RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 2 records.

Status: Reported (2)

RFC 8484, "DNS Queries over HTTPS (DoH)", October 2018

Source of RFC: doh (art)

Errata ID: 5603
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Carsten Bormann
Date Reported: 2019-01-15

Section 4.1 says:

   The URI Template defined in this document is processed without any
   variables when the HTTP method is POST.  When the HTTP method is GET,
   the single variable "dns" is defined as the content of the DNS
   request (as described in Section 6), encoded with base64url
   [RFC4648].

It should say:

   The URI Template defined in this document is processed without any
   variables when the HTTP method is POST.  When the HTTP method is GET,
   the single variable "dns" is defined as the content of the DNS
   request (as described in Section 6), encoded with base64url
   [RFC4648]. Padding characters for base64url MUST NOT be included.

Notes:

Note that Section 6 does say the same thing for a different usage of base64url, and note that the examples in 4.1.1 even explicitly state this, but the text that states the usual deviation from the default of RFC 4648 should be in the defining part as well. (This is almost, but not quite, an editorial erratum.)

Errata ID: 6033
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Mohamed Boucadair
Date Reported: 2020-03-30

Section 3 says:

   A DoH client MUST NOT use a different URI simply because it was
   discovered outside of the client's configuration (such as through
   HTTP/2 server push) or because a server offers an unsolicited
   response that appears to be a valid answer to a DNS query. 

It should say:

   A DoH client MUST NOT use a different URI that was discovered outside
   of the client's configuration (except via HTTP redirection discussed
   in Section 6.4 of [RFC7231]).  Also, the DoH client MUST ignore an
   unsolicited response (such as through HTTP/2 server push) that
   appears to be a valid answer to a DNS query unless that response
   comes from a configured URI (as described in Section 5.3).

Notes:

(1) The intent of this text is confusing.

(2) I checked the mailing list and found that the text was updated late in the publication process to address this comment: https://mailarchive.ietf.org/arch/msg/doh/f_V-tBgB-KRsLZhttx9tGt75cps/.

(3) The example provided in the thread (server push) is related to the second part of the OLD text. It is mistakenly attached to the first part.

(4) The push example may be interpreted as if server push is disallowed. This is conflicting with Section 5.3.

Hence, this change:

Also, the DoH client MUST ignore an
unsolicited response (such as through HTTP/2 server push) that
appears to be a valid answer to a DNS query ** unless that response
comes from a configured URI (as described in Section 5.3) **.

(5) An intuitive way to discover the URI outside the configuration is redirection. RFC8484 indicates clearly the following:

The described approach is more than a tunnel over HTTP. It
establishes default media formatting types for requests and responses
but uses normal HTTP content negotiation mechanisms for selecting
alternatives that endpoints may prefer in anticipation of serving new
use cases. In addition to this media type negotiation, it ** aligns
itself with HTTP features ** such as caching, **redirection**, proxying,
authentication, and compression.

Forbidding discovery of URI outside the configuration contradicts the above excerpt. The text is as such incorrect.

(6) Also, I suggest to remove "simply" from the text. Not sure what message is supposed to convey.

Report New Errata