Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Mark Andrews <marka@isc.org> Thu, 20 May 2021 02:56 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0E513A2A42 for <dnsop@ietfa.amsl.com>; Wed, 19 May 2021 19:56:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b=DtNCC5yv; dkim=pass (1024-bit key) header.d=isc.org header.b=KlPEht5O
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mvd0IEBCdUNb for <dnsop@ietfa.amsl.com>; Wed, 19 May 2021 19:56:44 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 350C13A2A43 for <dnsop@ietf.org>; Wed, 19 May 2021 19:56:44 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 589FC3AB190; Thu, 20 May 2021 02:56:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1621479401; bh=vZKLU1fGjp2zG77gOOpmeOLjyP7xyOcIYurAsARU3yc=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=DtNCC5yvJEQ/jhufie5aP33AsQvnaTenetyfSCRjUTC3y6PIhcaNs5VlXDlG94wQQ 2yNIOrR6N2qfX/bdDY0Rr0pmTSJICSxB6O1NEyk4Lb0sg3Zoj1mWQwlBMMrsCTm6GY 9lr42WUg++yQJhbIwRIdkdqJEK4FLk3dQ5fd08nc=
Received: from zmx1.isc.org (localhost.localdomain [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 1AB53160053; Thu, 20 May 2021 02:56:41 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id D7BCC160055; Thu, 20 May 2021 02:56:40 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.9.2 zmx1.isc.org D7BCC160055
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1621479400; bh=vJsuHWDAnLJrhE9KJfT/ZhFgHVi/pudd8i3uWVWLBFY=; h=Content-Type:Mime-Version:Subject:From:Date: Content-Transfer-Encoding:Message-Id:To; b=KlPEht5OExMEh2rmWRQSq7VQWTvTyk5THro3rn8e3sPIJYNzzLQjpxbpNdpVEeFRt YWxNJYCgWexef+fppQ4aUQ12HH29ihmN0MZ4+LQfTtBAanfAG46OJDS40E98VWSRat uv+EZ+VAuZdg7WAFcfr69RcN0HYVw+krNnAEEOWc=
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id aSIEa1RsMcmh; Thu, 20 May 2021 02:56:40 +0000 (UTC)
Received: from [192.168.0.8] (n110-33-203-231.mas2.nsw.optusnet.com.au [110.33.203.231]) by zmx1.isc.org (Postfix) with ESMTPSA id 72F11160053; Thu, 20 May 2021 02:56:39 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAH1iCiqHkrS1oULK=BmZf=G0MfXfov+c-BsoiN+0K0oPhLekeQ@mail.gmail.com>
Date: Thu, 20 May 2021 12:56:36 +1000
Cc: Paul Wouters <paul@nohats.ca>, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C105D6EC-A34F-48C4-8BCC-FEEE274C8EE9@isc.org>
References: <7ADF1FB2-97A4-4C49-8F25-8BF03BE01640@hopcount.ca> <20210512213903.D5F1F7AA827@ary.qy> <CAMOjQcFJjcsvaREF0fr+2GTY4zTy5CxSxR16BEp=Nc-K9WJ0Tg@mail.gmail.com> <CAH1iCipAVKVCuH2ME=+YpeJyijrKCtzJaU3bRFyy1f48EB33iw@mail.gmail.com> <CAHbrMsCjWgV7nc575L_qdvr7HdoEVKqkXRwLdXA2L5NiCgdvwA@mail.gmail.com> <CAH1iCipW_-BSMQZ-S+m18pyzfxTGsCrmG9Pc-b35_VRiLhxh4w@mail.gmail.com> <CAHbrMsDvEkYAxee4xjW5LsQmr0PgBf+UmMAuME-_UvRMg4jJeA@mail.gmail.com> <CAH1iCiq4zJZBv5=f7T2EDRWKa7bAZx66SMKkf+AiDsDPTZokhQ@mail.gmail.com> <CAHbrMsAW_wtKmRDYKZVUrFLZYuM_DqoS-8VRMf-O0Z8WpPBfbg@mail.gmail.com> <CAKC-DJj3nPAZp=qpwjBJ_3yG_EO-q-bcJbaizUNw9uq6deVZjg@mail.gmail.com> <C3734365-D5F7-4F9A-A463-5EFBB841A583@apple.com> <CAHbrMsBtV8bkkwTVXmNTY7jHO4Yub-ar2DWTjnFG-H7bGRuFuA@mail.gmail.com> <a1ab90af-91b6-92ac-b4e-dda859fc7de0@nohats.ca> <D712E09A-BE78-45C1-BA00-CA4AC5A78A12@isc.org> <CAH1iCiqHkrS1oULK=BmZf=G0MfXfov+c-BsoiN+0K0oPhLekeQ@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/R-IwyhANVveiBnwaUsowem50cic>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2021 02:56:49 -0000


> On 20 May 2021, at 12:31, Brian Dickson <brian.peter.dickson@gmail.com> wrote:
> 
> 
> 
> On Wed, May 19, 2021 at 7:15 PM Mark Andrews <marka@isc.org> wrote:
> 
> 
> > On 20 May 2021, at 11:52, Paul Wouters <paul@nohats.ca> wrote:
> > 
> > On Wed, 19 May 2021, Ben Schwartz wrote:
> > 
> >> So long as there are no registered protocol identifiers containing "," or "\\", zone file implementations MAY
> >> disallow these characters instead of implementing the `value-list` escaping procedure.
> > 
> > Sorry, an implementor cannot predict the future of the IANA registry. They
> > can't write code to confirm to this requirement other than NOT allowing
> > the MAY.
> > 
> > Even if they were silly enough to _first_ check the IANA registry before
> > parsing SVCB records, they would still have to write all the the parsing
> > code without CVE's for both cases, just in case the IANA registry would
> > gain these characters in the future.
> 
> Or detect them and switch to key1=“…” instead of alpn=“…” when displaying
> entry would need to be using keyXXXX format until the software was upgraded.
> 
> alpn=“h1\\,h2,h3” (or alpn=“h1\,h2,h3” I’m not sure where the consensus lies)
> vs key1=“\005h1,h2\002h3"
> 
> I don't understand why any of the comma-escaping is needed at all, honestly.
> 
> RFC1035 has the definition of <character-string> encoding:
> A bunch of characters without any internal spaces, or
> A string beginning with " and ending with ", and anything else in between except " which must be escaped.

Which doesn’t work in practice not the least because zone files where designed to be transferred between machines with different native character set encodings and different end of line conventions and the simplistic everything in between breaks in the real world.

example 0 iN TXT “abc
def”

will produce different wire encodings on a old mac, new mac and windows at the EOL could be encoded as CR, NL, or CR NL.  Add to that data entry where the native character set is not compatible with ASCII.


> So, alpn=<character-string>[,<character-string>]* is unambiguous. Restricting the character-string format used
> to the kind surrounded by quotes, removes any ambiguity regarding commas.
> Parsers need to be sufficiently well built to not treat commas internal to character-string values as special.

It isn’t ambiguity that is the problem.  It’s working out which escape mechanism we are going to use.  You have just added a third escape mechanism with the above.

> No escaping of anything other than double-quote characters within a single value (an ALPN) is needed.
> 
> Brian
>  

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org