IETF Logo Mail Archive

Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Dick Franks <rwfranks@gmail.com> Sun, 02 May 2021 15:25 UTC

Return-Path: <rwfranks@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 773F63A0CD1 for <dnsop@ietfa.amsl.com>; Sun, 2 May 2021 08:25:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mET2Uw96TkfJ for <dnsop@ietfa.amsl.com>; Sun, 2 May 2021 08:25:56 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87B9D3A0CCF for <dnsop@ietf.org>; Sun, 2 May 2021 08:25:56 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id p8so2177340iol.11 for <dnsop@ietf.org>; Sun, 02 May 2021 08:25:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+10RKnk/NrBXT9CSVtH/sjIqFEev2hFTJwSkVVd9mX8=; b=BJh+QJGnfU6WJD61CFnKEWDq4qETY2iTz47FUhDiwGbHb03V+0h7KjzdEr1JG42jms UMxSPOfDy9JS9Gu7d7VtofkhFEuVGkKYnHQmr/uUU5Pp8OeqrvMTHSqpanW0MF/YV9l4 RdEIn0YVq/lfdd7yzPHHVd7Dz7xhdThlrcdRqA4axqTQkanK/z5OI5yFTE+HcHOZD3Eh 14xmzUptFWUlZPdfso+Wthz7LcMQ/5K0yQIB36hd656d6JOlEez5cJQeAtHSFwdNRcCh eJoMi+RufOGo/Rvs7v4BntKEPwbVnDJQyatGulOplhx6zs0MIHK5Dcy/dG80DM13waqY bmZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+10RKnk/NrBXT9CSVtH/sjIqFEev2hFTJwSkVVd9mX8=; b=dQk3ne6c3ZKKczjNMKDLGLB9ZBAHWY1pf3B8CwmGYmz1G+x2sbkIGWlxOoB0d73hQM ee7zNGK8w6f/XqNez57ArByOoR97x1SKmsEw3A1qp1jwEt+dxBMCaQPUnVoltvP5yNd6 P5WBwFmTvF2vIMY8fu3U7j1IYRExlqxItwuPPKko71bxTjY/hdHgnWwh/CW/ceADlGQ2 naA4UpBg+968WiAptJorkNykv7iYUXfL5p9YEme+flOWQKMC6TRltPvD8GPDNA6HTfVl ZLXX/0mT3Rprw2oLDPgSqmKXBubX79HfE4ZXCwQq7Vdu0caScnxmnqlezC0/yD8Kos3b zKiw==
X-Gm-Message-State: AOAM531pLF42R9E4mGIStJBWOWCDfpyMauyCdf82kXIBuaAtdS4kNFI1 N/8hnMpkL3JtvvrRrfSOcNa0QcEg8rtzhysw2e3HxTZtSOBtiw==
X-Google-Smtp-Source: ABdhPJz2z7IGWpsbgX/KGcnBoxvnhyJlQZVC1QRzWaSIceuFhYFDrVL+OGyj8+ONRn2frYEvzXUn562ts3QohZ+QqBs=
X-Received: by 2002:a6b:ea05:: with SMTP id m5mr11315235ioc.77.1619969154486; Sun, 02 May 2021 08:25:54 -0700 (PDT)
MIME-Version: 1.0
References: <161901308063.21005.875603362157576926@ietfa.amsl.com> <CAHbrMsA4TMfE+3LAT+un0FF3DGXKsYB1zAtvUwf2YKr97mJ+sQ@mail.gmail.com> <87B615B4-9CA3-4060-93C2-E4B953C11FB2@akamai.com> <CAHbrMsDaqrQ+XDO4z395tC_yOH4MBH8OmoH8zTXWEHfcDC1+Ew@mail.gmail.com> <6245BB4F-4E2F-435F-ABC0-18C0420C8541@akamai.com> <CAHbrMsDGq0usDiqr0HtbFCR4Y8swtyv_0i7UOFf=C_ExW+0FNQ@mail.gmail.com> <303AD4A1-A9BE-4C31-B730-7B4D42587206@akamai.com> <CAHbrMsCj8OToEhjo7O0YkW4WGosGK7stBYTneYHUoX_KckY7Uw@mail.gmail.com> <80539395-F1F6-4BA1-8AFF-667DDF7604B1@icann.org> <CAHbrMsAC3Mb+e18Gv361XnCU3kBOWqCbUXPujuuqOULh4e-v=g@mail.gmail.com>
In-Reply-To: <CAHbrMsAC3Mb+e18Gv361XnCU3kBOWqCbUXPujuuqOULh4e-v=g@mail.gmail.com>
From: Dick Franks <rwfranks@gmail.com>
Date: Sun, 02 May 2021 16:25:18 +0100
Message-ID: <CAKW6Ri4Yi2v+owa7KABATBoRmEB9u0k_hxd235iDL0ngbGhuLA@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Cc: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, Paul Hoffman <paul.hoffman@icann.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Ys8b7LZJyssqtfkw9u8kO2-o3vk>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2021 15:25:59 -0000

All,

I have considerable difficulty with these test vectors at the end of
Appendix D.2:

        16 foo.example.org. alpn="f\\\\oo\\,bar,h2"
        16 foo.example.org. alpn=f\\\092oo\092,bar,h2

        \# 35 (
        00 10                                              ; priority
        03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
        00 01                                              ; key 1
        00 0c                                              ; param length 12
        08                                                 ; alpn length 8
        66 5c 6f 6f 2c 62 61 72                            ; alpn value
        02                                                 ; alpn length 2
        68 32                                              ; alpn value
        )

which appear to be incompatible with RFC1035 5.1 paragraph 10:

        Because these files are text files several special encodings are
        necessary to allow arbitrary data to be loaded.  In particular:

        ...

        \X          where X is any character other than a digit (0-9), is
                    used to quote that character so that its special meaning
                    does not apply.  For example, "\." can be used to place
                    a dot character in a label.

        \DDD        where each D is a digit is the octet corresponding to
                    the decimal number described by DDD.  The resulting
                    octet is assumed to be text and is not checked for
                    special meaning.

The intention appears to be to include (a) a single arbitrary octet in
the argument, and (b) a plain text comma not being a delimiter in the
argument list. The specimen result is consistent with that assumption.

Armed with the weapons supplied by RFC1035, the obvious way to
represent such an argument is:   alpn="f\092oo\,bar,h2"


A parser adhering strictly to RFC1035 zone file escape conventions:

        #!/usr/bin/perl
        use Net::DNS 1.31;
        use Net::DNS::ZoneFile;

        my $zonefile = new Net::DNS::ZoneFile(\*DATA);
        while ( my $rr = $zonefile->read ) {
            $rr->print;
        }
        exit;

        __DATA__
        rfc1035-compliant.example.  SVCB    16 foo.example.org.
alpn="f\092oo\,bar,h2"

produces the desired wire-format image:

        rfc1035-compliant.example.  IN      SVCB    ( \# 35 0010    ; 16
                03666f6f076578616d706c65036f7267 00         ; foo.example.org.
                0001 000c 08665c6f6f2c626172026832 )

Other parsers are available.


The test vectors, as written, appear to rely upon somehow reactivating
the special meaning of the escape character which is explicitly
disallowed by RFC1035.

The result in each case is:

        non-compliant.example.      IN      SVCB    ( \# 37 0010    ; 16
                03666f6f076578616d706c65036f7267 00         ; foo.example.org.
                0001 000e 06665c5c6f6f5c03626172026832 )

the escaped escape characters being inserted as uninterpreted text per RFC1035.


Dick Franks
________________________

v2.23.0 | Report a Bug | By Email