Re: [DNSOP] SVCB proposals
Ben Schwartz <bemasc@google.com> Thu, 18 February 2021 18:19 UTC
Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E75713A151A for <dnsop@ietfa.amsl.com>; Thu, 18 Feb 2021 10:19:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A9y0aTMqa6QQ for <dnsop@ietfa.amsl.com>; Thu, 18 Feb 2021 10:19:36 -0800 (PST)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02A223A1517 for <dnsop@ietf.org>; Thu, 18 Feb 2021 10:19:35 -0800 (PST)
Received: by mail-io1-xd30.google.com with SMTP id s24so2993744iob.6 for <dnsop@ietf.org>; Thu, 18 Feb 2021 10:19:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=T/mFG3ZZ+7ZWKjAx5q3DO+d0SFF6lwJRNy9nNWTwnPo=; b=jiAUZdfZp/Xbk4t9GUK9XdOtnGPIhCxjcSVBmsng8SgrORHO6dAqSbzmFMtY3auHSq hWUYAMACkAR3zeCsVlRtf502uk8LSUOf19HrtKs3nBzdCY5yw4g5fawHQqA4Y1VCYe2i HK445bSQoeT8R6f8Hd3OotSIkPuASM+iTegygMERdyTWd/lIib118703dIIANsRnaLc2 b54ibOV9G4TB37REFLA8VrmZMdAcDF78c/ZjcNQKlUqWLVM4cT4qihuKFBoyIL8U4J9r Xod9hSpbl4YNQX70NCb46ap+UErJybv3vP/DJY/+TRFJMqkdZICSeFIS8FQneyJraqtC fPdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=T/mFG3ZZ+7ZWKjAx5q3DO+d0SFF6lwJRNy9nNWTwnPo=; b=sDImQm8QPGP6oKjy5ELIHALr44RVb25DL56cXc/9nNZhuFgFrVjrpeXJEYTBJAzVOb cQXFY6vu318cfixlE/DIG1YUgCVod5KMN03PuJ8pSHu0aQ78x4+O8ooAhWRC9GAsE9Dn z105hux7opWQoJLDW7ymzr6sWJk5UZ/q0Xp9uUq28kdUEgxrwVGePjAedLOamZ/LaMlt ohCUsvfiDt2FCgaSyhkCGlh5ZUkhqKoJ8KWxrapFzoieXP3rDroe/+K/gtIdyDyVxGHD /Zi/FfGzo4j3jnJZ+DLHChpTOTy2J2gNQI2oTf+eMxBLE1hlCJzF5Yzx5VVKOxLqmKx8 8gRg==
X-Gm-Message-State: AOAM531dlQkL6u3HG4ABIZvUFi6mJVi9NEhxyO5w/4vbpAT+33V3G+L/ hIFewI5ZJbfdXRTD613mi5+hu+M0r9WikXERb8D0ckMecKKOUw==
X-Google-Smtp-Source: ABdhPJzkRWnRd0nXXvHLOWCJMP1eaFZlvKBFkD57wo/9O97J8GekCt59Y6X4DGaXs5W7TadJgS0bV3PddP/D/EjSRhg=
X-Received: by 2002:a05:6602:24cb:: with SMTP id h11mr351902ioe.79.1613672374804; Thu, 18 Feb 2021 10:19:34 -0800 (PST)
MIME-Version: 1.0
References: <CAHbrMsCJ1AE2D8TL=q2STq0MpFYFLpuF8CFQKiSzhwi+TqdOyA@mail.gmail.com> <7FD33EEC-1484-48E1-A60F-E030E7E81198@apple.com>
In-Reply-To: <7FD33EEC-1484-48E1-A60F-E030E7E81198@apple.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 18 Feb 2021 13:19:23 -0500
Message-ID: <CAHbrMsDyRPi-SrvrujcQsOx66Zy+tp1aSFEixOr4JgE-QmejfQ@mail.gmail.com>
To: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000b6746a05bba06031"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-h8Jsudk-enDOaJX77Mt9JbfjCw>
Subject: Re: [DNSOP] SVCB proposals
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2021 18:19:39 -0000
On Thu, Feb 18, 2021 at 12:11 PM Tommy Pauly <tpauly= 40apple.com@dmarc.ietf.org> wrote: > Hi Ben, > > Thanks for the work on the SVCB draft! It’s in really good shape, in my > opinion. I’ve commented on these three PRs, but I’ll share my thoughts here > as well. > > On Feb 18, 2021, at 7:36 AM, Ben Schwartz < > bemasc=40google.com@dmarc.ietf.org> wrote: > > The SVCB/HTTPS RR draft is nearing completion, but there are a few > remaining topics on which the authors would appreciate feedback from the > working group. Personally, I've written up three proposed changes that > would benefit from broader input. Please share your thoughts. > > 1. Change IANA policy to Specification Required > (https://github.com/MikeBishop/dns-alt-svc/pull/262/files) > > The current proposed IANA policy for SvcParamKeys has allocatable ranges > under three different policies ("Standards Action", "Expert Review", > and "First Come First Served"). This is very flexible and enables > experimentation, but creates compatibility risk: a FCFS SvcParamKey could > be allocated without a clear specification of its zone file syntax, leading > to zone file portability issues. > > This proposal would replace all these ranges with a uniform Specification > Required policy. The required documentation is minimal: it is only > required to describe the zone file format. > > > I disagree with the rationale behind this change. I totally agree that we > should have a clear zone file syntax, but based on RFC 8126 that defines > the various buckets, FCFS registrations can have requirements for > well-formatted entries with registry-specific requirements. We can mandate > that the registration have a clear zone file syntax, without needing to > be Specification Required. Specification Required requires expert review > and is a heavier-weight process than what we necessarily need for an > experimental range. > > The documentation that’s needed is minimal: the value, the name, and the > zone file format. These can be entries directly in the registry, and will > make the registry a more useful resource. > To be precise, the specification must explain how to convert from zone file format to wire format. In some cases, this could be very simple, but I wonder if even trivial cases are compact enough to encode _inside_ an IANA registry entry. Do you know of any registry that is structured this way today? Also, using a registration policy of First Come First Served, where one of the required attributes is a specification, seems like an end-run around IANA's standard procedures for no clear reason. I would appreciate input from anyone with more IANA experience on how this ought to work. I think we largely have agreement on the intended policy here, and are looking for the right way to encode it as an IANA instruction. In particular, I think we should make it very easy to define new SvcParamKeys that reuse the presentation format of an existing SvcParamKey. I note that there are several older registries (e.g. [1],[2]) whose policy is given as "First Come First Served with specification" or similar, despite no such option being listed in RFC 8126 or its predecessors. (Notably, many of the entries in [1] appear to lack such a specification, despite the registry's documented policy.) [1] https://www.iana.org/assignments/aaa-parameters/aaa-parameters.xhtml#aaa-parameters-47 [2] https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml#ldap-parameters-8
- [DNSOP] SVCB proposals Ben Schwartz
- Re: [DNSOP] SVCB proposals Tommy Pauly
- Re: [DNSOP] SVCB proposals Ben Schwartz