IETF Logo Mail Archive

Re: [DNSOP] port number in HTTPSSVC

Erik Kline <ek.ietf@gmail.com> Fri, 03 January 2020 20:01 UTC

Return-Path: <ek.ietf@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 244DA120130 for <dnsop@ietfa.amsl.com>; Fri, 3 Jan 2020 12:01:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fZeRy05Q5dAd for <dnsop@ietfa.amsl.com>; Fri, 3 Jan 2020 12:01:17 -0800 (PST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DE59120808 for <dnsop@ietf.org>; Fri, 3 Jan 2020 12:01:17 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id l8so42530714edw.1 for <dnsop@ietf.org>; Fri, 03 Jan 2020 12:01:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=udQsiN8MqcvmOAmBSHIdyoglcfGEIpfjOu1HoAKAvTg=; b=djXvrtYUj2y7MNA4UXuFb7tKBz7Q6bC+IgaVoc+u0AnPPMRZRC4SLDV78NER2f6R6k MCI2v3dCnbzkyH7+Ok7pF5dwFXpn293+KcQexnVg6K+IX8Dd1XH7eGIEVeT3SqTiUcJZ bzdBkuFV24i+xEr457oM+Ih4bc8mtBJ8ht+z+C/ZtBrBWZmiB65Wh8zMif8yMdJUbERA +zciu+DV0A6dNFXy7gqb9yUp0wV3zY7kABsYEBYmW0fkhiNBZdcinwnzZoANNYugkQ/2 sEnxCigzB+BnWlNRogbE9xH4fyWGLwSk/H+kdbLuMz6UBMN9bY7FZtVK8nAoHcpFAd7e 3lbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=udQsiN8MqcvmOAmBSHIdyoglcfGEIpfjOu1HoAKAvTg=; b=KMFan+1Q/bN+zeuWggt/tb+4z+5BPoFAf3HroXnvyGC74+zaFnonApXdVTGcKIxXBu nz2befiR17wpBvnBAGTcp3zXjy4mu4H1uWbaMiq7v+w5nnWU2EQzt2AG1aFkPFEuziM/ RL21NwLruDwmol+CMU/+s3KlFTgJpBei4yVpMB83kqa7jgZ3cOmk9gcHvQpAgfT3Pein GWVTTdRuKgJDsl+0DMMURJKs3Dk+uyd5REUQCgcwsYUYtELyZpzHwcGrRuRMzMfiRTea fTENbC7raH5Xqo7zZcC0qtqxg2BCGWehiCB74A4/1VoHFOXB8rm5blxge/caT4LgSgx2 8r8w==
X-Gm-Message-State: APjAAAXQR4j2rEXOQvfD7hmOa/R7nkFNkcbsgcaZNc5Bje766/r1/MEU D1rc45nWWmanxawmSDsAxRkoDlfIITYWDp6RoEK0eg==
X-Google-Smtp-Source: APXvYqyquc57R97qYWAAtxr68Nm79/9UrWk7AYWiSchrpeunlxKk7GQuiW5DLLQ+IeKiI0zx7JnBGSBfyus2sAKavzE=
X-Received: by 2002:a17:906:22cf:: with SMTP id q15mr92875179eja.77.1578081675807; Fri, 03 Jan 2020 12:01:15 -0800 (PST)
MIME-Version: 1.0
References: <1880498.g4XWyb2Ovm@linux-9daj> <CAHbrMsCcokTmgFgyiDRXvLndmzs9nsJayg11az27xSOFnK0ozw@mail.gmail.com>
In-Reply-To: <CAHbrMsCcokTmgFgyiDRXvLndmzs9nsJayg11az27xSOFnK0ozw@mail.gmail.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Fri, 03 Jan 2020 12:01:04 -0800
Message-ID: <CAMGpriX=KNhEBO7AxCi+AQTJs4LV1USWmeJuGidTX7gFtFewRA@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: Paul Vixie <paul@redbarn.org>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b69062059b41c517"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/05rlZWdaYMJLdZTKdl_tV4OIHpA>
Subject: Re: [DNSOP] port number in HTTPSSVC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2020 20:01:27 -0000

I think removing port number flexibility might unduly constrain some data
center use cases where service reachability might not have the more common
443-only limitations.

On Fri, Jan 3, 2020 at 11:33 AM Ben Schwartz <bemasc=
40google.com@dmarc.ietf.org> wrote:

> HTTPSSVC co-editor here.
>
> The effect of this change seems similar to deprecating support for
> non-default ports in HTTP/3.  While I have some misgivings about the
> handling of non-default ports in HTTPS, I would want to see consensus in
> the HTTP and QUIC working groups before making this change.
>
> I would suggest sending your proposal to those lists, and we can adjust
> the HTTPSSVC draft based on their conclusions.
>
> On Fri, Jan 3, 2020 at 1:24 PM Paul Vixie <paul@redbarn.org> wrote:
>
>> in SRV we added a port number to the rdata because the /etc/services file
>> was
>> painful to keep globally updated. SRV was protocol independent.
>>
>> HTTPSSVC is protocol specific, and when it copied SRV, it included the
>> port
>> number in the rdata, which i think is both unnecessary and error-prone.
>>
>> managed private networks who want to permit outbound HTTP/3 are going to
>> add a
>> rule like "if the far end port number is 443, add a stateful rule".
>> anyone who
>> uses the port number field (if it exists) in HTTPSSVC to specify a
>> different
>> port number is going to suffer, as will many of the clients trying to
>> access
>> that service.
>>
>> i suggest that the port 443 assumption for HTTP/3 be baked in, and that
>> this
>> field be removed from the HTTPSSVC rdata.
>>
>> --
>> Paul
>>
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email