990wM4w8KC6+k42RoXo/vTjfaK9BfAOsZCVKH316W/ehhmXta x2L6bdUAXdNjOKc80tW/nAgWZMuldBIorcWxV+GAGQ==
X-Google-Smtp-Source: AH8x227uvB4JNbpfGPjMXp744HdN29pHzyzEJeIccSRTGlQzKN9YTxrpyXgs4sIqi2/cw8BAAXAVSQMWE02MCvCeKfs=
X-Received: by 10.36.221.18 with SMTP id t18mr3947923itf.106.1518188666158; Fri, 09 Feb 2018 07:04:26 -0800 (PST)
MIME-Version: 1.0
References: <CAHbrMsDwWvtcZy8fpg9gs3o+gc_umi9okJW6rvv+s4T7K9-sVQ@mail.gmail.com> <5855fc09-0518-7fb0-56b6-07a8667cbf31@cs.tcd.ie> <CAOdDvNqS=cQe2a4bkKO2eGK9wih6gcwmQEhU8XHQcs+yk-W7ug@mail.gmail.com> <7f5075cc-60c3-adb1-54b1-dccb8ba13240@cs.tcd.ie>
In-Reply-To: <7f5075cc-60c3-adb1-54b1-dccb8ba13240@cs.tcd.ie>
From: Justin Henck <henck@google.com>
Date: Fri, 09 Feb 2018 15:04:14 +0000
Message-ID: <CAN-AkJuJKB9pFCwk-J08Rm-5j5K+nmC1=ZLmLpa1zwvGCu+RHw@mail.gmail.com>
To: stephen.farrell@cs.tcd.ie
Cc: pmcmanus@mozilla.com, Ben Schwartz <bemasc@google.com>, doh@ietf.org
Content-Type: multipart/alternative; boundary="001a1144e30a26a0100564c8d845"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/zHvyq1294XKEthwhCLQgabNvblE>
Subject: Re: [Doh] Seeking input on draft-03
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2018 15:04:30 -0000
I can still see a lot of use cases for allowing discovery with just the origin, and think it's an important feature to allow both performance enhancements and drive user adoption: - Without the need for additional standards, a client on an HTTP/2 connection could discover a DNS resolver on that origin and use it for all queries related to content on that origin - If the certificate frame is adopted, a client could make DNS queries to all open connections, to see if they host an origin (preventing round-robin DNS from messing up multiplexing) - People can configure a bootstrapping-free DNS server with fewer variables (IP + origin) - People can survey DNS servers, even if the dns endpoint itself is access-restricted. This would allow us to track adoption, and though it could be used to block servers it could also be used to find ones returning non-canonical results. It may be that .well-known/dns metadata would solve many of these purposes by being optional, or by only being required to point to at least one instance; that would account for the desire to host multiple resolvers. On Fri, Feb 9, 2018 at 4:24 AM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Thanks Patrick, > > On 08/02/18 20:24, Patrick McManus wrote: > > WRT the removal of .wk: > > > > * its previous presence had never been meant as a discovery mechanism of > > the form "I know a hostname, therefore I know the URL". origin is a > > security primitive for http, but its not an addressing primitive for http > > services such as a DoH endpoint.. indeed the DoH server might sensibly > wish > > to offer multiple URIs on the same host (in the same way some free dns > > Fair point. > > > providers make a variety of resolution policies available with different > IP > > addresses). The configuration primitive for a DoH server is the URI - > not > > origin. > > > > * I had originally included .wk as a bit of future proofing for a use > case > > not part of the DoH charter (not to enable it, but being sure not to > > preclude it at a later time). I have been convinced that .wk is not > > necessary for that - and so it was removed from the draft. I regret that > > these two things were confused by readers of <= -02 due to my own > > composition skills (or lack thereof). > > > > As to Stephen's query - this was both discussed f2f in singapore and > > https://github.com/dohwg/draft-ietf-doh-dns-over-https/issues/24 . Of > > I read that and it's overall convincing enough for me. > > I do also wonder about the point raised there about doing surveys of > doh deployments - as one poster (willscott) said though, I'm not sure > if I think enabling that is a good thing or not. (The downside being > that censors discover deployments too.) I'd not argue that's reason > enough to retain well-known in the draft. > > Cheers, > S. > > > course there hasn't been consensus declared on the issue - the editors > are > > just trying to make the newer drafts as closely aligned with the group's > > discussion as we can manage as part of the proces> -P > > > > > > On Thu, Feb 8, 2018 at 2:56 PM, Stephen Farrell < > stephen.farrell@cs.tcd.ie> > > wrote: > > > >> > >> > >> On 08/02/18 18:05, Ben Schwartz wrote: > >>> > >>> One important difference is that draft-03 no longer proposes a > >>> ".well-known" entry. In draft-02 and prior, clients could check for > the > >>> presence of a DOH service at the default path, given only the domain > name > >>> of a server. In draft-03, there is no default path, so clients must be > >>> configured with the full URL of the DOH endpoint. > >> > >> Apologies if I'm forgetting a thread where this was discussed, > >> but what's the reason for dropping .well-known? (If there is a > >> thread, a pointer to that is a sufficient answer.) > >> > >> Thanks, > >> S. > >> > >> -- > >> PGP key change time for me. > >> New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018. > >> NewWithOld sigs in keyservers. > >> Sorry if that mucks something up;-) > >> > >> _______________________________________________ > >> Doh mailing list > >> Doh@ietf.org > >> https://www.ietf.org/mailman/listinfo/doh > >> > >> > > > > -- > PGP key change time for me. > New-ID 7B172BEA; old-ID 805F8DA2 expires Jan 24 2018. > NewWithOld sigs in keyservers. > Sorry if that mucks something up;-) > _______________________________________________ > Doh mailing list > Doh@ietf.org > https://www.ietf.org/mailman/listinfo/doh >
- [Doh] Seeking input on draft-03 Ben Schwartz
- Re: [Doh] Seeking input on draft-03 Mike Bishop
- Re: [Doh] [Ext] Seeking input on draft-03 Paul Hoffman
- Re: [Doh] Seeking input on draft-03 Ben Schwartz
- Re: [Doh] Seeking input on draft-03 Justin Henck
- Re: [Doh] Seeking input on draft-03 Erik Kline
- Re: [Doh] Seeking input on draft-03 Justin Henck
- Re: [Doh] Seeking input on draft-03 manu tman
- Re: [Doh] Seeking input on draft-03 Hewitt, Rory
- Re: [Doh] Seeking input on draft-03 Justin Henck
- Re: [Doh] Seeking input on draft-03 Stephen Farrell
- Re: [Doh] Seeking input on draft-03 Patrick McManus
- Re: [Doh] Seeking input on draft-03 manu tman
- Re: [Doh] Seeking input on draft-03 Justin Henck
- Re: [Doh] Seeking input on draft-03 Stephen Farrell
- Re: [Doh] Seeking input on draft-03 Justin Henck