IETF Logo Mail Archive

Re: [Add] New Version Notification for draft-schwartz-svcb-dns-00.txt

Ben Schwartz <bemasc@google.com> Mon, 10 August 2020 17:02 UTC

Return-Path: <bemasc@google.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC8513A0B4F for <add@ietfa.amsl.com>; Mon, 10 Aug 2020 10:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ENqebHs9fnR7 for <add@ietfa.amsl.com>; Mon, 10 Aug 2020 10:02:11 -0700 (PDT)
Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3C073A0B4B for <add@ietf.org>; Mon, 10 Aug 2020 10:02:10 -0700 (PDT)
Received: by mail-wm1-x32c.google.com with SMTP id c80so212905wme.0 for <add@ietf.org>; Mon, 10 Aug 2020 10:02:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dqWl5lLzh73UyDw/0W+4Kmx3qXLQ/ZdaAWJRtlOpJeA=; b=vqWn0SgstZqOFIdF/46pO/WwNAGAoLmHumZdLfh9FfsKWN2meWe3S/TXD3YMnGBYdj F6Q5etUnxjqh8ZbNhTVvXJ7YE88lWDppa5nD82imvCP4pBwzcZw5sllxdqKesn7a2gQ2 oEYzcFJrYWPWaUfIRY3QUwwkOzr6stn2BId9Rgp2BXoRG2BBbuo/nMvp+hpcTqwCE6ty RQ0tipaFQWF1IIv485Yh8/hOsXRB7sgxWqD6E6DR7CYmpl/6bRPatrcnrTRJWDOm7+Sn dIWqC2bFjGyce+EEEEB9TO9G9JMey652QmkZuZAchYA5JF+euiTocG8aWmFik0FfI2uK PrLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dqWl5lLzh73UyDw/0W+4Kmx3qXLQ/ZdaAWJRtlOpJeA=; b=b/7l0+zx3CMsVBbyu3+XCBo0Kn/BoCVrWWHqCoHNhUsR6n5HRagrAQnG49VZz21VBG uRmyeLCFAjdpLchJakIHAs2zpbzmM3mB6X+W6tGaCyRFGNtDlEW21kaCOAS3HTrd09mW HfEtVDo5O4nyRg1ESepwyFpF9m2yX99rRmmNqH2sVtxEQmy+4bMMkdQOnU7EmpL2TF57 12TTd6i4UPbbDd0W95ZHzbDDg4EtKsdx97bn9t2M8LUDKsjsqKOwl2kIknl+/aFG0t0l lphFdqnhsigPuCjfcBP5r/D/DgbF8PpvjvmycGNSp5U9zpCLchU7nBIUm/1WPGJMwhHP GLiQ==
X-Gm-Message-State: AOAM531leDL7ZefXeGbxO0r9crPyfFC42L0mmZThN0euybrJgK1/28Vb hq//N4jf/9WLbctYbDqA9yB8erQZXo0fUKnveaUvf5Lt
X-Google-Smtp-Source: ABdhPJwSmdosuhQtlviuaAYJ5xbks+j0r3hsdlJdLJ1pQHX4ta2DL6YPtrOEfh0svyIXorlyUA5zc/xDgtsBrLFHv10=
X-Received: by 2002:a1c:a757:: with SMTP id q84mr201717wme.1.1597078928060; Mon, 10 Aug 2020 10:02:08 -0700 (PDT)
MIME-Version: 1.0
References: <159656272783.7072.6229544475907348131@ietfa.amsl.com> <CAHbrMsDtFNDB5TDz=HNejVi_RMbq_8Q6=o6iW_gyDr=ggZjyNA@mail.gmail.com> <CAHbrMsDFXdw7uXZQeP48SR8_hQJqcVXx48EfKHLOdywG4D_dcg@mail.gmail.com> <CAMOjQcFosstQAWMihgcPve1khRLa0r0EQW9k+UAJ=gWwY5BSXw@mail.gmail.com> <CAHbrMsBttuY2CN0G2=1_DVahF5s5MAU5nvdwaWxKSKSJ9yVk5Q@mail.gmail.com> <CAMOjQcHo=6G+sAS9=n4W8UeE_=MkBmKCRiZO8Zpn8ASnsOk3BQ@mail.gmail.com>
In-Reply-To: <CAMOjQcHo=6G+sAS9=n4W8UeE_=MkBmKCRiZO8Zpn8ASnsOk3BQ@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Mon, 10 Aug 2020 13:01:56 -0400
Message-ID: <CAHbrMsArZC1_W8E41CHeFsy9Wou3Gnkk4LgVKzggE6pwGQN_vw@mail.gmail.com>
To: Eric Orth <ericorth=40google.com@dmarc.ietf.org>
Cc: Eric Orth <ericorth@google.com>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000042d0de05ac88ea62"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/2HbS-p2VfKsVg4e7V-oPWAUeGN0>
Subject: Re: [Add] New Version Notification for draft-schwartz-svcb-dns-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 17:02:14 -0000

On Mon, Aug 10, 2020 at 11:53 AM Eric Orth <ericorth=
40google.com@dmarc.ietf.org> wrote:

> Clarification question: Is the draft intended for finding alternate DNS
> servers given a query identifying one DNS server?
>

Pretty much, yeah.

Or is it intended as a generalization of the proposals for finding a
> designated DNS server given something like a webpage? Or both or more?
>
> My reading of the draft was that it was targeting just the first, but from
> your response and considering the three drafts referenced in your original
> email, I'm thinking I may have read the intent too narrowly.
>

This is intended as a reusable component for converting "domain name of a
DNS server" into "instructions for contacting that server over an encrypted
transport".  How you learned that domain name, and what you use it for, are
outside the scope of this draft.  My hope is that this component allows
various other proposals to focus on those questions, and to share at least
the syntax of the encrypted transport parameters for different use cases.

It seems like the emphasis on "dns://" URIs was a source of some confusion,
so I've rephrased the text to avoid that dependency.

On Sun, Aug 9, 2020 at 3:03 PM Ben Schwartz <bemasc=
> 40google.com@dmarc.ietf.org> wrote:
>
>> On Fri, Aug 7, 2020 at 5:11 PM Eric Orth <ericorth=
>> 40google.com@dmarc.ietf.org> wrote:
>>
>>> I like the idea overall, but can you further explain the decision to use
>>> dns: URIs to describe DNS servers?
>>>
>>
>> I wouldn't say that's what's happening here..
>>
>> The SVCB/HTTPS record describes a way to perform connection establishment
>> when attempting to retrieve a resource by its URI..  (Use of a URI with
>> SVCB is recommended but not required.)  The SVCB draft only defines a
>> mapping for "http://" and "https://" URIs; this draft provides the
>> mapping for "dns://".
>>
>> For both "https://" and "dns://" URIs, SVCB serves the same function:
>> the URI provides an authority, and SVCB provides some information on how to
>> enhance your connection to that authority, in pursuit of the indicated
>> resource.  Ultimately, the client must want to access some resource (i.e.
>> an HTTP resource or a DNS record, indicated by the URI's path in both
>> cases), or there's no need to connect to the authority at all.
>>
>> In truth, I don't think the "dns: URI" part is really important here;
>> it's mostly just a nice conceptual framework for the draft.  The real
>> question is: if we distribute information in this form, will it work well
>> as a component of the systems we're trying to build?
>>
>> Seems a bit funky since that URI scheme is designed for DNS data, not a
>>> DNS server.  What we want here seems to match more with just the optional
>>> "authority" section of a dns: URI.
>>>
>>
>> Yes; this is the SVCB design generally.  Note that the "authority"
>> section is also optional in "https" URIs.
>>
>> Do we need a new URI scheme for DNS servers? Wasn't there a recent
>>> proposal for that?
>>>
>>
>> I believe those proposals are principally inspired by DNS Stamps
>> https://dnscrypt.info/stamps-specifications. With SVCB, the URI
>> (normally) identifies the authority by name, and the protocol is negotiated
>> at connection time.  With DNS Stamps, all protocol and connection
>> parameters are encoded into the URI itself.
>>
>> I think the SVCB approach is more suitable for our purposes, because it
>> separates the simple, important question (who am I sending queries to?)
>> from the complicated, boring question (how do I perform connection
>> establishment?).  This is similar to HTTPS: I wouldn't want to encode QUIC
>> vs. TLS, or ECH public keys, into the HTTPS URI, where the info could get
>> out of sync or distract from the important question (who is the authority?).
>>
>> On Tue, Aug 4, 2020 at 8:41 PM Ben Schwartz <bemasc=
>>> 40google.com@dmarc.ietf.org> wrote:
>>>
>>>> Moving DPRIVE and DNSOP to BCC to avoid cross-posting.
>>>>
>>>> On Tue, Aug 4, 2020 at 1:53 PM Ben Schwartz <bemasc@google.com
>>>> <bemasc@google..com>> wrote:
>>>>
>>>>> Hi ADD and DPRIVE,
>>>>>
>>>>> I've noticed three recent drafts that propose to use the SVCB format:
>>>>> draft-mglt-add-rdp, draft-tapril-ns2, and
>>>>> draft-pauly-add-resolver-discovery.  These drafts, across multiple
>>>>> working groups, consider distinct use cases and architectures, but they all
>>>>> propose using SVCB (in very different ways) to convey information about a
>>>>> DNS server that supports encrypted transport.
>>>>>
>>>>> In the interest of harmonizing these proposals, creating a solid
>>>>> foundation, and separating concerns, I've written a short draft that
>>>>> specifies _only_ a minimal SVCB mapping for DNS URIs*, and does not address
>>>>> any specific use case.
>>>>>
>>>>> I hope this draft can enable each of these proposals to focus more on
>>>>> their goals, and worry less about the SVCB encoding.  (It also serves as an
>>>>> interesting test of the SVCB design.)
>>>>>
>>>>> Please review,
>>>>> Ben Schwartz
>>>>>
>>>>> *SVCB is based on URIs like https://, so for a DNS mapping we start
>>>>> with dns:// URIs.
>>>>>
>>>>> ---------- Forwarded message ---------
>>>>> From: <internet-drafts@ietf.org>
>>>>> Date: Tue, Aug 4, 2020 at 1:38 PM
>>>>> Subject: New Version Notification for draft-schwartz-svcb-dns-00.txt
>>>>> To: Benjamin Schwartz <bemasc@google.com>
>>>>>
>>>>>
>>>>>
>>>>> A new version of I-D, draft-schwartz-svcb-dns-00.txt
>>>>> has been successfully submitted by Benjamin Schwartz and posted to the
>>>>> IETF repository.
>>>>>
>>>>> Name:           draft-schwartz-svcb-dns
>>>>> Revision:       00
>>>>> Title:          Service Binding Mapping for DNS URIs
>>>>> Document date:  2020-08-04
>>>>> Group:          Individual Submission
>>>>> Pages:          8
>>>>> URL:
>>>>> https://www.ietf.org/internet-drafts/draft-schwartz-svcb-dns-00.txt
>>>>> Status:
>>>>> https://datatracker.ietf.org/doc/draft-schwartz-svcb-dns/
>>>>> Htmlized:       https://tools.ietf.org/html/draft-schwartz-svcb-dns-00
>>>>> Htmlized:
>>>>> https://datatracker.ietf.org/doc/html/draft-schwartz-svcb-dns
>>>>>
>>>>>
>>>>> Abstract:
>>>>>    The SVCB DNS record type expresses a bound collection of endpoint
>>>>>    metadata, for use when establishing a connection to a named service.
>>>>>    DNS itself can be such a service, when the server is identified by a
>>>>>    hostname in a "dns:" URI.  This document provides the SVCB mapping
>>>>>    for name-based DNS URIs, allowing DNS servers to indicate support
>>>>> for
>>>>>    new transport protocols.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Please note that it may take a couple of minutes from the time of
>>>>> submission
>>>>> until the htmlized version and diff are available at tools.ietf.org.
>>>>>
>>>>> The IETF Secretariat
>>>>>
>>>>>
>>>>> --
>>>> Add mailing list
>>>> Add@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/add
>>>>
>>> --
>> Add mailing list
>> Add@ietf.org
>> https://www.ietf.org/mailman/listinfo/add
>>
>

v2.23.0 | Report a Bug | By Email