Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Ben Schwartz <bemasc@google.com> Tue, 27 April 2021 20:32 UTC

Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5AAE03A1F5B for <dnsop@ietfa.amsl.com>; Tue, 27 Apr 2021 13:32:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JELaYBnA83-p for <dnsop@ietfa.amsl.com>; Tue, 27 Apr 2021 13:32:18 -0700 (PDT)
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F21C3A1F57 for <dnsop@ietf.org>; Tue, 27 Apr 2021 13:32:18 -0700 (PDT)
Received: by mail-wm1-x32a.google.com with SMTP id o21-20020a1c4d150000b029012e52898006so7517506wmh.0 for <dnsop@ietf.org>; Tue, 27 Apr 2021 13:32:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gr9O34TJIQEY5YIX2dJxS/oQqT/UebSEX7Jp96o2F+I=; b=JPQ/6Y33ImKlyIFyruYd3qY7ccbfiv+QyhXizT5+YC00YYmJp71rHhAHcYWDOct0Vl isDdvUUsQuDSvH+99rvOR5aggvVaPZYQCmO6AvEBMcIy3jKBMCsC+UgN1SH28QlOqJ4c 85FrxPq8cTgEn+1zdWr9THWvin/m+Yozfd+G1D5pqedPKXDk1x7Ir1Wjy8pekEluFbdY UDjD96ZdgKke0rA1A04u6ENoESms3X7M7Mwj98h5rAd+Sx2Oi/p10EjDH9byvi39nEeJ 9U6BFT/WqZyMXMfdNRaiN55WGRHc4NtIWV8cqnz7uvuLw1u1uI9g26DOcdj23jfEoLYD wviA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gr9O34TJIQEY5YIX2dJxS/oQqT/UebSEX7Jp96o2F+I=; b=S/LlKmTFGFwpNBmbnKm2gNdNUoED/oDffBE3SiVWJrw5Ifo55UrIMYNTRi/6JjipHg xv5j3v/jgiiECjlBkxFq3g7Yj4CjfjULoPbPBqWjDVpptseqmxJEnG92BONU7qxXJCjZ 7qYnRVaIO4vUzJSQmgbzmpT/VXx3PsZDWHeHTwLn9+iMO3/VUsTlRIKdGZbc73zPG1D4 6MurkN0vp7jrSHAaNaOQ8ke4v7+lRWXZVGG8ky6BjhOSjWccymdNW3XcYJ5Dgr1iFLT3 Gq7DYyKnmFxU877xxQDu3ybRU8oTDoOH9uLQ9Y/D3q8T63ykmO49vAT8kQzZFs4U/V7Y lJbQ==
X-Gm-Message-State: AOAM530bGsynZVM0yUivdTphsmhqRXhF4OUtu3T6OxggRFCf0eD4klMU 4xzn9sOqQIxlZg3rpm3Bdu/u4RfkvUhxMcDYxYVHBA==
X-Google-Smtp-Source: ABdhPJxQP3rHkhTVnheeUb136Rwm6MSyx5kxN2Oh3yG/RGZHauhmj7hLNZyT0L+V5fi4vHN9LXjV3s2SCCH3w5mR+sQ=
X-Received: by 2002:a05:600c:4282:: with SMTP id v2mr74755wmc.101.1619555535309; Tue, 27 Apr 2021 13:32:15 -0700 (PDT)
MIME-Version: 1.0
References: <161901308063.21005.875603362157576926@ietfa.amsl.com> <CAHbrMsA4TMfE+3LAT+un0FF3DGXKsYB1zAtvUwf2YKr97mJ+sQ@mail.gmail.com> <87B615B4-9CA3-4060-93C2-E4B953C11FB2@akamai.com> <CAHbrMsDaqrQ+XDO4z395tC_yOH4MBH8OmoH8zTXWEHfcDC1+Ew@mail.gmail.com> <6245BB4F-4E2F-435F-ABC0-18C0420C8541@akamai.com> <CAHbrMsDGq0usDiqr0HtbFCR4Y8swtyv_0i7UOFf=C_ExW+0FNQ@mail.gmail.com> <303AD4A1-A9BE-4C31-B730-7B4D42587206@akamai.com> <CAHbrMsCj8OToEhjo7O0YkW4WGosGK7stBYTneYHUoX_KckY7Uw@mail.gmail.com> <80539395-F1F6-4BA1-8AFF-667DDF7604B1@icann.org>
In-Reply-To: <80539395-F1F6-4BA1-8AFF-667DDF7604B1@icann.org>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 27 Apr 2021 13:32:03 -0700
Message-ID: <CAHbrMsAC3Mb+e18Gv361XnCU3kBOWqCbUXPujuuqOULh4e-v=g@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000068c75805c0fa2806"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5Bj2mQgPETFIM3wKj1ZMPhGBBkM>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2021 20:32:23 -0000

On Wed, Apr 21, 2021 at 1:18 PM Paul Hoffman <paul.hoffman@icann.org> wrote:

> On Apr 21, 2021, at 12:51 PM, Ben Schwartz <bemasc=
> 40google.com@dmarc.ietf.org> wrote:
> >
> > Here's a proposed text change that I hope can satisfy both of our
> requirements: https://github.com/MikeBishop/dns-alt-svc/pull/319
> >
> > The key sentence is:
> >
> > To ensure compatibility with complex SvcParam specifications, recursive
> resolvers MAY validate the values of recognized SvcParamKeys, but MUST NOT
> reject the record on this basis unless a value is obviously invalid.
>
> Obvious to whom? "I know it when I see it" is not a good way to make
> standards. Also, validating SvcParamKeys does not ensure compatibility with
> complex SvcParam specifications.
>
> A different, simpler proposal:
>
>    Recursive resolvers MAY validate the values of recognized SvcParamKeys
>    in a record, and MAY reject records with invalid SvcParamKeys.


I've updated the PR to say this:

Recursive resolvers MAY validate the values of recognized SvcParamKeys and
reject records containing invalid values. However, for complex value types
whose interpretation might differ between implementations (e.g. URIs),
resolvers SHOULD limit validation to basic sanity checks.