IETF Logo Mail Archive

Re: [Gen-art] Genart telechat review of draft-ietf-dnsop-session-signal-11

Ted Lemon <mellon@fugue.com> Tue, 10 July 2018 01:08 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58F10130DE9 for <gen-art@ietfa.amsl.com>; Mon, 9 Jul 2018 18:08:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40alJqpw-y1I for <gen-art@ietfa.amsl.com>; Mon, 9 Jul 2018 18:08:04 -0700 (PDT)
Received: from mail-qt0-x232.google.com (mail-qt0-x232.google.com [IPv6:2607:f8b0:400d:c0d::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C495130ECE for <gen-art@ietf.org>; Mon, 9 Jul 2018 18:08:01 -0700 (PDT)
Received: by mail-qt0-x232.google.com with SMTP id z8-v6so8519595qto.9 for <gen-art@ietf.org>; Mon, 09 Jul 2018 18:08:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=yCkZWI4TvFduznf3J94Ncv5uXYFdOecXjQL2kcU7gWk=; b=FxQQCO7oIYLOaHXd/n6l0HK/tk6YS6cP78Tt7LfngqL29PN1JtpYjzq1Bf4D3boBE7 pmYjjgcBsOkmpxDEyI90qUNf9EwQyVmkrvSv2bjZbV6PCNGp7YI/5w5RrUxfkaJU/BKE DKog8GSgUbF46roPoHuYTA8nuY8dcYVE1LRIYR/FzYAGVNUubdO5MEGOVVPvoKCk/4PF 0RjfKTcvIWwGe/MCBOS2E23Zg6es3nQcMPRNNSyvp9lgjgbTmVi+bVLjFqp5UzjOLxay lWdDHIsfBIs1TFCILPohlMCQUT1lbGi8XanRiXFAMGioA+KXip/IDMLE2DSZJIwg7RY0 W0CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=yCkZWI4TvFduznf3J94Ncv5uXYFdOecXjQL2kcU7gWk=; b=dbrhXHZ/FImwWp9szUZ8UgOvAqs5yBaQUXFJ8/Y97ZPpFkVmj9RJ5uIauIKplRqytu lkQPc0q0PBCkvjpJakELFU5VEO1hky2o29aLb1EaOWYgWEfJSToA7XgAYB/pXl0nM8jW 2+xkpiSGP44fN3hn2Qu6F7vg/mtLFzu5FozeheOl3FMl0FplxGivwYASUMDqZ4fgdKQz GcEJOxtW/JdLDI+zBZuHkV5Bzzct4+QCHqgaifx0P9FPMM4GRQeX5Eo5kWueUCEpMHbI uDLZlw9jrIapH0QWqoeGl4aGh4SD8SddSdereb+sGcv1NXRGCqCpbxprj8qSCDKSWDgX 0pMA==
X-Gm-Message-State: APt69E3o2CET/At8FnaQxQC36dXqYvg7IQt++8izZkbrpEYJgNzcHbSD 2zR62kKTAm/Hi9v/SrQgMkeI6f+pItc=
X-Google-Smtp-Source: AAOMgpdQpayHKI7hQyQnpUMFnsH/nVmYY09e7CMLtbzk2Hv5Gg6PeVPehc9fTIuiWtwh7aOtD23QLw==
X-Received: by 2002:aed:37e6:: with SMTP id j93-v6mr21332222qtb.13.1531184880513; Mon, 09 Jul 2018 18:08:00 -0700 (PDT)
Received: from [10.0.100.12] (c-24-60-163-103.hsd1.ma.comcast.net. [24.60.163.103]) by smtp.gmail.com with ESMTPSA id v56-v6sm13613721qtv.50.2018.07.09.18.07.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Jul 2018 18:07:59 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <EA3E9899-9714-44D1-B656-3521F5AA6FFB@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AD7B399E-E9AD-4C1A-A3A6-D3BA2A1B2DB7"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.15\))
Date: Mon, 09 Jul 2018 21:07:58 -0400
In-Reply-To: <bb5a5e01-fdd4-1516-9815-61bb3444ff21@joelhalpern.com>
Cc: General area reviewing team <gen-art@ietf.org>, dnsop WG <dnsop@ietf.org>, ietf <ietf@ietf.org>, "Joel M. Halpern" <jmh@joelhalpern.com>
To: draft-ietf-dnsop-session-signal.all@ietf.org
References: <153082732415.26353.11898401544902479901@ietfa.amsl.com> <CAPt1N1m32w=74pA736wbbJGj3D-gcW93+DYcNfAp-M0vfov0dA@mail.gmail.com> <99295cd6-d9f0-a60d-381b-8d57658ed701@joelhalpern.com> <CAPt1N1kONQdS7oO5LGL+te0mBA+sLUGFpPwZZCBJrACzN1S1LA@mail.gmail.com> <bb5a5e01-fdd4-1516-9815-61bb3444ff21@joelhalpern.com>
X-Mailer: Apple Mail (2.3445.100.15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/ZXnGQ14bVlSGUb1sJygF2KaddEA>
Subject: Re: [Gen-art] Genart telechat review of draft-ietf-dnsop-session-signal-11
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 01:08:07 -0000

I got a bit wound up about not making the three changes that Joel called out in the updated session signal comment, and insisted on not making the changes because they didn't seem that important.   I had a bit more private conversation with Joel about it, and after some reflection decided that it might be worth suggesting some changes after all based on Joel's comments.

What I would propose to fix these three issues are the following three changes.

In 5.1.3:

OLD:
   Where an application-layer middlebox (e.g., a DNS proxy, forwarder,
   or session multiplexer) is in the path, the middlebox MUST NOT
   blindly forward DSO messages in either direction, and MUST treat the
   inbound and outbound connections as separate sessions.  This does not
   preclude the use of DSO messages in the presence of an IP-layer
   middlebox, such as a NAT that rewrites IP-layer and/or transport-
   layer headers but otherwise preserves the effect of a single session
   between the client and the server.
NEW:
   Where an application-layer middlebox (e.g., a DNS proxy, forwarder,
   or session multiplexer) is in the path, care must be taken to avoid
   inappropriately passing session signaling through the middlebox.

   In cases where a DSO session is terminated on one side of a middlebox,
   and then some session is opened on the other side of the middlebox in
   order to satisfy requests sent over the first DSO session, any such session
   MUST be treated as a separate session.

   This does not
   preclude the use of DSO messages in the presence of an IP-layer
   middlebox, such as a NAT that rewrites IP-layer and/or transport-
   layer headers but otherwise preserves the effect of a single session
   between the client and the server.  And of course it does not apply
   to middleboxes that do not implement DNS Stateless Operations.

   These restrictions do not apply to middleboxes that do not implement
   DSO: since they have no way to understand a DSO message, a pass-through
   middlebox like the one described in the previous paragraph will pass
   DSO messages unchanged or drop them (or possibly drop the connection).
   A middlebox that is not doing a strict pass-through will have no way
   to know on which connection to forward a DSO message, and therefore
   will not be able to behave incorrectly.

In 5.2.2:
OLD:
   A DSO response message may contain no TLVs, or it may be specified to
   contain one or more TLVs appropriate to the information being
   communicated.  This includes "Primary TLVs" and "Additional TLVs"
   defined in this document as well as in future TLV definitions.

NEW:
   A DSO response message may contain no TLVs, or it may be specified to
   contain one or more TLVs appropriate to the information being
   communicated.  This includes "Primary TLVs" and "Additional TLVs"
   defined in this document as well as in future TLV definitions.
   It may be permissible for an additional TLV to appear in a response
   to a primary TLV even though the specification of that primary TLV
   does not specify it explicitly.   See section 8.2 for more information.

In 5.4:
OLD:
   With most TCP implementations, for DSO requests that generate a
   response, the TCP data acknowledgement (generated because data has
   been received by TCP), the TCP window update (generated because TCP
   has delivered that data to the receiving software), and the DSO
   response (generated by the receiving application-layer software
   itself) are all combined into a single IP packet.  Combining these
   three elements into a single IP packet can give a significant
   improvement in network efficiency.

NEW:
   With most TCP implementations, for DSO requests that generate a
   response, the TCP data acknowledgement (generated because data has
   been received by TCP), the TCP window update (generated because TCP
   has delivered that data to the receiving software), and the DSO
   response (generated by the receiving application-layer software
   itself) are all combined into a single IP packet.  Combining these
   three elements into a single IP packet can give a significant
   improvement in network efficiency, assuming that the DSO response
   is sent before the TCP Delayed Acknowledgement timer goes off.

v2.23.0 | Report a Bug | By Email