Tom Pusateri wrote: ....
The Chain Query Requests in DNS (RFC 7901) are awesome for the stub resolver. But the web/DoH server has more knowledge that the stub doesn’t have yet and so it can benefit from this knowledge in a way that the stub resolver can’t.
for this to matter, the user will either have to visit a very large number of completely unrelated destinations, or will have to visit the same site or site-cluster many times. i consider the former unlikely, and have therefore limited my thinking to the latter.
in the case where someone is visiting the same site or site-cluster many times, the cost of fetching the necessary crypto-chain materials will only be borne once, or at worst very infrequently, due to caching.
this means that the difference between having the crypto-chain pushed to you in advance by someone who can predict where you're about to go because they're also sending you content with those references, will be so rare as to be non-impacting.
in addition, DoH is not connected to web service in any necessary way. the DoH channel will be to a DoH provider such as CF. while there's a good chance in today's internet that you'll also be fetching content from CF, there are in fact other CDN's and many non-CDN content hosts. if you are talking to any content host other than CF, then the CF DoH service will have no knowledge of what to push toward you.
in further addition, even in the case where you have a persistent CF DoH connection open, it may not be easy for CF to share enough connection-state between its DoH and other-content servers so that the one will be able to push crypto-chain information to you in support of the other.
in short, i don't think DoH can usefully optimize by pushing. -- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
