IETF Logo Mail Archive

Re: [Add] DNR's SvcParams encoding

Tommy Pauly <tpauly@apple.com> Tue, 03 October 2023 15:42 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A878C151090 for <add@ietfa.amsl.com>; Tue, 3 Oct 2023 08:42:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nPB6LY9sGotr for <add@ietfa.amsl.com>; Tue, 3 Oct 2023 08:42:27 -0700 (PDT)
Received: from ma-mailsvcp-mx-lapp03.apple.com (ma-mailsvcp-mx-lapp03.apple.com [17.32.222.24]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C9D3C15257A for <add@ietf.org>; Tue, 3 Oct 2023 08:42:27 -0700 (PDT)
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by ma-mailsvcp-mx-lapp03.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S1Y00UVEMANB120@ma-mailsvcp-mx-lapp03.apple.com> for add@ietf.org; Tue, 03 Oct 2023 08:42:26 -0700 (PDT)
X-Proofpoint-GUID: IED_F9TH7VKuGlnhR5jIJ7pp8CJaWofI
X-Proofpoint-ORIG-GUID: IED_F9TH7VKuGlnhR5jIJ7pp8CJaWofI
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.619, 18.0.980 definitions=2023-10-03_12:2023-10-02, 2023-10-03 signatures=0
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 mlxlogscore=999 mlxscore=0 malwarescore=0 suspectscore=0 spamscore=0 bulkscore=0 adultscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2309180000 definitions=main-2310030117
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=brZx/1o+B3pcdGe67cFyKngzf52o4BvwDaiYCr7hVI4=; b=lLrCYoZZlkzruYZHbvN0JIqrnhopRarys/b2oPI8FXssNetfw97BMIjSm3a0a2nxiq8E 1dHcuhQG1Q1kTehgSa95CNjLJRJI7xEp9hOOX1iZjzWnrC6OvFV+H3qCz91AFmgXJl+b aJyYgHf/yJfrOga4uwiOhq8/rduCA+XFrtU6vNIvKNHZKwhlx52dLNVCUxYVL3W6W1N2 pFUw24J2Eku/k55ILL1d84ogB2gO3hDTKx4LHdxX2VNt0uJCxi8Heyfv/NgPsdALGSOZ Ot7vrqJ0KeCokKq11W2b3NyO/li30XdVQ+JqfEYVl1HciEAsPnBAiB2gmldWPKrI1q2l aQ==
Received: from rn-mailsvcp-policy-lapp01.rno.apple.com (rn-mailsvcp-policy-lapp01.rno.apple.com [17.179.253.18]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.23.20230328 64bit (built Mar 28 2023)) with ESMTPS id <0S1Y003WTMANE8J0@rn-mailsvcp-mta-lapp02.rno.apple.com>; Tue, 03 Oct 2023 08:42:24 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-policy-lapp01.rno.apple.com by rn-mailsvcp-policy-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.22.20230228 64bit (built Feb 28 2023)) id <0S1Y01000M0M9400@rn-mailsvcp-policy-lapp01.rno.apple.com>; Tue, 03 Oct 2023 08:42:23 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 5a5a377cdac8a399030085bbfc8e6f82
X-Va-E-CD: 004c19a72f894de9476ae464ba7f26b0
X-Va-R-CD: db69d370d320b60534fc38ac4c723f19
X-Va-ID: 07eae2bb-8b7b-4484-9a3f-b56d48757a3c
X-Va-CD: 0
X-V-A:
X-V-T-CD: 5a5a377cdac8a399030085bbfc8e6f82
X-V-E-CD: 004c19a72f894de9476ae464ba7f26b0
X-V-R-CD: db69d370d320b60534fc38ac4c723f19
X-V-ID: 53bde4d3-2334-4b00-b704-b340cbcb060b
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.619, 18.0.980 definitions=2023-10-03_12:2023-10-02, 2023-10-03 signatures=0
Received: from smtpclient.apple ([17.234.105.246]) by rn-mailsvcp-policy-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.22.20230228 64bit (built Feb 28 2023)) with ESMTPSA id <0S1Y00C02MANX110@rn-mailsvcp-policy-lapp01.rno.apple.com>; Tue, 03 Oct 2023 08:42:23 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <859A70AD-E1BF-40B1-94E3-8A605128DCD8@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_E6C05168-D3CE-4001-ABF2-FFA8F24CA0E4"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3774.100.2.1.4\))
Date: Tue, 03 Oct 2023 08:42:13 -0700
In-reply-to: <BN8PR15MB3281FC6DFBCA3281452B0F4AB3C4A@BN8PR15MB3281.namprd15.prod.outlook.com>
Cc: Erik Nygren <erik+ietf@nygren.org>, Dan Wing <danwing@gmail.com>, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, Paul Wouters <paul@nohats.ca>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, ADD Mailing list <add@ietf.org>
To: Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
References: <96a1960f-d65a-2a76-912e-f0bd086d4ff2@cs.tcd.ie> <21AC95A5-74D8-4B8C-B947-B34902C74E06@nohats.ca> <61554648-5A3A-4DEC-934B-7963ED9DE2FD@apple.com> <45EEA8F7-DA26-43E5-A5CB-BE81FAE5DD9C@gmail.com> <CAKC-DJiNAR+2wDt6XOo3Y3kXX_9kac61gLSKBQaDfM0YFLV-ag@mail.gmail.com> <DU2PR02MB101601552324D61B95AE8366188C4A@DU2PR02MB10160.eurprd02.prod.outlook.com> <BN8PR15MB3281FC6DFBCA3281452B0F4AB3C4A@BN8PR15MB3281.namprd15.prod.outlook.com>
X-Mailer: Apple Mail (2.3774.100.2.1.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/qM6a6BHqDmmGZfknLzcX2DMNovg>
Subject: Re: [Add] DNR's SvcParams encoding
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Oct 2023 15:42:31 -0000

I’m still unclear on why the DHCP server would have a simpler time dealing with the text format. Handling an opaque string or an opaque binary blob (the wire format) should be equally simple — just pass the value that is configured.

As a client implementor, I would have no intention of building a SVCB parameters text parser. The wire format is clearly the simpler and more efficient choice.

I am also very concerned by the suggestion that using the text format would be used to advertise parameters that are not yet assigned or described. There is already a private use range that exists, and we should not be pushing for experimentation that only works in DNR and not DDR or other SVCB uses.

Tommy

> On Oct 3, 2023, at 6:50 AM, Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org> wrote:
> 
> Hi Med,
> 
> You wrote:
> 
> Interoperability is even simplified between DHCP clients/servers as future svcparams can be conveyed using DNR without the need to wait of a number to be assigned by IANA for it. 
> 
> This strikes me as an argument against using text format here: it encourages shortcuts that bypass the standards process and create divergence between DNR and SVCB.
> 
> It's true that using text format on the wire probably simplifies the implementation of DHCP servers for DNR.  However, it increases the complexity of the system overall, because it requires the client to add a SVCB text-format parser that would likely not exist there otherwise.  DHCP servers, in contrast, are frequently integrated with a DNS server (e.g., as part of a split-horizon arrangement), which should contain a SVCB text format parsing library already.
> 
> --Ben Schwartz
> 
> From: Add <add-bounces@ietf.org <mailto:add-bounces@ietf.org>> on behalf of mohamed.boucadair@orange.com <mailto:mohamed.boucadair@orange.com> <mohamed.boucadair@orange.com <mailto:mohamed.boucadair@orange.com>>
> Sent: Tuesday, October 3, 2023 1:49 AM
> To: Erik Nygren <erik+ietf@nygren.org <mailto:erik+ietf@nygren.org>>; Dan Wing <danwing@gmail.com <mailto:danwing@gmail.com>>
> Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org <mailto:tpauly=40apple.com@dmarc.ietf.org>>; Paul Wouters <paul@nohats.ca <mailto:paul@nohats.ca>>; Stephen Farrell <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>>; ADD Mailing list <add@ietf.org <mailto:add@ietf.org>>
> Subject: Re: [Add] DNR's SvcParams encoding
>  
> This Message Is From an External Sender 
> Hi Erik, 
>  
> Please see inline. 
>  
> Cheers,
> Med
>  
> De : Add <add-bounces@ietf.org <mailto:add-bounces@ietf.org>> De la part de Erik Nygren
> Envoyé : mardi 3 octobre 2023 03:05
> À : Dan Wing <danwing@gmail.com <mailto:danwing@gmail.com>>
> Cc : Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org <mailto:tpauly=40apple.com@dmarc.ietf.org>>; Paul Wouters <paul@nohats.ca <mailto:paul@nohats.ca>>; Stephen Farrell <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>>; ADD Mailing list <add@ietf.org <mailto:add@ietf.org>>
> Objet : Re: [Add] DNR's SvcParams encoding
>  
> I'm not sure I follow why the presentation format is needed for this?  The SVCB specification already allows for this with the keyNNN syntax.
> Even if the DHCP server doesn't support a new service parameter key it can still be specified in presentation format in keyNNN=<encoded_value>.
>  
> [Med] Sure, and this is what the current DNR and IKE-DNR are doing. New service parameters can be conveyed easily mainly because we don’t require any conversion from the parameter label to an integer (as in the wire format). Interoperability is even simplified between DHCP clients/servers as future svcparams can be conveyed using DNR without the need to wait of a number to be assigned by IANA for it. We soften as much the dependency on underlying DHCP libraries, without complexifying required configuration tasks for DNR and IKE-DNR operators.
>  
> (In early design stages of SVCB we considered having something more unified such as using CBOR but then landed on the specified mechanism instead with the separate presentation format and wire format since that is more consistent with what the rest of DNS does.)
>  
>    Erik
>  
>  
> On Mon, Oct 2, 2023 at 8:00 PM Dan Wing <danwing@gmail.com <mailto:danwing@gmail.com>> wrote:
> The goal of spec'ing presentation format was to allow new Service Parameter Key to be defined and deployed without needing support in the DHCP server.  I agree a BASE64-encoded blob containing the service parameter would also get us there -- somewhat akin to how DHCP servers have long handled new DHCP option numbers until the DHCP server was upgraded to support the new option number.   But we would need a tool to create that BASE64 blob.  Maintaining the BASE64 blob would be a pain as it can't be read or verified directly, and (depending on the wire format) may also need a tool to convert from binary to human-readable text.  This operational effort will likely cause network operators to wait until their DHCP server has native support for a new Service Parameter.
>  
> -d
>  
>  
> 
> 
> On Oct 2, 2023, at 2:06 PM, Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org <mailto:40apple.com@dmarc.ietf.org>> wrote:
>  
>  
> 
> 
> On Oct 2, 2023, at 1:50 PM, Paul Wouters <paul@nohats.ca <mailto:paul@nohats.ca>> wrote:
>  
> On Oct 2, 2023, at 16:27, Stephen Farrell <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote:
> 
> 
> 
> Hiya,
> 
> I don't really have an axe to grind here but fwiw think Erik
> and earlier posts on the same line are correct about this.
> 
> I was thinking the reverse. I agree dhcp servers on small routers shouldn’t be forced to convert configuration file syntax which has to be in presentation mode, into wire format dns.
>  
> Why should we be asking them to convert? Can we just configured them with the binary version (as base64 or something)?
>  
> Tommy
> 
> 
> 
> Paul
> 
> 
> 
> Cheers,
> S.
> 
> 
> On 02/10/2023 20:29, Erik Nygren wrote:
> Lots of ambiguity issues start showing up if we include the presentation
> format, as well as interop issues which are primarily addressed through the
> wire format but not as clearly in the presentation format.  Some of these
> also open up potentials for security vulnerabilities.
> If we were to expect clients to interop by sending messages in presentation
> format there are likely sets of design and security considerations which
> we'd need to address which aren't addressed in the draft(s).
> As an example, that "key1=\1522" and "alpn=h2" are the same thing and both
> valid seems like a horrible thing to have to put into DHCP clients.
> I'd be strongly in-favor of clarifying/fixing this to use wire format even
> if it means delay in getting the cluster out.  (We should probably have the
> drafts be clear that this is "wire format" in their text as well, not just
> give a section reference.)
> <OpenPGP_0xE4D8E9F997A833DD.asc>
> --
> Add mailing list
> Add@ietf.org <mailto:Add@ietf.org>
> https://www.ietf.org/mailman/listinfo/add
> 
> -- 
> Add mailing list
> Add@ietf.org <mailto:Add@ietf.org>
> https://www.ietf.org/mailman/listinfo/add
>  
> -- 
> Add mailing list
> Add@ietf.org <mailto:Add@ietf.org>
> https://www.ietf.org/mailman/listinfo/add
>  
> -- 
> Add mailing list
> Add@ietf.org <mailto:Add@ietf.org>
> https://www.ietf.org/mailman/listinfo/add
> ____________________________________________________________________________________________________________
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> 
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
> -- 
> Add mailing list
> Add@ietf.org <mailto:Add@ietf.org>
> https://www.ietf.org/mailman/listinfo/add

v2.23.0 | Report a Bug | By Email