Re: Demultiplexing HTTP and DNS on the same listener [New Version Notification for draft-dkg-dprive-demux-dns-http-02] from Alex Rousskov on 2017-05-03 (ietf-http-wg@w3.org from April to June 2017)

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 3 May 2017 17:34:47 -0600
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, DNS Privacy Working Group <dns-privacy@ietf.org>
Message-ID: <2564afa5-1a0d-c3e0-e620-37d67482ce28@measurement-factory.com>

On 05/03/2017 05:17 PM, Daniel Kahn Gillmor wrote:
> The idea of the demuxing stage is that a server that opts into this would
> put the demuxing *before* the HTTP/1 server implementation gets access
> to the data.

Think of the HTTP proxies, not just origin servers. Using an HTTP proxy
is often _required_ when sending traffic over an HTTP port. These HTTP
proxies will break all the muxed DNS traffic they will get. Opting them
"in" will be a lot more difficult than opting a specialized origin
server that wants to participate...

And yes, this deployment concern applies to port 443 traffic as well,
unfortunately.

Alex.

Received on Wednesday, 3 May 2017 23:35:17 UTC