Re: Demultiplexing HTTP and DNS on the same listener [New Version Notification for draft-dkg-dprive-demux-dns-http-02] from Daniel Kahn Gillmor on 2017-05-04 (ietf-http-wg@w3.org from April to June 2017)

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 03 May 2017 21:13:58 -0400
To: Patrick McManus <mcmanus@ducksong.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, DNS Privacy Working Group <dns-privacy@ietf.org>
Message-ID: <8760hhqv8p.fsf@fifthhorseman.net>

On Wed 2017-05-03 20:49:22 -0400, Patrick McManus wrote:
> the http/1 share of https:// traffic is dwindling fast. Its down to about
> 1/3 of https for me. So if you're looking to hide in a big pool, that's a
> shrinking segment.

1/3 of https traffic is still huge collateral damage to inflict, if a
network adversary were to try to block things to stamp out encrypted DNS
traffic.

> imo its a bigger problem because any rfc that required h1 would
> dis-incentivize h2 which is something the IETF should surely not want to do
> for many reasons.

I also wouldn't want to disincentivize h2.  But any server which still
offers h1, at any time in the future could implement this approach with
relatively little overhead (and no impact on h2 adoption) and it already
works today.

So an updated draft would be intended mainly as a stopgap measure while
we're getting DNS-over-h2 spec'ed and implemented, and as something a
server can offer to clients that don't yet speak h2.

        --dkg

Received on Thursday, 4 May 2017 01:14:32 UTC