Re: [Standards] NEW: XEP-0418 (DNS Queries over XMPP (DoX))

[Peter Saint-Andre]

On 4/4/19 11:08 AM, Dave Cridland wrote:
> 
> 
> On Thu, 4 Apr 2019 at 17:26, Peter Saint-Andre  > wrote:
> 
> On 4/1/19 12:59 PM, Florian Schmaus wrote:
> > On 30.03.19 16:48, Jonas Schäfer (XSF Editor) wrote:
> >> Version 0.1.0 of XEP-0418 (DNS Queries over XMPP (DoX)) has been
> >> released.
> >>
> >> Abstract:
> >> This specification defines an XMPP protocol extension for sending DNS
> >> queries and getting DNS responses over XML streams. Each DNS query-
> >> response pair is mapped into an IQ exchange.
> >>
> >> Changelog:
> >> Accepted by vote of Council on 2019-03-13. (XEP Editor (jsc))
> >>
> >> URL: https://xmpp.org/extensions/xep-0418.html
> >
> > Love it. Although I don't have an immediate use case, I could imagine
> > that one will come up possibly.
> 
> It's been noted on the DNSOP list:
> 
> https://mailarchive.ietf.org/arch/msg/dnsop/hbRHqdvQZquBtNx3IVede9VMSE8
> 
> In general I'm not a fan of working on things that "don't have an
> immediate use case". Are folks here actively interested in implementing
> and deploying DoX or is it just a thought experiment so far?
> 
> 
> Yes, people have actually implemented and deployed it.

Sweet. :-) Because I'm on a team that's working to deploy DoH at
Internet scale, I'd love to hear more about the DoX deployments (feel
free to ping me offlist).

Peter
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] NEW: XEP-0418 (DNS Queries over XMPP (DoX))

[Dave Cridland]

On Thu, 4 Apr 2019 at 17:26, Peter Saint-Andre  wrote:

> On 4/1/19 12:59 PM, Florian Schmaus wrote:
> > On 30.03.19 16:48, Jonas Schäfer (XSF Editor) wrote:
> >> Version 0.1.0 of XEP-0418 (DNS Queries over XMPP (DoX)) has been
> >> released.
> >>
> >> Abstract:
> >> This specification defines an XMPP protocol extension for sending DNS
> >> queries and getting DNS responses over XML streams. Each DNS query-
> >> response pair is mapped into an IQ exchange.
> >>
> >> Changelog:
> >> Accepted by vote of Council on 2019-03-13. (XEP Editor (jsc))
> >>
> >> URL: https://xmpp.org/extensions/xep-0418.html
> >
> > Love it. Although I don't have an immediate use case, I could imagine
> > that one will come up possibly.
>
> It's been noted on the DNSOP list:
>
> https://mailarchive.ietf.org/arch/msg/dnsop/hbRHqdvQZquBtNx3IVede9VMSE8
>
> In general I'm not a fan of working on things that "don't have an
> immediate use case". Are folks here actively interested in implementing
> and deploying DoX or is it just a thought experiment so far?
>
>
Yes, people have actually implemented and deployed it.


> Peter
>
> ___
> Standards mailing list
> Info: https://mail.jabber.org/mailman/listinfo/standards
> Unsubscribe: standards-unsubscr...@xmpp.org
> ___
>
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] NEW: XEP-0418 (DNS Queries over XMPP (DoX))

[Peter Saint-Andre]

On 4/1/19 12:59 PM, Florian Schmaus wrote:
> On 30.03.19 16:48, Jonas Schäfer (XSF Editor) wrote:
>> Version 0.1.0 of XEP-0418 (DNS Queries over XMPP (DoX)) has been
>> released.
>>
>> Abstract:
>> This specification defines an XMPP protocol extension for sending DNS
>> queries and getting DNS responses over XML streams. Each DNS query-
>> response pair is mapped into an IQ exchange.
>>
>> Changelog:
>> Accepted by vote of Council on 2019-03-13. (XEP Editor (jsc))
>>
>> URL: https://xmpp.org/extensions/xep-0418.html
> 
> Love it. Although I don't have an immediate use case, I could imagine
> that one will come up possibly.

It's been noted on the DNSOP list:

https://mailarchive.ietf.org/arch/msg/dnsop/hbRHqdvQZquBtNx3IVede9VMSE8

In general I'm not a fan of working on things that "don't have an
immediate use case". Are folks here actively interested in implementing
and deploying DoX or is it just a thought experiment so far?

Peter



signature.asc
Description: OpenPGP digital signature
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] NEW: XEP-0418 (DNS Queries over XMPP (DoX))

[Florian Schmaus]

On 30.03.19 16:48, Jonas Schäfer (XSF Editor) wrote:
> Version 0.1.0 of XEP-0418 (DNS Queries over XMPP (DoX)) has been
> released.
> 
> Abstract:
> This specification defines an XMPP protocol extension for sending DNS
> queries and getting DNS responses over XML streams. Each DNS query-
> response pair is mapped into an IQ exchange.
> 
> Changelog:
> Accepted by vote of Council on 2019-03-13. (XEP Editor (jsc))
> 
> URL: https://xmpp.org/extensions/xep-0418.html

Love it. Although I don't have an immediate use case, I could imagine
that one will come up possibly.

§ 4

"If the resolver does not support the dns namespace, it MUST return a
 error:"

I suggest to clarify that this is as per RFC 6120 § 8.5

§ 5

Do only entities acting as DoX resolver announce the feature, or all? I
suggest the former and to state that explicit in the XEP.

"In order for an application to determine whether an entity supports
this protocol, where possible it SHOULD use the dynamic, presence-based
profile of service discovery defined in Entity Capabilities (XEP-0115)
[7]. However, if an application has not received entity capabilities
information from an entity, it SHOULD use explicit service discovery
instead."

I am not a friend of the XEP-0115 hint in such situations. It just adds
additional redundancy and noise. XEP-0030 already has a forward hint to
XEP-0115. There is no need to mention it again. I suggest to remove that
paragraph.

"Support could also be pre-arranged between parties by putting a
resolver at a known JID, in which case the requestor can just start
sending queries to the resolver"

Appears pretty obvious to me and nothing a XEP needs to specify
explicitly. I suggest to remove this sentence too. Nit: Missing dot at
the end of the sentence.

§ 6

Whut? How does this result in a disconnection? I also think it does not
belong into this particular XEP, as it is nothing DoX specific.

§ 7

"…therefore all queries and responses MUST use TLS or equivalent
connection security"

Please remove the 'MUST'. There are valid uses cases to use DoX without
transport security. I would suggest to recommend the usage though. At
least use 'SHOULD' as compromise if you must.

"This mitigates classic amplification attacks for UDP- based DNS."

I don't think this is true (in the case of DoX).

A reference to the DNSSEC RFC(s) would be appropriate.

s/dns/DNS/ (everywhere)

The last paragraph in § 7 is also not really DoX specific and I don't
see what the takeaway for DoX-interested readers would be. I suggest to
remove it.

- Florian



signature.asc
Description: OpenPGP digital signature
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] NEW: XEP-0418 (DNS Queries over XMPP (DoX))

[Tedd Sterr]

RFC 4648 [1] defines two encodings for base 64:

§ 4. Base 64 Encoding: the familiar [A-Za-z0-9+/]; and
§ 5. Base 64 Encoding with URL and Filename Safe Alphabet: [A-Za-z0-9-_]

For the latter it says:

> This encoding may be referred to as "base64url".  This encoding
> should not be regarded as the same as the "base64" encoding and
> should not be referred to as only "base64".  Unless clarified
> otherwise, "base64" refers to the base 64 in the previous section.

So "base64" should always refer to the classic version, and "base64url" to the 
'safe' version.
Of course, whether people are aware and stick to this is another matter; though 
I'd like to think it should usually be obvious which version is required.


[1] https://www.rfc-editor.org/rfc/rfc4648.txt


From: Standards  on behalf of Sam Whited 

Sent: 01 April 2019 15:36
To: standards@xmpp.org
Subject: Re: [Standards] NEW: XEP-0418 (DNS Queries over XMPP (DoX))

On Sat, Mar 30, 2019, at 15:51, Jonas Schäfer wrote:
> Version 0.1.0 of XEP-0418 (DNS Queries over XMPP (DoX)) has been
> released.

The DNS request and response are encoded like so:

> The body MUST be encoded with base64 RFC 4648 [5]. Padding characters
> for base64 MUST NOT be included.

But there's no mention off what alphabet is used. I'm assuming this is
the standard one (as opposed to the URL/filename safe one), but I always
feel like this should be explicitly stated when base64 is used.

—Sam
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

Re: [Standards] NEW: XEP-0418 (DNS Queries over XMPP (DoX))

[Sam Whited]

On Sat, Mar 30, 2019, at 15:51, Jonas Schäfer wrote:
> Version 0.1.0 of XEP-0418 (DNS Queries over XMPP (DoX)) has been
> released.

The DNS request and response are encoded like so:

> The body MUST be encoded with base64 RFC 4648 [5]. Padding characters
> for base64 MUST NOT be included.

But there's no mention off what alphabet is used. I'm assuming this is
the standard one (as opposed to the URL/filename safe one), but I always
feel like this should be explicitly stated when base64 is used.

—Sam
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___

[Standards] NEW: XEP-0418 (DNS Queries over XMPP (DoX))

[XSF Editor]

Version 0.1.0 of XEP-0418 (DNS Queries over XMPP (DoX)) has been
released.

Abstract:
This specification defines an XMPP protocol extension for sending DNS
queries and getting DNS responses over XML streams. Each DNS query-
response pair is mapped into an IQ exchange.

Changelog:
Accepted by vote of Council on 2019-03-13. (XEP Editor (jsc))

URL: https://xmpp.org/extensions/xep-0418.html

Note: The information in the XEP list at https://xmpp.org/extensions/
is updated by a separate automated process and may be stale at the
time this email is sent. The XEP documents linked herein are up-to-
date.
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___