RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 8484, "DNS Queries over HTTPS (DoH)", October 2018

Source of RFC: doh (art)

Errata ID: 6033
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Mohamed Boucadair
Date Reported: 2020-03-30

Section 3 says:

   A DoH client MUST NOT use a different URI simply because it was
   discovered outside of the client's configuration (such as through
   HTTP/2 server push) or because a server offers an unsolicited
   response that appears to be a valid answer to a DNS query. 

It should say:

   A DoH client MUST NOT use a different URI that was discovered outside
   of the client's configuration (except via HTTP redirection discussed
   in Section 6.4 of [RFC7231]).  Also, the DoH client MUST ignore an
   unsolicited response (such as through HTTP/2 server push) that
   appears to be a valid answer to a DNS query unless that response
   comes from a configured URI (as described in Section 5.3).

Notes:

(1) The intent of this text is confusing.

(2) I checked the mailing list and found that the text was updated late in the publication process to address this comment: https://mailarchive.ietf.org/arch/msg/doh/f_V-tBgB-KRsLZhttx9tGt75cps/.

(3) The example provided in the thread (server push) is related to the second part of the OLD text. It is mistakenly attached to the first part.

(4) The push example may be interpreted as if server push is disallowed. This is conflicting with Section 5.3.

Hence, this change:

Also, the DoH client MUST ignore an
unsolicited response (such as through HTTP/2 server push) that
appears to be a valid answer to a DNS query ** unless that response
comes from a configured URI (as described in Section 5.3) **.

(5) An intuitive way to discover the URI outside the configuration is redirection. RFC8484 indicates clearly the following:

The described approach is more than a tunnel over HTTP. It
establishes default media formatting types for requests and responses
but uses normal HTTP content negotiation mechanisms for selecting
alternatives that endpoints may prefer in anticipation of serving new
use cases. In addition to this media type negotiation, it ** aligns
itself with HTTP features ** such as caching, **redirection**, proxying,
authentication, and compression.

Forbidding discovery of URI outside the configuration contradicts the above excerpt. The text is as such incorrect.

(6) Also, I suggest to remove "simply" from the text. Not sure what message is supposed to convey.

Report New Errata