IETF Logo Mail Archive

Re: [Add] New Version Notification for draft-schwartz-svcb-dns-00.txt

Ben Schwartz <bemasc@google.com> Sun, 09 August 2020 19:03 UTC

Return-Path: <bemasc@google.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F8423A0C48 for <add@ietfa.amsl.com>; Sun, 9 Aug 2020 12:03:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ow3yWg1uLrI8 for <add@ietfa.amsl.com>; Sun, 9 Aug 2020 12:03:19 -0700 (PDT)
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com [IPv6:2a00:1450:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 704A23A0C47 for <add@ietf.org>; Sun, 9 Aug 2020 12:03:19 -0700 (PDT)
Received: by mail-wm1-x32b.google.com with SMTP id k20so6378164wmi.5 for <add@ietf.org>; Sun, 09 Aug 2020 12:03:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TD5T3CBG/6V7cCX8qy1QxQIPn7rcEwzsDSpvXYfYpPY=; b=CoJNvnWyFQFUi6nbuMjD1xRMfKm05UaN2wIjurw3kjTakGqikDvQ4gQQ7mSs7fkaC2 +2JVjUNqBhx2bE89YPQpfvdDdtu0mUJpfQH9oGDxkBYhZw8hAkDuOaSsgapBGun3SEQo tr1rwOnxKDyC/n+uanIiRcT0KYrlNWRn3tZ/yV0wNDcD2R9AYU+yPDDkrLG24XJB/CHY AfOLBtuggy65//wA5/hYrrf5YuVzNkzQRcABQQVM1AmKJ4xoc0zL73cnueHLo+I+veKv pI4JEH9NYUmjiqxEiAYw3edpGtLsXYzZiE2skLTdSecaj9eXzNNaW3M2kA59CfMCfGTs TJ7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TD5T3CBG/6V7cCX8qy1QxQIPn7rcEwzsDSpvXYfYpPY=; b=A44uNqoqWRVDfMrJLT91pEXZH8j5hfv6hwwN0kpyMK7v5PPRhy4z9sJjsc88VIn2FD /lR2C6mGN37ZGGy2E984RouLeKs7QqZ6AMVj9+NUOvYc1YP4N5TsQuP0eISAZsCRhdG9 0E3blvsGnLMUYYN57GiZRVW/SRoXQDYQHYkwubxGAs4HIZTw/JiTrhJCj4BeO987c0o5 r+CB2PA1bbrqp0KsoBlMFLqhZCgqnaBIHgNnvl0PAFbbK24r9LSFYrcrflqRc7r5aPSX tem4DL9ynDEwvQKKXjGJKO8gUnTmh839raMlJXkIrnIqROwA0RzLQY7JZrqP/EoeSVFD lkcA==
X-Gm-Message-State: AOAM531weKJ4bXVjhM7N3mYIuHpm6kv9mbgKTlkbUHfcgpPK9eS02ns9 a3G/onY6Q8a1nxR43XyalmjqrandCgwtTcfziiVbJLGDbRY=
X-Google-Smtp-Source: ABdhPJzMHZ77BNFFIhVrTwF0vWYY6FsS80mFtpKl0dSI7pcDBAHdZC4FSLHmn2bNmq2bsjL4fGzMqUNn8yuSoK420t8=
X-Received: by 2002:a1c:a757:: with SMTP id q84mr21014292wme.1.1596999797573; Sun, 09 Aug 2020 12:03:17 -0700 (PDT)
MIME-Version: 1.0
References: <159656272783.7072.6229544475907348131@ietfa.amsl.com> <CAHbrMsDtFNDB5TDz=HNejVi_RMbq_8Q6=o6iW_gyDr=ggZjyNA@mail.gmail.com> <CAHbrMsDFXdw7uXZQeP48SR8_hQJqcVXx48EfKHLOdywG4D_dcg@mail.gmail.com> <CAMOjQcFosstQAWMihgcPve1khRLa0r0EQW9k+UAJ=gWwY5BSXw@mail.gmail.com>
In-Reply-To: <CAMOjQcFosstQAWMihgcPve1khRLa0r0EQW9k+UAJ=gWwY5BSXw@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Sun, 09 Aug 2020 15:03:05 -0400
Message-ID: <CAHbrMsBttuY2CN0G2=1_DVahF5s5MAU5nvdwaWxKSKSJ9yVk5Q@mail.gmail.com>
To: Eric Orth <ericorth=40google.com@dmarc.ietf.org>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000ac182105ac767d06"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/ksX8ARGP12VSaCmLRejNzSH7boE>
Subject: Re: [Add] New Version Notification for draft-schwartz-svcb-dns-00.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Aug 2020 19:03:22 -0000

On Fri, Aug 7, 2020 at 5:11 PM Eric Orth <ericorth=
40google.com@dmarc.ietf.org> wrote:

> I like the idea overall, but can you further explain the decision to use
> dns: URIs to describe DNS servers?
>

I wouldn't say that's what's happening here.

The SVCB/HTTPS record describes a way to perform connection establishment
when attempting to retrieve a resource by its URI.  (Use of a URI with SVCB
is recommended but not required.)  The SVCB draft only defines a mapping
for "http://" and "https://" URIs; this draft provides the mapping for
"dns://".

For both "https://" and "dns://" URIs, SVCB serves the same function: the
URI provides an authority, and SVCB provides some information on how to
enhance your connection to that authority, in pursuit of the indicated
resource.  Ultimately, the client must want to access some resource (i.e.
an HTTP resource or a DNS record, indicated by the URI's path in both
cases), or there's no need to connect to the authority at all.

In truth, I don't think the "dns: URI" part is really important here; it's
mostly just a nice conceptual framework for the draft.  The real question
is: if we distribute information in this form, will it work well as a
component of the systems we're trying to build?

Seems a bit funky since that URI scheme is designed for DNS data, not a DNS
> server.  What we want here seems to match more with just the optional
> "authority" section of a dns: URI.
>

Yes; this is the SVCB design generally.  Note that the "authority" section
is also optional in "https" URIs.

Do we need a new URI scheme for DNS servers? Wasn't there a recent proposal
> for that?
>

I believe those proposals are principally inspired by DNS Stamps
https://dnscrypt.info/stamps-specifications. With SVCB, the URI (normally)
identifies the authority by name, and the protocol is negotiated at
connection time.  With DNS Stamps, all protocol and connection parameters
are encoded into the URI itself.

I think the SVCB approach is more suitable for our purposes, because it
separates the simple, important question (who am I sending queries to?)
from the complicated, boring question (how do I perform connection
establishment?).  This is similar to HTTPS: I wouldn't want to encode QUIC
vs. TLS, or ECH public keys, into the HTTPS URI, where the info could get
out of sync or distract from the important question (who is the authority?).

On Tue, Aug 4, 2020 at 8:41 PM Ben Schwartz <bemasc=
> 40google.com@dmarc.ietf.org> wrote:
>
>> Moving DPRIVE and DNSOP to BCC to avoid cross-posting.
>>
>> On Tue, Aug 4, 2020 at 1:53 PM Ben Schwartz <bemasc@google.com
>> <bemasc@google..com>> wrote:
>>
>>> Hi ADD and DPRIVE,
>>>
>>> I've noticed three recent drafts that propose to use the SVCB format:
>>> draft-mglt-add-rdp, draft-tapril-ns2, and
>>> draft-pauly-add-resolver-discovery.  These drafts, across multiple
>>> working groups, consider distinct use cases and architectures, but they all
>>> propose using SVCB (in very different ways) to convey information about a
>>> DNS server that supports encrypted transport.
>>>
>>> In the interest of harmonizing these proposals, creating a solid
>>> foundation, and separating concerns, I've written a short draft that
>>> specifies _only_ a minimal SVCB mapping for DNS URIs*, and does not address
>>> any specific use case.
>>>
>>> I hope this draft can enable each of these proposals to focus more on
>>> their goals, and worry less about the SVCB encoding.  (It also serves as an
>>> interesting test of the SVCB design.)
>>>
>>> Please review,
>>> Ben Schwartz
>>>
>>> *SVCB is based on URIs like https://, so for a DNS mapping we start
>>> with dns:// URIs.
>>>
>>> ---------- Forwarded message ---------
>>> From: <internet-drafts@ietf.org>
>>> Date: Tue, Aug 4, 2020 at 1:38 PM
>>> Subject: New Version Notification for draft-schwartz-svcb-dns-00.txt
>>> To: Benjamin Schwartz <bemasc@google.com>
>>>
>>>
>>>
>>> A new version of I-D, draft-schwartz-svcb-dns-00.txt
>>> has been successfully submitted by Benjamin Schwartz and posted to the
>>> IETF repository.
>>>
>>> Name:           draft-schwartz-svcb-dns
>>> Revision:       00
>>> Title:          Service Binding Mapping for DNS URIs
>>> Document date:  2020-08-04
>>> Group:          Individual Submission
>>> Pages:          8
>>> URL:
>>> https://www.ietf.org/internet-drafts/draft-schwartz-svcb-dns-00.txt
>>> Status:
>>> https://datatracker.ietf.org/doc/draft-schwartz-svcb-dns/
>>> Htmlized:       https://tools.ietf.org/html/draft-schwartz-svcb-dns-00
>>> Htmlized:
>>> https://datatracker.ietf.org/doc/html/draft-schwartz-svcb-dns
>>>
>>>
>>> Abstract:
>>>    The SVCB DNS record type expresses a bound collection of endpoint
>>>    metadata, for use when establishing a connection to a named service.
>>>    DNS itself can be such a service, when the server is identified by a
>>>    hostname in a "dns:" URI.  This document provides the SVCB mapping
>>>    for name-based DNS URIs, allowing DNS servers to indicate support for
>>>    new transport protocols.
>>>
>>>
>>>
>>>
>>> Please note that it may take a couple of minutes from the time of
>>> submission
>>> until the htmlized version and diff are available at tools.ietf.org.
>>>
>>> The IETF Secretariat
>>>
>>>
>>> --
>> Add mailing list
>> Add@ietf.org
>> https://www.ietf.org/mailman/listinfo/add
>>
>

v2.23.0 | Report a Bug | By Email