IETF Logo Mail Archive

Re: [dnsext] draft-mohan-dns-query-xml-00.txt

Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Sat, 01 October 2011 21:05 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ADB621F901D; Sat, 1 Oct 2011 14:05:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1317503128; bh=lSvkd2dQpaSC397wp3v17RmdrlAKOBRBVCPZyJ4RUJI=; h=Mime-Version:From:In-Reply-To:Date:Message-Id:References:To:Cc: Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:List-Help: List-Subscribe:Content-Type:Content-Transfer-Encoding:Sender; b=Aup/WLL3w/UOvUyWSa53rC8kSi1RWf9aTGJzqrJ8bVuoR1uS1UDumF4zdPt8joldc AyP8eROu3Z1LSlE65ySRNnFLW3rM7AfRAO5EmTrLmjJzcQsK3r5FvRBtQHSlawv1Wk 0dHd3wFYzJ2mpLu6x2nAdA3ML5Cmt308zmfX/rwM=
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 232D121F901D for <dnsext@ietfa.amsl.com>; Sat, 1 Oct 2011 14:05:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.49
X-Spam-Level:
X-Spam-Status: No, score=-2.49 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkG3jvtCUaOs for <dnsext@ietfa.amsl.com>; Sat, 1 Oct 2011 14:05:26 -0700 (PDT)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU [192.150.186.19]) by ietfa.amsl.com (Postfix) with ESMTP id 4357F21F901C for <dnsext@ietf.org>; Sat, 1 Oct 2011 14:05:26 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id C99C82C400A; Sat, 1 Oct 2011 14:08:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([127.0.0.1]) by localhost (maihub.ICSI.Berkeley.EDU [127.0.0.1]) (amavisd-new, port 10024) with LMTP id dzGg0TXJWNNJ; Sat, 1 Oct 2011 14:08:21 -0700 (PDT)
Received: from [10.0.1.2] (c-76-103-166-40.hsd1.ca.comcast.net [76.103.166.40]) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 65FE22C4002; Sat, 1 Oct 2011 14:08:21 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1244.3)
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <33BA32D8CFF5BCB5D2895142@nimrod.local>
Date: Sat, 1 Oct 2011 14:08:20 -0700
Message-Id: <4C6F86F7-9FFD-4C71-B1A0-4CCD56E48D12@ICSI.Berkeley.EDU>
References: <CACU5sDnBx5AijEgFXKNPjtcVdtBnBJamsn-f_ye0Jm3TQq0mvw@mail.gmail.com> <0394FB3B-6C2B-4D47-B1FA-AA54B7EB1053@kirei.se> <DDD7529C-9EF3-427F-AF90-2872CCD71ECF@cisco.com> <201110010458.26859.vixie@isc.org> <D3890C96-DA07-4BA1-AB57-1A81EA2ED477@icsi.berkeley.edu> <5C4E07BC-E6CC-45A6-8018-10C2A799A55E@vpnc.org> <66077D12-F568-426A-8E5C-CC077CC24622@ICSI.Berkeley.EDU> <33BA32D8CFF5BCB5D2895142@nimrod.local>
To: Alex Bligh <alex@alex.org.uk>
X-Mailer: Apple Mail (2.1244.3)
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, DNSEXT Working Group <dnsext@ietf.org>
Subject: Re: [dnsext] draft-mohan-dns-query-xml-00.txt
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

On Oct 1, 2011, at 2:02 PM, Alex Bligh wrote:
>> No, what I'm assuming is SOME minimal-level of nonborkenness.
>> 
>> IF a cache takes url
>> 
>> http://www.example.com/url_a
>> 
>> and instead returns
>> 
>> http://www.example.com/url_b
> 
> This is true, but the GET/POST question is half orthogonal (so that would be 45 degrees?) to the nonce question. IE you could use a POST plus a nonce if you wanted. IIRC POST /should/ do enough alone to avoid the need for a nonce though, as I can't see how any web cache would cache POSTs.

Yeah, but if we're assuming maximum borkennes, I could see truly borken proxies failing to properly return data in the reply of a POST.

Thus if the goal of using POST instead of GET is cache-busting, GET with NONCE should work unless the case is "Broken to the point of uselessness HTTP proxy".


Oh, one BIG warning that might sabotage this that I just realized:  I've seen proxies, eg the Bluecoat proxy, which will intercept all traffic until the BROWSER is logged into the proxy and has a cookie set, so there isn't HTTP access unless through a browser that's already gone through the login process.  :(

Since thats likely to the the same sort of network where you can't bypass the DNS borkenness by TCP or UDP port 53, this could be a problem.



_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.8.7 | Report a Bug | By Email