Re: Intdir telechat review of draft-ietf-httpbis-alias-proxy-status-05

Hi Brian,

Thanks for the review! I’m not sure I quite follow your concern here.

This proxy status parameter is a way for the proxy to communicate informational details back to the client about the DNS it performed when communicating to the next hop. Note that it already can communicate the next hop IP address, etc. This helps communicate the CNAME chain, if any exists.

The client does not use the next hop IP or CNAME info to make direct connections to the end, but only to understand more about the identity of what was used. I don’t think the proxy sitting behind a NAT or using split DNS is necessarily impactful, but even if the proxy is able to access addresses and DNS resolution that the client could not on its own, it shouldn’t matter.

Does this help clarify things? If not, can you further explain what scenario you are concerned with?

Best,
Tommy

> On Oct 23, 2023, at 7:25 AM, Brian Haberman via Datatracker <noreply@ietf.org> wrote:
> 
> Reviewer: Brian Haberman
> Review result: On the Right Track
> 
> I am an assigned INT directorate reviewer for
> draft-ietf-httpbis-alias-proxy-status. These comments were written primarily
> for the benefit of the Internet Area Directors. Document editors and
> shepherd(s) should treat these comments just like they would treat comments
> from any other IETF contributors and resolve them along with any other Last
> Call comments that have been received. For more details on the INT Directorate,
> see https://datatracker.ietf.org/group/intdir/about/.
> 
> Major Issues:
> 
> I am a bit concerned that there is no discussion about the potential scope for
> either domain names or IP addresses. What happens if a proxy sits behind a NAT?
> Does the NAT now need an ALG to convert private IP addresses to global ones?
> What about a situation where the proxy sits behind a firewall utilizing split
> DNS?
> 
>

Received on Monday, 23 October 2023 15:43:44 UTC