Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt
Erik Nygren <erik+ietf@nygren.org> Tue, 10 March 2020 02:42 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 992233A0DA8; Mon, 9 Mar 2020 19:42:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.11
X-Spam-Level:
X-Spam-Status: No, score=-3.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-1.463, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PHIJxR7QEFr6; Mon, 9 Mar 2020 19:42:21 -0700 (PDT)
Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7613E3A0DA3; Mon, 9 Mar 2020 19:42:14 -0700 (PDT)
Received: by mail-wr1-f54.google.com with SMTP id s14so224322wrt.8; Mon, 09 Mar 2020 19:42:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bfOHd2GJ5HUBoI4+AkLdhHzIWawfbsBufy8fYQvsLbk=; b=bc9/OBhlDlH100Sgndw1yOGa0T9ZVXPxyGjkbCCC8m6mELxxhjiIfwYOE79rhoYpk+ 59WVVaFY8aYsTGocQCLxU93qiHci7pIy0B2rUxrSXVL/rN++e5o/kctJmRtlZ8Ce55DD MSCMH2nuP7uZxKguC2Gnt0Tx1orUWZP1pp2lOGmpqzYJcAnp5R3zMe94yyZtm8zQXsjJ FuEuTyhQ+g5JdeuYrGGVDcht5JYJUfsYA0vNWnV1EuG0wat0opRASgEwWOQPJd+U3FtQ nMNN9NDWq2GLPOiBnUTGPW8lAnzIhnwgm1JECS7X/jV21nscvSzWcEgM5otx8khUUOqt Uwwg==
X-Gm-Message-State: ANhLgQ0p1eTyVl9lsM+cQoG3x36Zm29Lbx52lL3gFY1Qw9to2J6icrHy /XZ0ri9Ez4YfigxwqcVRwTay7lja7jdIShlHUOkkGrfm
X-Google-Smtp-Source: ADFU+vsAGnj7HIrGU6SvOvnW9icotY6hSxEBB3iwlv9J5GBCVhAFN8bWe4IgZglcke+mvfOzuLPHazu3cVz0qNwv92Y=
X-Received: by 2002:adf:e74e:: with SMTP id c14mr25318989wrn.128.1583808132783; Mon, 09 Mar 2020 19:42:12 -0700 (PDT)
MIME-Version: 1.0
References: <158378460735.5647.5593000704951647849@ietfa.amsl.com> <CAHbrMsD4w7+gx7LhM5YSyBK3cRp4D7qNXOj27pZXns34LMRvZA@mail.gmail.com> <2163206.Wd1G8mu5uQ@linux-9daj>
In-Reply-To: <2163206.Wd1G8mu5uQ@linux-9daj>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Mon, 09 Mar 2020 22:42:01 -0400
Message-ID: <CAKC-DJgHvwxz_JwXA29mXa1b748gnb0GLmszbDwszhNuFPyWBw@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: dnsop <dnsop@ietf.org>, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, i-d-announce@ietf.org
Content-Type: multipart/alternative; boundary="00000000000025a11d05a07711f4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/SnmsXt7uFZ7HQnqMvXGO0tcJlDM>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2020 02:42:23 -0000
On Mon, Mar 9, 2020 at 10:32 PM Paul Vixie <paul@redbarn.org> wrote: > On Monday, 9 March 2020 20:56:39 UTC Ben Schwartz wrote: > > It occurs to me that I hit "publish" on this draft without updating the > > release notes, so I'll mention some of the many changes since -01 here > > instead: > > > > ... > > > > As always, please review and send comments. We also expect to do a > > presentation on this draft (remotely) in the DNSOP session. > > i propose that section 6.2 for "port", and all references to same, be > removed. > We discussed this some on one of our authors' calls following my seeing you allude to this a few weeks ago. The rationale for keeping port is that HTTPS is not just about the "web" use-case. While for Web use-cases it is common for most things to always tcp/443, there are plenty of non-"Web" use-cases (such as API calls in data centers, service meshes, etc.) where non-standard ports are commonly used. I know that Tim keeps highlighting a desire to make sure we consider these use-cases. There's a default when port is left out (perhaps that should be clarified better?) but there are cases when being able to switch to an alternate port has value. Another case where this applies is QUIC/UDP where udp/443 is commonly used but where operators may wish to situationally use different ports. Adding a warning that the use of non-default ports could have operational challenges might be warranted. (There are also some confused deputy risks around non-default ports for servers that don't validate the port in the Host header, but others convinced me that that's a problem for another day.) A closely related issue is this one: https://github.com/MikeBishop/dns-alt-svc/issues/111 (regarding clarifying the default port.) Does this help address the concern? It's helpful to know the historical context. Erik > this is: > > --- > > 6.2. "port" > > The "port" SvcParamKey defines the TCP or UDP port that should be > used to contact this alternative service. > > The presentation format of the SvcParamValue is a numeric value > between 0 and 65535 inclusive. Any other values (e.g. the empty > value) are syntax errors. > > The wire format of the SvcParamValue is the corresponding 2 octet > numeric value in network byte order. > > === > > in the SRV RR (from RFC 2782) we specified a port number as part of the > RData > because a client would otherwise have to have an up-to-date /etc/services > file > (or local equivalent) to know what (TCP) port number a listener would > listen > on, and this seemed archaic. > > for HTTPSSVC and SVCB, the service is a constant (HTTPS) and its transport > layer port number (443) is known. inviting listener operators to specify a > different port number will result in unpredictable (other than > wide-spread) > failures for those accessors behind NAT, firewalls, or ALG's. > > please leave out this legacy from DNS SRV as you go forward with HTTPSSVC. > > -- > Paul > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssv… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Ben Schwartz
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Erik Nygren
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Patrick McManus
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Patrick McManus
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Erik Nygren
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Stephen Farrell
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Paul Vixie
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Patrick McManus
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Stephen Farrell
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Paul Vixie