IETF Logo Mail Archive

Re: [Add] questions about the Examples section of svcb-dns-02

Peter van Dijk <peter.van.dijk@powerdns.com> Thu, 08 April 2021 07:38 UTC

Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FE663A3E4B for <add@ietfa.amsl.com>; Thu, 8 Apr 2021 00:38:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, KHOP_HELO_FCRDNS=0.399, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbWRz8Q72WX5 for <add@ietfa.amsl.com>; Thu, 8 Apr 2021 00:38:46 -0700 (PDT)
Received: from mx3.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BC513A3E16 for <add@ietf.org>; Thu, 8 Apr 2021 00:38:46 -0700 (PDT)
Received: from imap.open-xchange.com (imap.open-xchange.com [84.81.54.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx3.open-xchange.com (Postfix) with ESMTPSA id 41DD46A261; Thu, 8 Apr 2021 09:38:42 +0200 (CEST)
Received: from plato ([84.81.54.175]) by imap.open-xchange.com with ESMTPSA id Wu4mDwKzbmBcRgAA3c6Kzw (envelope-from <peter.van.dijk@powerdns.com>); Thu, 08 Apr 2021 09:38:42 +0200
Message-ID: <dc371c7284d3c05d07cf0a550b37f9a624d968c9.camel@powerdns.com>
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: ADD Mailing list <add@ietf.org>
Date: Thu, 08 Apr 2021 09:38:41 +0200
In-Reply-To: <CAHbrMsCM3pwu7zYVhVzCMKB37_gSMyb6KY3je3NVYQBAwt6kNg@mail.gmail.com>
References: <4613b8d0773d1ae5f806347bbce909fa74439886.camel@powerdns.com> <CAHbrMsCM3pwu7zYVhVzCMKB37_gSMyb6KY3je3NVYQBAwt6kNg@mail.gmail.com>
Organization: PowerDNS.COM B.V.
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.5-1.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/ee6R3g7UvtiDVPYbEwbjeIWKe7Q>
Subject: Re: [Add] questions about the Examples section of svcb-dns-02
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Apr 2021 07:38:50 -0000

Hi Ben,

thanks for that. Sadly, I still needed help from two other people to
understand how DoT over 853 came out of this set. (One of them
commented on your commit too.)

(For those reading along still confused, it's this bit:

        SVCB 1 @ alpn=h2,h3 dohpath=/dns-query{?dns}

Because it does not say 'no-default-alpn', it actually means
'alpn=dot,h2,h3' where the dot bit ignores the dohpath.)

I think this could be even more explicit in the draft (I'm happy to
think about some words for that) but I really wonder if the space
savings are worth the confusion at all.

On Wed, 2021-04-07 at 20:36 -0400, Ben Schwartz wrote:
> Thanks for the questions!  I've adjusted the text [1] to make the examples clearer.
> 
> DoT is the "default ALPN" in this draft, so unless it is explicitly removed (by no-default-alpn), it is present, and uses port 853 unless "port-..." is specified.  This is good for compactness but can be surprising, which is why I used that example.
> 
> I removed the "echconfig" from the examples, as that is not the focus of this draft (and isn't even mentioned in the text).
> 
> [1] https://github.com/bemasc/svcb-dns/commit/f61c70ed02b550613fdbb37d3171ab1e6d359e2c
> 
> On Wed, Apr 7, 2021 at 4:32 PM Peter van Dijk <peter.van.dijk@powerdns.com> wrote:
> > Hello Ben, and rest of WG,
> > 
> > https://tools.ietf.org/html/draft-schwartz-svcb-dns-02#section-8 has an
> > example RRset for a resolver, containing 3 SVCB RRs. This example is
> > very useful!
> > 
> > However, I have a few questions/comments about it:
> > 
> > (1) Can you reorder the bullet list to match the order in the RRset?
> > (i.e. put the TLS one second)
> > 
> > (2) I see one SVCB record (with priority 2) advertising a DoT server
> > (by leaving out the ALPN). It has port=8530. Yet, the text above says
> > there's DoT on 853 and 8530. Where does 853 come into play, if the
> > prio=2 SVCB record says port=8530?
> > 
> > (3) All three example RRs have an echconfig parameter. While I
> > understand it makes sense for an operator to be consistent in doing ECH
> > over all their offerings, it somewhat looks like everybody is expected
> > to do echconfig - perhaps it would be clearer to not have echconfig on
> > all three? Then, maybe clarify that it would in fact be better to have
> > it always, but say that the svcb-dns protocol does not demand it.
> > 
> > 
> > For (2) it's entirely possible I'm missing something - please let me
> > know. Thanks!
> > 

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

v2.23.0 | Report a Bug | By Email