DNS Query Name Minimisation to Improve Privacy
draft-ietf-dnsop-rfc7816bis-11
Yes
Warren Kumari
No Objection
John Scudder
Murray Kucherawy
(Alvaro Retana)
(Martin Duke)
(Martin Vigoureux)
Note: This ballot was opened for revision 10 and is now closed.
Erik Kline
Yes
Comment
(2021-08-09 for -10)
Sent
[S2.1 comment]
* It seems to me that using A QTYPEs for Happy Eyeballs clients is
only a "potential benefit" for an IPv4 connection setup, and does
nothing to aid any possible IPv6 connection setup.
There are networks with IPv6-only clients accessing mostly
IPv6-reachable services for which this might actually slow down
services (by delaying AAAA resolution resulting in an IPv4
connection setup that uses something like NAT64 rather than
native IPv6).
Suggestion 1: Just trim these HE-related sentences.
Suggestion 2: Make it clear that this might not always be a "benefit"
in certain network deployments.
Roman Danyliw
Yes
Comment
(2021-08-23 for -10)
Not sent
Thank you to Donald Eastlake for the SECDIR review.
Warren Kumari
Yes
Francesca Palombini
No Objection
Comment
(2021-08-25 for -10)
Sent
John Scudder
No Objection
Murray Kucherawy
No Objection
Zaheduzzaman Sarker
No Objection
Comment
(2021-08-25 for -10)
Sent
Thanks for this document. I have one question - * what is a "full cache" as mentioned in the section 5? if not a well known term to describe a cache then please explain it shortly.
Éric Vyncke
(was Discuss)
No Objection
Comment
(2021-09-01)
Sent
Thank you for the work put into this document. A simple but efficient technique. Thank you also for addressing completely my previous blocking DISCUSS. It is now cleared. Special thanks to Tim Wicinski for his shepherd's write-up notably about the WG consensus. I hope that this helps to improve the document, Regards, -éric == PREVIOUS DISCUSS (no more valid) == -- Section 2.1 -- I support Erik Kline's COMMENT on this and am raising it to a blocking DISCUSS. A/ in all the discussion in the last §, a AAAA would have the same benefit when compared to a NS QTYPE. Or what did I miss ? B/ the last two sentences "Another potential benefit...happy eyeballs query for the A QTYPE." are puzzling as using A QTYPE will actually only cache the A answer for the minimized request and more and more Internet users are using IPv6 nowadays (and possibly even more recursive DNS servers). Hence, I would welcome some discussion in the last § about the benefit of using A QTYPE rather than AAAA QTYPE and, as suggested by Erik Kline, please remove the last 2 sentences.
Benjamin Kaduk Former IESG member
Yes
Yes
(2021-08-20 for -10)
Sent
The discussion about how many labels to add at each step is rather spread out amongst Sections 2, 2.3, and 3, and my preference would be to have a single more-clear specification of behavior for the Proposed Standard level of publication (but this is just a non-blocking comment and I recognize that addressing it would require somewhat invasive changes to the text). Looking over the diff from RFC 7816, I see that the discussion of empty non-terminals has been removed. Is that because the prevalence of servers that fail to handle them properly in the wild has dropped to an insignificant level? (If so, hooray!) If not, why was the text removed? We also removed the discussion of "some broken name servers [that] do not react properly to QTYPE-NS requests", which is mostly understandable since we no longer recommend that NS is used as the QTYPE for masking minimized requests. I don't know if it's worth retaining this warning in some form as it might apply to legacy implementations that retain the RFC 7816 behavior. Thanks to Donald Eastlake for the secdir review. I echo the intdir reviewer's question about where "strict mode" of QNAME minimization is defined. I also see the genart reviewer's question about whether the number of labels per iteration can remain large after the division, and I think that the maximum allowed length of a domain name helps some here, but would appreciate if someone more familiar with the actual limits ran the numbers and opined that the resulting number of labels is capped at some reasonable bound. Abstract If the note about the WG and git source is expected to be removed before publication as an RFC, it seems prudent to note that somewhere (whether in the visible prose or as a comment in the XML). Section 2.1 The QTYPE to use while minimising queries can be any possible data type (as defined in [RFC6895] Section 3.1) for which the authority always lies below the zone cut (i.e. not DS, NSEC, NSEC3, OPT, TSIG, TKEY, ANY, MAILA, MAILB, AXFR, and IXFR), as long as there is no relation between the incoming QTYPE and the selection of the QTYPE to use while minimising. [...] At risk of being overly pedantic, the procedure will still get you the right answer even if there is a relation between the incoming and selected QTYPE, so the "can be ... as long as" isn't quite correct. We insist on the lack of relationship because that gives better privacy properties, not because it is required for correct behavior, as I understand it. Section 3 (3) If CHILD is the same as QNAME, or if CHILD is one label shorter than QNAME and the original QTYPE can only be at the parent side (like QTYPE=DS), resolve the original query as normal starting from ANCESTOR's name servers. Start over from step 0 if new names need to be resolved as result of this answer, for example when the answer contains a CNAME or DNAME record. We might want to reference RFC 6672 for DNAME (since we use it later in step 6 as well). Section 6 the amount of data sent also, in part, addresses the case of a wire sniffer as well as the case of privacy invasion by the servers. Who are "the servers"? Section 7.1 It seems rather unconventional to make a normative reference to the document being obsoleted (RFC 7816). It seems like that document would be more appropriately classified as an informative reference. Section 7.2 Deferring to RFC 8499 for terminology definitions may well merit classifying it as a normative reference. NITS Thanks for putting the git repo link in the Abstract. Since I only have a proposed wording for one of these I didn't go through the effort of phrasing it in the form of a patch, but it's nice to have the option available. Section 3 (4) Otherwise, add the next relevant label or labels from QNAME to the start of CHILD. The number of labels to add is discussed in Section 2.3. It might be worth being a little more explicit that this is updating the current value of CHILD, as opposed to producing a new temporary value consisting of (next relevant label or labels)+CHILD. (E.g., "Update the value of CHILD to consist of [...]".) Section 4 have been A. Using the most used QTYPE to hide the original QTYPE therefore slightly reduces the number of outgoing queries. I'd probably say "compared to using any other QTYPE to hide the original QTYPE". Section 6 QNAME minimisation's benefits are clear in the case where you want to decrease exposure to the authoritative name server. But minimising I'd probably clarify "exposure of what?".
Alvaro Retana Former IESG member
(was Discuss)
No Objection
No Objection
(for -10)
Sent for earlier
Lars Eggert Former IESG member
No Objection
No Objection
(2021-08-24 for -10)
Sent
DOWNREF from this Standards Track doc to Experimental [RFC7816]. "Abstract", paragraph 3, comment: > This document is part of the IETF DNSOP (DNS Operations) Working > Group. The source of the document, as well as a list of open issues, > is at <https://framagit.org/bortzmeyer/rfc7816-bis> Should this not be removed before publication? Obsolete reference to RFC7626, obsoleted by RFC9076 (this may be on purpose). Found terminology that should be reviewed for inclusivity; see https://www.rfc-editor.org/part2/#inclusive_language for background and more guidance: * Terms "traditional", "tradition", "Traditionally"; alternatives might be "classic", "classical", "common", "conventional", "customary", "fixed", "habitual", "historic", "long-established", "popular", "prescribed", "regular", "rooted", "time-honored", "universal", "widely used", "widespread". ------------------------------------------------------------------------------- All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. "Table of Contents", paragraph 2, nit: > ed in Section 6.1 of [RFC6973]: the less data you send out, the fewer privac > ^^^^ Did you mean "fewer"? The noun data is countable. (Also elsewhere.) Section 1.2. , paragraph 3, nit: > is to minimise the amount of privacy sensitive data sent from the DNS resolv > ^^^^^^^^^^^^^^^^^ This word is normally spelled with a hyphen. (Also elsewhere.) Section 4. , paragraph 1, nit: > en saved if the incoming QTYPE would have been the same as the QTYPE selected > ^^^^^^^^^^^^^^^ Did you mean "had been"? (Also elsewhere.)
Martin Duke Former IESG member
No Objection
No Objection
(for -10)
Not sent
Martin Vigoureux Former IESG member
No Objection
No Objection
(for -10)
Not sent
Robert Wilton Former IESG member
No Objection
No Objection
(2021-08-24 for -10)
Sent
I support Eric's discuss, and Erik's comment on 2.1's use of A records. Specifically, I wonder whether it wouldn't be more forward looking to recommend using AAAA records rather than A records.