Re: [DNSOP] DNS HTTPS/SVCB record type support in iOS 14
Tommy Pauly <tpauly@apple.com> Fri, 25 September 2020 20:18 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D5F73A08C0; Fri, 25 Sep 2020 13:18:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.795
X-Spam-Level:
X-Spam-Status: No, score=-3.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8xr8ba6StMh; Fri, 25 Sep 2020 13:18:41 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp02.apple.com (ma1-aaemail-dr-lapp02.apple.com [17.171.2.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC3DC3A08BA; Fri, 25 Sep 2020 13:18:40 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp02.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp02.apple.com (8.16.0.42/8.16.0.42) with SMTP id 08PKIA7I012362; Fri, 25 Sep 2020 13:18:38 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=TfgpHXB2/hTyaOtVRMe20KuRD9o0+3lqgNL1Wf06Quo=; b=ArKiJHMPDl6u7fid8LpvXJqC6k7Cgz3Szws4mkODkp6weyhMswSCImhTFfLrgAOJr5// 945V0HbB/m109qbibYuPGDcWV+CoGKmThVXUu+DosUFgjr1YvwnGy45UJ4jmpjPo3Cya TlyJ0caeMq284VHRaWT+7HYVrIftrOks9Ht8eV86IeJPYROAMOwdyHWy+E1SyaEPjqCW +MqGKizBpAAvPXw/h2KvsroWS0l3z155Dmap+PyTQSde6l6vWn7dp1IoWIiF5aglzzJc 01+zbCVsi9enXBRHsSaarGGXYrDL8rsT+JRRDh/RDC0qlmNn5MFSTmTdoyFX4FNtonKB ZA==
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma1-aaemail-dr-lapp02.apple.com with ESMTP id 33nenu9m5e-17 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 25 Sep 2020 13:18:38 -0700
Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPS id <0QH800LTLDR0DB30@rn-mailsvcp-mta-lapp04.rno.apple.com>; Fri, 25 Sep 2020 13:18:36 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) id <0QH800E00CW9CP00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Fri, 25 Sep 2020 13:18:36 -0700 (PDT)
X-Va-A:
X-Va-T-CD: cdaa14cfcfc144345f8b3130a3d22b5b
X-Va-E-CD: e876165c9a9a1c02d6ae715e100a7f1a
X-Va-R-CD: a244d06e8d95a99d70ca2b44f71fbcff
X-Va-CD: 0
X-Va-ID: 6febd903-a418-4a8b-82d8-f519791e3a7f
X-V-A:
X-V-T-CD: cdaa14cfcfc144345f8b3130a3d22b5b
X-V-E-CD: e876165c9a9a1c02d6ae715e100a7f1a
X-V-R-CD: a244d06e8d95a99d70ca2b44f71fbcff
X-V-CD: 0
X-V-ID: 601a00af-2c7b-4b30-a0cf-bd90e9917ea7
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-25_17:2020-09-24, 2020-09-25 signatures=0
Received: from localhost.localdomain (unknown [17.234.68.71]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPSA id <0QH800G7ZDQX0200@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Fri, 25 Sep 2020 13:18:33 -0700 (PDT)
From: Tommy Pauly <tpauly@apple.com>
Message-id: <D9D8F12B-C15A-4458-A9C1-C0D54B82CDC4@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_4D18C02A-DFDC-470F-AAD9-B74B798B1740"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.0.3.2.26\))
Date: Fri, 25 Sep 2020 13:18:33 -0700
In-reply-to: <CAPDSy+5EEaMu250Jdpg-TjfB7cYACmyCmB1sjobauWehOYYHVg@mail.gmail.com>
Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, dnsop WG <dnsop@ietf.org>, QUIC WG <quic@ietf.org>
To: David Schinazi <dschinazi.ietf@gmail.com>
References: <6694476E-A51B-44AD-AE53-A31D705B9DC4@apple.com> <CAPDSy+5EEaMu250Jdpg-TjfB7cYACmyCmB1sjobauWehOYYHVg@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.0.3.2.26)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-25_17:2020-09-24, 2020-09-25 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TV9RnWSCX_nV-RgwcggoznVN_Ws>
Subject: Re: [DNSOP] DNS HTTPS/SVCB record type support in iOS 14
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Sep 2020 20:18:42 -0000
Hi David, Sorry for the lack of clarity! The HTTPS query will be made alongside A/AAAA queries for all connections that use Network.framework/NSURLSession for URL schemes “http://“ and “https://“, or TCP port 80 or port 443. Thanks, Tommy > On Sep 25, 2020, at 1:12 PM, David Schinazi <dschinazi.ietf@gmail.com> wrote: > > Hi Tommy, > > Thanks for the announcement! It's really exciting to see this deployed in the wild. > Clarification question: your email mentioned support for the HTTPS DNS query, > but it didn't mention when iOS makes those queries. For example, do you query > this record every single time you perform A/AAAA queries? (in the context of > a Network.framework connection to port 443) > > David > > On Fri, Sep 25, 2020 at 12:59 PM Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org <mailto:40apple.com@dmarc.ietf.org>> wrote: > Hello DNSOP & QUIC, > > I wanted to provide an update that the production version of iOS 14, which shipped last week, includes support for sending HTTPS (SVCB) DNS queries (RR type 65) for applications using our system networking APIs. > > The implementation status has been updated here: https://github.com/MikeBishop/dns-alt-svc/blob/master/svcb-implementations.md <https://github.com/MikeBishop/dns-alt-svc/blob/master/svcb-implementations.md> > > For those with HTTP/3 QUIC deployments, this means that (when HTTP/3 experimental support is enabled) iOS will use the ALPN indication in the HTTPS record to enable HTTP/3 prior to receiving an Alt-Svc indication. As previously noted on the DNSOP list, Cloudflare is already supporting publishing these records, and we’d encourage other server deployments that support QUIC to do the same. > > To note, this behavior is the same in the betas of macOS 11. > > Best, > Tommy > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] DNS HTTPS/SVCB record type support in iOS… Tommy Pauly
- Re: [DNSOP] DNS HTTPS/SVCB record type support in… David Schinazi
- Re: [DNSOP] DNS HTTPS/SVCB record type support in… Tommy Pauly
- Re: [DNSOP] DNS HTTPS/SVCB record type support in… Jana Iyengar
- Re: [DNSOP] DNS HTTPS/SVCB record type support in… Tommy Pauly
- Re: [DNSOP] DNS HTTPS/SVCB record type support in… Ian Swett
- Re: [DNSOP] DNS HTTPS/SVCB record type support in… Tommy Pauly