On Sun, 13 Apr 2014 20:01:30 +0300, Ilari Liusvaara wrote: >On Sun, Apr 13, 2014 at 09:16:39AM -0400, Phillip Hallam-Baker wrote: >... >There's also another factor to consider: Memory use. Specifically, >how much memory "sessions" that aren't currently being prcessed, >but which need to be able to bring to service in 0 RTT use. > >I have no idea how DTLS would fare here... > >Also, agreed that DTLS is a serious mess (and I think it is going to get >even worse).
A couple of comments: - it seems to me like memory use is the biggest constraint if you're running a server, and latency for the clients. - unfortunately these conflict with each other: you reduce latency by keeping connections open and reusing them, but that increases memory use at servers - We've done some studies about memory use for TCP+TLS, with real traces from several several different types of servers. See http://www.isi.edu/~johnh/PAPERS/Zhu14a.html for the tech report. (We'd love comments and feedback!) - the high order bit from the study is that with very conservative (i.e., short) timeouts, and with TCP+TLS from stub to recursive and TCP only from recursive to authoritative, we see ~21% greater latency and 9GB of state at the recursive resolver. You can tweak the numbers to get different trade-offs if you prefer. Both of these are more than current UDP, but both are, I think, "reasonable". And fortunately, DNS is embarrassingly parallel, so one can easily increase server capacity by buying more servers. About specific protocols: - we took the most conservative choice: TCP and TLS. Heartbleed shows us subtle bugs are possible, but IMHO better something the community has been studying for years and years than something hand-rolled, or something less well examined. - Although not a privacy issue, I think DNS over TCP is a really interesting method to address other (non-privacy-related) security questions, like reducing DNS amplification attacks, and removing the endless debates about "change X will overflow packet size Y and cause subtle problem Z to W percent of users". (IMHO, that debate has subtly distorted a number of policy discussions, like keysize choices. I'd just like to sidestep all that.) Details are in the tech report; I don't want to get off-topic wrt dns-privacy. - I think UDP+DTLS vs. TCP+TLS is an interesting open question. It's not obvious to me that DTLS helps that much, as you still do a standard TLS handshake (just over UDP). And I'm admiring of TCP for other reasons (see the prior bullet). But I think a prudent step would be to advance TCP+TLS and then see if the same model also applies to UDP+DTLS, if we can articulate the compelling advantages of DTLS. -John Heidemann _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
