Re: QUIC re-chartering: include DNS-over-QUIC?
Erik Kline <ek.ietf@gmail.com> Sun, 12 April 2020 22:08 UTC
Return-Path: <ek.ietf@gmail.com>
X-Original-To: quic@ietfa.amsl.com
Delivered-To: quic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C574E3A0A03 for <quic@ietfa.amsl.com>; Sun, 12 Apr 2020 15:08:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cxJF1dGLtXK0 for <quic@ietfa.amsl.com>; Sun, 12 Apr 2020 15:08:49 -0700 (PDT)
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78D953A0A02 for <quic@ietf.org>; Sun, 12 Apr 2020 15:08:49 -0700 (PDT)
Received: by mail-ot1-x32e.google.com with SMTP id n25so7408784otr.10 for <quic@ietf.org>; Sun, 12 Apr 2020 15:08:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=z8zX2KdDwxH96kfG/CMbs5JZHNYdDLAW8It40RRNTSs=; b=E7pvZXwxgYhgIACwogPRcUubois22B30gW9b4hpYAQ6pRTlhxYtUsDvYCM2CiJctsE G66hZHAU7DzV2yeyWsFTVZV+UxLGoB2DONs1QDBy79DJzKyVyWilRsUpUVjnUk3M+wuG HFLcB3r7vDNsHql1Lb3iLBrkjKSKEjU4Ho4KMvs6tZt+R/lXIi7Ry+ktD+Rq+xjvq6PC 3OhDSnvVh6a+7u3e2PfLBOAtBcmOgBX9QfH4JiIWlWIZPIMQHe5Z/fwMN4FRbZ8TnVLK m2mPQkrOnKWu3TtmLQ09Gn6KNYFMdFx2Z86TM4Aj8xXyXUZtOxvSHVu2cSL78+e7hkOi erhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=z8zX2KdDwxH96kfG/CMbs5JZHNYdDLAW8It40RRNTSs=; b=jWHFRCCNbO5BPC05mIiodUDV3fL6O4i0m4RXjeUBgeA/kV5yOIKd2n/MuYuB6rBH5R TPoOhUwI1ixAjThrZPGlAULQZt1d6e1EbuqhP69z1gR8ta9ho+BbqRIlGrz/4jYn4nmP h2ANi2MoxVms1OPXBxbE5FW1JuEFIHmDYOGtMh4xvCaqqjhSAYmeqqyAO4eJ+LQsEgMB 89ZIOTKVMGMR8XBSsFXAwC3PKItDAkpft4iti+RbeLhOPQla/SDd8LYPxpB87HunRqIx iNQzDdUcXNEDVUnVsaSt5kaOw3CDtUAwzO62SFEmlLSOL+5AUoCQE6+yyOmHmPzMBn/a Gs/w==
X-Gm-Message-State: AGi0PuaoGYqhVxYPPy/hg3E7Od09VSdQcaYf1djmRbB+x5PHcXmPrg7Q 53/E7A2jxhEK5REqfxakCYfEFM96fJolW6zdZlQ=
X-Google-Smtp-Source: APiQypI+G+tGXTwqjyIo4RIyn9Rov56y0s7WncG2X3cGvp4E1ZiygdHRRzDxry47RWeGEeVJT9a1gIfY2/v/f4mYh7Y=
X-Received: by 2002:a9d:c61:: with SMTP id 88mr12690984otr.144.1586729328664; Sun, 12 Apr 2020 15:08:48 -0700 (PDT)
MIME-Version: 1.0
References: <CAKcm_gNf43tXizw9D2jdtTieh+=zS7PKVDiNNV-UEbP8Gw+mHg@mail.gmail.com> <de87e833-de54-ae5a-cd85-2f93565192f7@redbarn.org> <CAKC-DJjNbBYVzmN=KxnRKpxK_eJFcbGFvejx1Xms-X2iesBVrg@mail.gmail.com> <21444935.R3TQEuPsEl@linux-9daj> <CAN1APddZUy8Ae2cSi_RnfeftsOpS-7NUHHWZiXtR_dk6qgUCxQ@mail.gmail.com> <CALGR9oYUtvJzngDRCMBMAqkKvzpD59OtXEBpWi8gOYPSJ2nZVw@mail.gmail.com>
In-Reply-To: <CALGR9oYUtvJzngDRCMBMAqkKvzpD59OtXEBpWi8gOYPSJ2nZVw@mail.gmail.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Sun, 12 Apr 2020 15:08:37 -0700
Message-ID: <CAMGpriVOsN1Ou1=1=jp0wwDFFAZqTk2=awk9usEJr_YfezF5iA@mail.gmail.com>
Subject: Re: QUIC re-chartering: include DNS-over-QUIC?
To: Lucas Pardue <lucaspardue.24.7@gmail.com>
Cc: Mikkel Fahnøe Jørgensen <mikkelfj@gmail.com>, IETF QUIC WG <quic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000fd63ff05a31f356b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic/Ayp6zd6anXT2S2_Tv0p3FJG6fVY>
X-BeenThere: quic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Main mailing list of the IETF QUIC working group <quic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic>, <mailto:quic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic/>
List-Post: <mailto:quic@ietf.org>
List-Help: <mailto:quic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic>, <mailto:quic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Apr 2020 22:08:52 -0000
Tangent: is there already, or are there plans for, a document like BCP 56 but for QUIC? I'm thinking generally about whether there should be guidance for folks wanting to port Foo protocol to Foo-over-QUIC. On Sun, Apr 12, 2020 at 12:01 PM Lucas Pardue <lucaspardue.24.7@gmail.com> wrote: > Mikkel, all, > > Thanks for the healthy discussion on this thread. As suggested up thread, > this proposal was taken to the DPRIVE WG and presented at their interim > meeting last week. > > DPRIVE have issued a call for adoption [1], I encourage continued > conversation over there. > > Cheers > Lucas > > [1] > https://mailarchive.ietf.org/arch/msg/dns-privacy/kXmy4lZ-MzUKCP5zrca9I4WmiVI/ > > > On Sun, 12 Apr 2020, 19:49 Mikkel Fahnøe Jørgensen, <mikkelfj@gmail.com> > wrote: > >> Late to the game.. I support DoQ. >> Maybe there are too many DNS transports, and maybe DNS as such does not >> need it, but for all communication endpoints that invest in QUIC as the >> sole transport it would be very convenient to have DoQ. DNS is a low-level >> dependency for most QUIC application protocols so if you have a non-HTTP >> based application, why would you want to drag in HTTP just for the sake of >> DNS, disregarding attack surfaces? DoQ instead of UDP/TCP DNS handles >> privacy / security and avoids another dependency. >> >> Kind Regards, >> Mikkel Fahnøe Jørgensen >> >> >> On 12 April 2020 at 01.46.25, Paul Vixie (paul@redbarn.org) wrote: >> >> On Thursday, 6 February 2020 21:27:14 UTC Erik Nygren wrote: >> > On Thu, Feb 6, 2020 at 4:16 PM Paul Vixie <paul@redbarn.org> wrote: >> > > i see DoQ as nec'y for QUIC's success but not relevant to DNS beyond >> the >> > > fact that DNS is a convenient second example of how QUIC can be used. >> if >> > > there are use cases or failure modes not handled well by DoT, i'd >> like >> > > to learn more about those. >> > >> > Some possible reasons (not comprehensive): >> >> forgive the long delay in responding, please. >> >> > * Reduce the impact of head-of-line blocking during loss. If packets >> are >> > lost, only the request(s) associated with the loss are impacted. >> >> you're assuming that the loss isn't self-induced. sometimes slowing down >> is >> exactly what's needed. for example when a busy full resolver has a queue >> of >> hundreds or thousands of requests to be sent to a zone authority, rate >> limiting of UDP is necessary to prevent a meltdown. bandwidth is >> finite... we >> sometimes load-balance toward several of a zone's authority servers even >> including those known to not have low-ish RTT, just to avoid flooding one >> of >> them, or to avoid flooding our nearby links. moving to QUIC won't help >> with >> any of that. >> >> > * Faster resumption and 0RTT behaviors (although you get some of these >> with >> > TFO + TLS 1.3 0RTT). But this substantially reduces the performance >> impact >> > when new connections need to be established. >> >> in DNS, new connections rarely need to be established. the reason RFC >> 6013 >> permitted connections to go into a quiet (resumable) state and keep the >> learned cwin in compressed state so that the cost of that state would be >> no >> worse than what was needed for syn flood protection. since you mentioned >> TFO i >> want to say two things, first it was insecure and can't be used, exactly >> as we >> predicted (william simpson and i), and second TCPCT allowed for payloads >> as >> part of the initial or resumptive segments to get exactly the 0RTT >> benefit. >> but i don't want to drone on like a sore loser. the point is, in DNS, >> novel >> connections are rare, and careful statekeeping to support resumption >> (such as >> DNS cookies as defined in RFC 7873) is already present in pre-QUIC DNS. >> >> > * The previous also means servers can be more aggressive about timing >> out >> > connections to reduce the state they need to keep, but while minimizing >> > perf impact, which can be critical at-scale. >> >> this reduces to a noop because the statekeeping is subject to botnet >> attacks. >> just as all TCP listeners have to implement syn flood protection, so it >> is >> that all stateful endpoints (whether DNS, TCPCT, TFO, or QUIC) have to be >> aggressive about timing out connections they need not keep fully open. >> QUIC >> has no special capabilities or requirements in this regard. >> >> > * Better ability for load balancers at-scale to do creative things, >> > including being able to recover better when Anycast moves routes >> between >> > data centers. (The server-supplied Connection ID means that options >> become >> > available to better recover without needing to reset re-establish >> > connections and without needing to share state between clusters.) >> >> while it's theoretically possible to share DNS cookie state (RFC 7873) >> across >> many instances of DNS Anycast, the cost:benefit of that complexity is >> less >> compelling than the cost:benefit of having to renegotiate during route >> changes >> either from mobile-ip or network-in-the-middle attacks. i don't think >> QUIC has >> different game theory than DNS cookies have in this regard. route changes >> are >> orders of magnitude less frequent than same-pair reuse, and always must >> be. >> >> > * QUIC provides a framework for future extensions that may be useful in >> the >> > DNS space. For example, FEC might actually be useful for DNS in some >> cases. >> > >> > I'm sure there are plenty more reasons... >> >> i appreciate the time you put into listing these initial motivations. >> however: >> >> > On Thu, Feb 6, 2020 at 4:16 PM Paul Vixie <paul@redbarn.org> wrote: >> > > i see DoQ as nec'y for QUIC's success but not relevant to DNS beyond >> the >> > > fact that DNS is a convenient second example of how QUIC can be used. >> if >> > > there are use cases or failure modes not handled well by DoT, i'd >> like >> > > to learn more about those. >> >> ....my question seems to stand. if the potential motivations you've >> listed so >> far were actual, then we'd have had DNS over SCTP decades ago, or >> something >> like DTLS that actually worked at scale rather than just in a lab, or we >> would >> have been able to get TCPCT the code point we needed to experiment >> globally, >> or we would have had UDP options by now. >> >> i consider DoQ inevitable, but for QUIC's purposes ("proof of broader >> applicability"), not DNS's purposes ("working better"). DNS is old and >> warty >> but it does move and it has evolved. >> >> -- >> Paul >> >> >>
- Re-chartering for extension work Mark Nottingham
- Re: Re-chartering for extension work Jana Iyengar
- RE: Re-chartering for extension work Lubashev, Igor
- Re: Re-chartering for extension work Martin Thomson
- RE: Re-chartering for extension work Roni Even (A)
- Re: Re-chartering for extension work Mark Nottingham
- Re: Re-chartering for extension work Mark Nottingham
- Re: Re-chartering for extension work Mark Nottingham
- RE: Re-chartering for extension work Roni Even (A)
- Re: Re-chartering for extension work Mark Nottingham
- RE: Re-chartering for extension work Roni Even (A)
- Re: Re-chartering for extension work Magnus Westerlund
- RE: Re-chartering for extension work Roni Even (A)
- Re: Re-chartering for extension work Salz, Rich
- RE: Re-chartering for extension work Lubashev, Igor
- Re: Re-chartering for extension work David Schinazi
- Re: Re-chartering for extension work Mark Nottingham
- Re: Re-chartering for extension work Mark Nottingham
- Re: Re-chartering for extension work David Schinazi
- Re: Re-chartering for extension work Olivier Bonaventure
- RE: Re-chartering for extension work Roni Even (A)
- Re: Re-chartering for extension work Lars Eggert
- Multipath (was: Re: Re-chartering for extension w… Lars Eggert
- Re: Multipath (was: Re: Re-chartering for extensi… Olivier Bonaventure
- Re: Multipath (was: Re: Re-chartering for extensi… Mikkel Fahnøe Jørgensen
- Re: Multipath (was: Re: Re-chartering for extensi… Olivier Bonaventure
- Re: Multipath (was: Re: Re-chartering for extensi… Mikkel Fahnøe Jørgensen
- Re: Multipath (was: Re: Re-chartering for extensi… Christian Huitema
- RE: Re-chartering for extension work Mike Bishop
- RE: Re-chartering for extension work Kuhn Nicolas
- Re: Re-chartering for extension work Ian Swett
- Re: [EToSat] Re-chartering for extension work Christian Huitema
- Re: Multipath (was: Re: Re-chartering for extensi… Jana Iyengar
- Re: Re-chartering for extension work Lars Eggert
- Re: Re-chartering for extension work Magnus Westerlund
- Re: Re-chartering for extension work Magnus Westerlund
- RE: Multipath (was: Re: Re-chartering for extensi… Florin Baboescu
- Re: Multipath (was: Re: Re-chartering for extensi… Olivier Bonaventure
- RE: Re-chartering for extension work Roni Even (A)
- Re: Multipath (was: Re: Re-chartering for extensi… Ryan Hamilton
- RE: Re-chartering for extension work Lubashev, Igor
- Re: Re-chartering for extension work Jana Iyengar
- RE:(2) Multipath (was: Re: Re-chartering for exte… Madhan Raj Kanagarathinam
- Re: Re-chartering for extension work Lars Eggert
- Re: Re-chartering for extension work Lars Eggert
- RE: Re-chartering for extension work Roni Even (A)
- RE: Re-chartering for extension work Roni Even (A)
- Re: Re-chartering for extension work Lars Eggert
- Re: Re-chartering for extension work Magnus Westerlund
- RE: Re-chartering for extension work Kuhn Nicolas
- RE: [EToSat] Re-chartering for extension work Kuhn Nicolas
- Re: Multipath Gorry Fairhurst
- Re: Re-chartering for extension work Olivier Bonaventure
- Re: Multipath (was: Re: Re-chartering for extensi… Olivier Bonaventure
- Re: Multipath Olivier Bonaventure
- Re: Multipath (was: Re: Re-chartering for extensi… Tommy Pauly
- Re: Multipath (was: Re: Re-chartering for extensi… Jana Iyengar
- RE: Multipath (was: Re: Re-chartering for extensi… tim.costello
- Re: Multipath (was: Re: Re-chartering for extensi… Mirja Kuehlewind
- Re: Re-chartering for extension work Dmitri Tikhonov
- Re: Re-chartering for extension work Lubashev, Igor
- Re: Re-chartering for extension work Martin Thomson
- Re: Multipath (was: Re: Re-chartering for extensi… Olivier Bonaventure
- Re: Multipath (was: Re: Re-chartering for extensi… Lucas Pardue
- Re: Re-chartering for extension work Dmitri Tikhonov
- Re: Multipath (was: Re: Re-chartering for extensi… Mirja Kuehlewind
- QUIC re-chartering: include DNS-over-QUIC? Erik Nygren
- Re: QUIC re-chartering: include DNS-over-QUIC? Tommy Pauly
- Re: QUIC re-chartering: include DNS-over-QUIC? Salz, Rich
- Re: QUIC re-chartering: include DNS-over-QUIC? Eric Rescorla
- Re: QUIC re-chartering: include DNS-over-QUIC? Ted Hardie
- Re: QUIC re-chartering: include DNS-over-QUIC? Jari Arkko
- Re: QUIC re-chartering: include DNS-over-QUIC? Magnus Westerlund
- Re: QUIC re-chartering: include DNS-over-QUIC? Stephen Farrell
- Re: QUIC re-chartering: include DNS-over-QUIC? Christian Huitema
- Re: QUIC re-chartering: include DNS-over-QUIC? Daniel Migault
- Re: QUIC re-chartering: include DNS-over-QUIC? Erik Nygren
- Re: QUIC re-chartering: include DNS-over-QUIC? Salz, Rich
- Re: QUIC re-chartering: include DNS-over-QUIC? Christopher Wood
- Re: QUIC re-chartering: include DNS-over-QUIC? Ian Swett
- Re: QUIC re-chartering: include DNS-over-QUIC? Vidhi Goel
- Re: QUIC re-chartering: include DNS-over-QUIC? Paul Vixie
- Re: QUIC re-chartering: include DNS-over-QUIC? Erik Nygren
- Re: QUIC re-chartering: include DNS-over-QUIC? Erik Kline
- Re: QUIC re-chartering: include DNS-over-QUIC? Martin Duke
- Re: QUIC re-chartering: include DNS-over-QUIC? Paul Vixie
- Re: QUIC re-chartering: include DNS-over-QUIC? Mikkel Fahnøe Jørgensen
- Re: QUIC re-chartering: include DNS-over-QUIC? Lucas Pardue
- Re: QUIC re-chartering: include DNS-over-QUIC? Erik Kline
- Re: QUIC re-chartering: include DNS-over-QUIC? Martin Thomson
- Re: QUIC re-chartering: include DNS-over-QUIC? Erik Nygren
- Re: QUIC re-chartering: include DNS-over-QUIC? Paul Vixie