[DNSOP] unsolicited HTTPSSVC responses
Eric Orth <ericorth@google.com> Tue, 26 May 2020 19:43 UTC
Return-Path: <ericorth@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34C843A0F86 for <dnsop@ietfa.amsl.com>; Tue, 26 May 2020 12:43:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xZfenH3ibYN5 for <dnsop@ietfa.amsl.com>; Tue, 26 May 2020 12:43:41 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C131B3A0F85 for <dnsop@ietf.org>; Tue, 26 May 2020 12:43:40 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id q11so9527920wrp.3 for <dnsop@ietf.org>; Tue, 26 May 2020 12:43:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=t2zPbXOf7zhBnr3Js3qWazvOxjlqnIbh1OLWCuymAe0=; b=MRxv+ATvIu41vhEE+NpwB1VOq/Okr6TqqZqORHkHQQQrjmCENx+9MwAKXQu0GRIZqX lfgntz77VKD2q9hAZIONZK3/WLtKlrjzOJq/I9ssL+MQ71zw1juBlK2s81DbReeZBOwp vBXsDuB5OkDhC/2LeJUeru7iJSkZwLIVVepwvKTq8gNNOtZit6uo02GO7kbnh9oZ15aD jFgktRNPX/qoQYfHcxLFRmJKVpHmGk9sNo7n8B+s/rE2h1pEPc2xHPFbyzvab6SuP4PX qdc7XlSgG7oaLKCHRGA/tUHR5K5vayZ06vexDLbDAli1FQJTycgjQwq17Z/ikS78BVgY cxJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=t2zPbXOf7zhBnr3Js3qWazvOxjlqnIbh1OLWCuymAe0=; b=Y9dIIlpjqDNQ57Tfb5qfyZ2bp1JbK38GNwf1dSMuyDmHyQ/6b5m5Q3pDyyrsPHP8b9 sKcC5mBGIWEagzHeaBmXvXeab7qGNv5AAZHP5YiLxhEAzSxEtmXJBIMkxY9a5VFtwv5V V6KhpYtzAu+qyt/Dwu5sWSjy47VIJi9PXOmaGRm+fUygG+Fm0FggxPVRSS8hQj5uYOiD xfS79vIdoyPHsT1ui1tDGg+GraZRG95srFSw3aDg0CwhgrLh6Qaz3DEgEzWVKRY522rj jTSuk+KSL9sgKXSdnr/zkb7pD1T/fC2nbbP/m7EOWWsE+gdHzKVZXzFdIFaxzZuc6Gw9 YwsA==
X-Gm-Message-State: AOAM533bl5XFG4glHRNCpfM6/Fd2h0j7PQILqjaQqcoe7ohvq3KEHGUv Wkkdqc240CoNUiQFo1ZQCA2tW5i49BXxQD9Ye4PTttgp
X-Google-Smtp-Source: ABdhPJxbgADxl3LNp+Vkh24iSHEEDescdzqxYdrkYdr5lWjZ4oqdU1MCOs/wRFr7+fGpuv8eebGUXysi1+GATpXP4Ug=
X-Received: by 2002:adf:ab4e:: with SMTP id r14mr10645684wrc.147.1590522218666; Tue, 26 May 2020 12:43:38 -0700 (PDT)
MIME-Version: 1.0
From: Eric Orth <ericorth@google.com>
Date: Tue, 26 May 2020 15:43:27 -0400
Message-ID: <CAMOjQcHAKC6ge2te8eqPz3JFmmLrpBoTSt2yKKxFXHpQEyjLqg@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000da7dd305a6924fa8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/DFHTdDiJqphi6qPPIQEHEJ6Dd7Y>
Subject: [DNSOP] unsolicited HTTPSSVC responses
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 May 2020 19:43:42 -0000
One of my colleagues recently brought up the idea of suggesting recursives add additional HTTPSSVC records into responses for A/AAAA queries as a way to make HTTPSSVC more available for cases where a stub is hesitant to make additional queries out of concern for bad behavior from bad middleboxes (a frequent concern for Chrome when not using DoH). My initial impression is that it's not a reasonable idea, but I wanted to bring it here to DNSOP in case anybody has further ideas to make it workable. So any relevant thoughts or concerns from anybody here? The obvious problems I could think of (all basically along the theme of it not being ideal when the stub might not even care about HTTPSSVC): - Performance implications if the recursive has to retrieve HTTPSSVC or follow alias chains. Maybe not as bad if only done opportunistically when the recursive happens to already have everything in cache. - Polluting DNS for non-browsers. Maybe not as bad if SVCB instead of HTTPSSVC, but this would likely only be of use for web browsers which are obviously not the only queryers of A/AAAA. - Could lead to lots of unnecessary truncation, especially for large records containing ESNI data.
- [DNSOP] unsolicited HTTPSSVC responses Eric Orth
- Re: [DNSOP] unsolicited HTTPSSVC responses Paul Vixie
- Re: [DNSOP] unsolicited HTTPSSVC responses Ben Schwartz
- Re: [DNSOP] unsolicited HTTPSSVC responses Paul Vixie
- Re: [DNSOP] [Ext] unsolicited HTTPSSVC responses Paul Hoffman
- Re: [DNSOP] unsolicited HTTPSSVC responses Petr Špaček
- Re: [DNSOP] unsolicited HTTPSSVC responses Ray Bellis
- Re: [DNSOP] unsolicited HTTPSSVC responses Eric Orth
- Re: [DNSOP] [Ext] unsolicited HTTPSSVC responses Eric Orth
- Re: [DNSOP] unsolicited HTTPSSVC responses Eric Orth
- Re: [DNSOP] unsolicited HTTPSSVC responses Ray Bellis
- Re: [DNSOP] [Ext] unsolicited HTTPSSVC responses Tony Finch
- [DNSOP] Multi-QTYPES (was: unsolicited HTTPSSVC r… Shane Kerr
- Re: [DNSOP] Multi-QTYPES (was: unsolicited HTTPSS… Petr Špaček
- Re: [DNSOP] Multi-QTYPES (was: unsolicited HTTPSS… Vladimír Čunát
- Re: [DNSOP] Multi-QTYPES (was: unsolicited HTTPSS… Joe Abley
- Re: [DNSOP] Multi-QTYPES (was: unsolicited HTTPSS… Eric Orth
- Re: [DNSOP] Multi-QTYPES (was: unsolicited HTTPSS… Petr Špaček
- Re: [DNSOP] Multi-QTYPES (was: unsolicited HTTPSS… Petr Špaček
- Re: [DNSOP] Multi-QTYPES (was: unsolicited HTTPSS… Eric Orth
- Re: [DNSOP] unsolicited HTTPSSVC responses fujiwara