On Fri, Jul 6, 2018 at 9:06 AM Bob Harold <[email protected]> wrote:
> > On Tue, Jul 3, 2018 at 12:36 PM Ben Schwartz <bemasc= > [email protected]> wrote: > >> Thanks for improving the clarity of this draft. >> >> Could you provide an example of a use case where the baseline DOH >> behavior is not sufficient, to motivate the "proto" parameter? The text >> mentions a "transparency principle" as motivation, but I don't understand >> the significance of this principle. >> >> In particular, I think the draft should explain why it's not sufficient >> to apply truncation when the proxy packages an HTTP DOH response into a DNS >> response over UDP. >> >> > As I understand it, there are cases where TCP is handled differently than > UDP. TCP has a session and is less susceptible to source address > spoofing, so things like "ANY" responses, or longer answers, might be > handled differently. > OK. Obviously we know that they are handled differently insofar as the response over UDP will be truncated. Is there another difference? I'm trying to understand what behavior the DOH proxy can't replicate by performing truncation itself, and whether that behavior is of importance to anyone. I'd forgotten about the "Refuse ANY" draft, which does indeed offer the option of having different behaviors over UDP and TCP. Maybe someone who's familiar with that draft could comment on whether they think it's valuable to enable access to the "UDP version" of the ANY response. > -- > Bob Harold > > > On Mon, Jul 2, 2018 at 6:10 PM <[email protected]> wrote: >> >>> >>> A New Internet-Draft is available from the on-line Internet-Drafts >>> directories. >>> This draft is a work item of the Domain Name System Operations WG of the >>> IETF. >>> >>> Title : An Proxy Use Case of DNS over HTTPS >>> Authors : Linjian Song >>> Paul Vixie >>> Shane Kerr >>> Filename : draft-ietf-dnsop-dns-wireformat-http-03.txt >>> Pages : 6 >>> Date : 2018-07-02 >>> >>> Abstract: >>> This memo introduces a DNS proxy use case to tunnel DNS query and >>> response using DNS over HTTPs (DOH) protocol, a newly proposed DNS >>> transport. The proxy use case is useful as a incremental adoption >>> tool when DOH is not widely available in old-transport client and >>> server. >>> >>> >>> The IETF datatracker status page for this draft is: >>> https://datatracker.ietf.org/doc/draft-ietf-dnsop-dns-wireformat-http/ >>> >>> There are also htmlized versions available at: >>> https://tools.ietf.org/html/draft-ietf-dnsop-dns-wireformat-http-03 >>> >>> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-wireformat-http-03 >>> >>> A diff from the previous version is available at: >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-dns-wireformat-http-03 >>> >>
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
