Re: [DNSOP] SVCB proposals
Tommy Pauly <tpauly@apple.com> Thu, 18 February 2021 17:11 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 249563A1487; Thu, 18 Feb 2021 09:11:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.667
X-Spam-Level:
X-Spam-Status: No, score=-2.667 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qhw8dqBogUHN; Thu, 18 Feb 2021 09:11:52 -0800 (PST)
Received: from ma1-aaemail-dr-lapp03.apple.com (ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1191E3A1486; Thu, 18 Feb 2021 09:11:51 -0800 (PST)
Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.42/8.16.0.42) with SMTP id 11IH2Qv1045623; Thu, 18 Feb 2021 09:11:50 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=9aU4txjLi32ITSOCC6KIr6JkuMJtdg2gpfFnDze8fYQ=; b=FHO/9PYvO4ZpJZZpe/Ccl/ddkni27Y/zxKpKUbpbFEb5uA0XowzWApEHHCyuySsOjSUp 2SxO6lMXLXZTPANxuRIk0Qe+pydL3kMqpncyWr0xa0YbTrk8VztRxcpEIP/FM3rj5sn3 3jBEmp/XopjXrrxoqpue1ipSbJLuTmTxnsi/IXLlevc6fedK54R3bQstpi+2t2jyIgcD wOAGkF5U4xBtF67aTqMks2nDTY32kPB140vYRGq7oRHGpa5Vg9io6hUlksC4uJAAsysa dCPf4vdLlpE9mO+REDLn+vWp57Tvzhq5etFC78EaygM3S/2ARt5XZEflAcq5kE+YbrU2 YA==
Received: from rn-mailsvcp-mta-lapp03.rno.apple.com (rn-mailsvcp-mta-lapp03.rno.apple.com [10.225.203.151]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 36pen1dhy4-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 18 Feb 2021 09:11:50 -0800
Received: from rn-mailsvcp-mmp-lapp02.rno.apple.com (rn-mailsvcp-mmp-lapp02.rno.apple.com [17.179.253.15]) by rn-mailsvcp-mta-lapp03.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPS id <0QOQ00QXTIFQCOE0@rn-mailsvcp-mta-lapp03.rno.apple.com>; Thu, 18 Feb 2021 09:11:50 -0800 (PST)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp02.rno.apple.com by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) id <0QOQ00U00IAMOY00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Thu, 18 Feb 2021 09:11:50 -0800 (PST)
X-Va-A:
X-Va-T-CD: e72da815dcb01dab2f988f94f1719970
X-Va-E-CD: 2a1a0df16203cc721e9b718f593f0b1e
X-Va-R-CD: f575dd37464b8124b1f18d2e80e87f12
X-Va-CD: 0
X-Va-ID: 7a3d9bcb-6ed7-4baf-b725-fb9bcf695f95
X-V-A:
X-V-T-CD: e72da815dcb01dab2f988f94f1719970
X-V-E-CD: 2a1a0df16203cc721e9b718f593f0b1e
X-V-R-CD: f575dd37464b8124b1f18d2e80e87f12
X-V-CD: 0
X-V-ID: d27b926e-d179-4bee-8c70-9828ac6cfb35
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-02-18_08:2021-02-18, 2021-02-18 signatures=0
Received: from smtpclient.apple (unknown [17.11.79.110]) by rn-mailsvcp-mmp-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.7.20201203 64bit (built Dec 3 2020)) with ESMTPSA id <0QOQ005NXIFPRE00@rn-mailsvcp-mmp-lapp02.rno.apple.com>; Thu, 18 Feb 2021 09:11:50 -0800 (PST)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <7FD33EEC-1484-48E1-A60F-E030E7E81198@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_8D9F917E-420E-471A-9037-8436D9FBFC8F"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.80.0.2.6\))
Date: Thu, 18 Feb 2021 09:11:49 -0800
In-reply-to: <CAHbrMsCJ1AE2D8TL=q2STq0MpFYFLpuF8CFQKiSzhwi+TqdOyA@mail.gmail.com>
Cc: dnsop <dnsop@ietf.org>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
References: <CAHbrMsCJ1AE2D8TL=q2STq0MpFYFLpuF8CFQKiSzhwi+TqdOyA@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.80.0.2.6)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-02-18_08:2021-02-18, 2021-02-18 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8dlcabNEfzBmIpGTyUYL6wpnM_8>
Subject: Re: [DNSOP] SVCB proposals
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2021 17:11:55 -0000
Hi Ben, Thanks for the work on the SVCB draft! It’s in really good shape, in my opinion. I’ve commented on these three PRs, but I’ll share my thoughts here as well. > On Feb 18, 2021, at 7:36 AM, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote: > > The SVCB/HTTPS RR draft is nearing completion, but there are a few remaining topics on which the authors would appreciate feedback from the working group. Personally, I've written up three proposed changes that would benefit from broader input. Please share your thoughts. > > 1. Change IANA policy to Specification Required > (https://github.com/MikeBishop/dns-alt-svc/pull/262/files <https://github.com/MikeBishop/dns-alt-svc/pull/262/files>) > > The current proposed IANA policy for SvcParamKeys has allocatable ranges under three different policies ("Standards Action", "Expert Review", and "First Come First Served"). This is very flexible and enables experimentation, but creates compatibility risk: a FCFS SvcParamKey could be allocated without a clear specification of its zone file syntax, leading to zone file portability issues. > > This proposal would replace all these ranges with a uniform Specification Required policy. The required documentation is minimal: it is only required to describe the zone file format. I disagree with the rationale behind this change. I totally agree that we should have a clear zone file syntax, but based on RFC 8126 that defines the various buckets, FCFS registrations can have requirements for well-formatted entries with registry-specific requirements. We can mandate that the registration have a clear zone file syntax, without needing to be Specification Required. Specification Required requires expert review and is a heavier-weight process than what we necessarily need for an experimental range. The documentation that’s needed is minimal: the value, the name, and the zone file format. These can be entries directly in the registry, and will make the registry a more useful resource. > > 2. Skip the default port prefix > (https://github.com/MikeBishop/dns-alt-svc/pull/230/files <https://github.com/MikeBishop/dns-alt-svc/pull/230/files>) > > Using SVCB with a new protocol requires the initial QNAME to end with _(scheme).$HOSTNAME. The current text suggests (non-normatively) to add _$PORT for endpoints that are identified by a port number. This turns out to be inelegant for protocols that almost always use the default port. For example, in the DNS mapping (draft-schwartz-svcb-dns), this would correspond to names like "_53._dns.resolver.example". > > This proposal would change the guidance to skip the port prefix when starting with the default port (like "_dns.resolver.example"). This is a good change. Ship it! > > 3. Add a SHOULD-level chain length limit for zone owners > https://github.com/MikeBishop/dns-alt-svc/pull/294/files <https://github.com/MikeBishop/dns-alt-svc/pull/294/files> > > Constructing huge chains of CNAME and AliasMode records is clearly a bad idea, but how huge is too huge? This change suggests not to use more than 8. This doesn't change the requirements for resolvers (which are free to impose any limit greater than zero) but it might help us to converge on common behavior. This seems like a sensible change. I think the recommendation could be less that 8, but it shouldn’t be more. Leaving this at 8 seems fine. Best, Tommy > > --Ben Schwartz > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] SVCB proposals Ben Schwartz
- Re: [DNSOP] SVCB proposals Tommy Pauly
- Re: [DNSOP] SVCB proposals Ben Schwartz