Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Mark Andrews <marka@isc.org> Mon, 03 May 2021 00:27 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 763E13A172D for <dnsop@ietfa.amsl.com>; Sun, 2 May 2021 17:27:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b=T3hybCoL; dkim=pass (1024-bit key) header.d=isc.org header.b=odKVftZm
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxAas_c_YrAC for <dnsop@ietfa.amsl.com>; Sun, 2 May 2021 17:27:50 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0851C3A172B for <dnsop@ietf.org>; Sun, 2 May 2021 17:27:49 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 5B80A3AB021; Mon, 3 May 2021 00:27:46 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1620001666; bh=5nvaiHJwbpOPB9dcgB7h9/G6CMuX9AjjI/l9k9zZkuM=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=T3hybCoLOegd1R+K7bxn1Bvz+L4DvPokp5CxtyjQd4hhy/5m1SsnL04LkcNbYOlFF erSGOiMafPyKJG3xruKPFvjNafcJavfaFN2Rnsek08S33Q8dRum9RrXZkfJ29bXTfe 5BjTIBlA+uQtpYmrXzcsQV7bCt8p9ua7la4nQ94E=
Received: from zmx1.isc.org (localhost.localdomain [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 1152516003F; Mon, 3 May 2021 00:27:46 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id AED5E160046; Mon, 3 May 2021 00:27:45 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.9.2 zmx1.isc.org AED5E160046
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1620001665; bh=tbg7VRpPyAnR6kKLFYQRxOTF+WMmL3CH8e6JTocBBKo=; h=Content-Type:Mime-Version:Subject:From:Date: Content-Transfer-Encoding:Message-Id:To; b=odKVftZmPSabie8Lv1bhq5EHCKoxEzjOEXIGEvaIDdjMhEKTC932q3UUPLi/FY5vL cma7ve5XerYI8zxGfJ1MQdmwXNq/xcYAm6NjBjCUtLKXKqvoCHEucHqxxMDTlsVp96 zVZd6fJdzAbnBIa32Dyt5XiBggmJ02VznUEMRtn4=
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id t5Ebo7JD0Dvs; Mon, 3 May 2021 00:27:45 +0000 (UTC)
Received: from [172.30.42.99] (n49-177-132-25.bla3.nsw.optusnet.com.au [49.177.132.25]) by zmx1.isc.org (Postfix) with ESMTPSA id 5201D16003F; Mon, 3 May 2021 00:27:44 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAKW6Ri4Yi2v+owa7KABATBoRmEB9u0k_hxd235iDL0ngbGhuLA@mail.gmail.com>
Date: Mon, 03 May 2021 10:27:40 +1000
Cc: dnsop <dnsop@ietf.org>, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, Paul Hoffman <paul.hoffman@icann.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B0F5B473-9A40-447D-9555-F549F54CE0B5@isc.org>
References: <161901308063.21005.875603362157576926@ietfa.amsl.com> <CAHbrMsA4TMfE+3LAT+un0FF3DGXKsYB1zAtvUwf2YKr97mJ+sQ@mail.gmail.com> <87B615B4-9CA3-4060-93C2-E4B953C11FB2@akamai.com> <CAHbrMsDaqrQ+XDO4z395tC_yOH4MBH8OmoH8zTXWEHfcDC1+Ew@mail.gmail.com> <6245BB4F-4E2F-435F-ABC0-18C0420C8541@akamai.com> <CAHbrMsDGq0usDiqr0HtbFCR4Y8swtyv_0i7UOFf=C_ExW+0FNQ@mail.gmail.com> <303AD4A1-A9BE-4C31-B730-7B4D42587206@akamai.com> <CAHbrMsCj8OToEhjo7O0YkW4WGosGK7stBYTneYHUoX_KckY7Uw@mail.gmail.com> <80539395-F1F6-4BA1-8AFF-667DDF7604B1@icann.org> <CAHbrMsAC3Mb+e18Gv361XnCU3kBOWqCbUXPujuuqOULh4e-v=g@mail.gmail.com> <CAKW6Ri4Yi2v+owa7KABATBoRmEB9u0k_hxd235iDL0ngbGhuLA@mail.gmail.com>
To: Dick Franks <rwfranks@gmail.com>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/XacP9NvB_PDxiQeOHlDD-ENpdOs>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 May 2021 00:27:55 -0000

I agree with you Dick, but some developers complained that they "couldn’t
re-use their string parsers" (despite no existing parser supporting key=“value”)
so now we have to double escape backslashes.  I very much feel that this is tail
wagging the dog.

> On 3 May 2021, at 01:25, Dick Franks <rwfranks@gmail.com> wrote:
> 
> All,
> 
> I have considerable difficulty with these test vectors at the end of
> Appendix D.2:
> 
>        16 foo.example.org. alpn="f\\\\oo\\,bar,h2"
>        16 foo.example.org. alpn=f\\\092oo\092,bar,h2
> 
>        \# 35 (
>        00 10                                              ; priority
>        03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
>        00 01                                              ; key 1
>        00 0c                                              ; param length 12
>        08                                                 ; alpn length 8
>        66 5c 6f 6f 2c 62 61 72                            ; alpn value
>        02                                                 ; alpn length 2
>        68 32                                              ; alpn value
>        )
> 
> which appear to be incompatible with RFC1035 5.1 paragraph 10:
> 
>        Because these files are text files several special encodings are
>        necessary to allow arbitrary data to be loaded.  In particular:
> 
>        ...
> 
>        \X          where X is any character other than a digit (0-9), is
>                    used to quote that character so that its special meaning
>                    does not apply.  For example, "\." can be used to place
>                    a dot character in a label.
> 
>        \DDD        where each D is a digit is the octet corresponding to
>                    the decimal number described by DDD.  The resulting
>                    octet is assumed to be text and is not checked for
>                    special meaning.
> 
> The intention appears to be to include (a) a single arbitrary octet in
> the argument, and (b) a plain text comma not being a delimiter in the
> argument list. The specimen result is consistent with that assumption.
> 
> Armed with the weapons supplied by RFC1035, the obvious way to
> represent such an argument is:   alpn="f\092oo\,bar,h2"
> 
> 
> A parser adhering strictly to RFC1035 zone file escape conventions:
> 
>        #!/usr/bin/perl
>        use Net::DNS 1.31;
>        use Net::DNS::ZoneFile;
> 
>        my $zonefile = new Net::DNS::ZoneFile(\*DATA);
>        while ( my $rr = $zonefile->read ) {
>            $rr->print;
>        }
>        exit;
> 
>        __DATA__
>        rfc1035-compliant.example.  SVCB    16 foo.example.org.
> alpn="f\092oo\,bar,h2"
> 
> produces the desired wire-format image:
> 
>        rfc1035-compliant.example.  IN      SVCB    ( \# 35 0010    ; 16
>                03666f6f076578616d706c65036f7267 00         ; foo.example.org.
>                0001 000c 08665c6f6f2c626172026832 )
> 
> Other parsers are available.
> 
> 
> The test vectors, as written, appear to rely upon somehow reactivating
> the special meaning of the escape character which is explicitly
> disallowed by RFC1035.
> 
> The result in each case is:
> 
>        non-compliant.example.      IN      SVCB    ( \# 37 0010    ; 16
>                03666f6f076578616d706c65036f7267 00         ; foo.example.org.
>                0001 000e 06665c5c6f6f5c03626172026832 )
> 
> the escaped escape characters being inserted as uninterpreted text per RFC1035.
> 
> 
> Dick Franks
> ________________________
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org