martinthomson
commented
1 year ago Copying my response to the email thread:
I don't think that a section like this would be a good idea. There are a great many things that we could explain in more detail, but we need to stick to relevant topics, lest we overburden readers with irrelevant and distracting details.
I should probably explain a bit about why this is not relevant. Typical HTTP usage takes inputs, usually: a method (GET/POST/...), a URL (https://example.com/whatever), maybe some fields that shape that request (Cache-Control say), and maybe a body. The HTTP library you engage with does a bunch of stuff with networking and TLS and whatnot and you get a response. At some point, down in the guts of that library, it might invoke gethostbyname(), but that's a number of layers of abstraction away.
This is the level of interaction that applies here as well. The addition of the relay means that the user has two URLs and two sets of fields to consider, but it is still engaged at that same high level. Importantly, all interactions in the protocol occur at this level, for all actors.
Now, if this were a CONNECT tunnel (see MASQUE), then DNS details are very relevant, because the processing of the request involves establishing transport-level sessions. The choice of who performs DNS queries - and how they do that - has a direct effect on the outcome. But that doesn't apply here.
paulwouters
chris-wood
Comment by @paulwouters
I think it would be good to add a section on how DNS works with ohttp. Eg to clarify whether the lookup is performed by the Client (and hopefully uses DoH or oDoH on its own) or whether it is looked up by the Oblivious Gateway Resource. Eg is the encrypted request using an IP address or a URI.