IETF Logo Mail Archive

Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Erik Nygren <erik+ietf@nygren.org> Mon, 17 May 2021 21:58 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6B243A469D for <dnsop@ietfa.amsl.com>; Mon, 17 May 2021 14:58:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bfsrOo-65J3X for <dnsop@ietfa.amsl.com>; Mon, 17 May 2021 14:58:23 -0700 (PDT)
Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F07833A4699 for <dnsop@ietf.org>; Mon, 17 May 2021 14:58:22 -0700 (PDT)
Received: by mail-wr1-f54.google.com with SMTP id d11so7943518wrw.8 for <dnsop@ietf.org>; Mon, 17 May 2021 14:58:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RvDrAGoS3AehV/VH1EhnAbDHYeTvxBlRadCYxrSsqRE=; b=AY4xWT3gN/e0qSHCwBI7sXyNvOxIEIPZGgqEOexkIaPgFHLW0V18lkEH8yoD8ZEobE Is2LkBQEV9wi0RlbM3Z6BKOV3hdMsiSlAt2m0frkRaKx5z4Y7rF6pth8FL6hyQG3WI7k mfa9MatI8tGKEB+jIKtv19R0Q8oD/GiM8yU00iWVEn1E2P8/9X0KDVhoj2ReM8M4fC/o g+iQctNENwO5gQ565ovK8tIYAubw9ELLyoC6pjsGi0zyiQ09ViyOJqEWLyMBBPNvxDuh UOiroxfLXGn1jjxYsSp1FI89fVnJ0+purERrkK/fq3SbuOFNEp/wrPrT/88CMV0sCAQL tS+w==
X-Gm-Message-State: AOAM531MvfTuM8kY0yo4mo36F2z7iDqj3/BsJOYLndBOlehlDAityQaf a733YScaLjhN9TqNKzzz3TCpjJHXpXcZiL8Q5Uw=
X-Google-Smtp-Source: ABdhPJzjdtKu90oIa+kDKjqoKvf3mn2ynX+42/EFlvUGWoksPWTzA1IfL+AsLe0lf7477RS1ahpP5WZurtNYyOrn/js=
X-Received: by 2002:adf:cd8c:: with SMTP id q12mr445926wrj.43.1621288701149; Mon, 17 May 2021 14:58:21 -0700 (PDT)
MIME-Version: 1.0
References: <7ADF1FB2-97A4-4C49-8F25-8BF03BE01640@hopcount.ca> <20210512213903.D5F1F7AA827@ary.qy> <CAMOjQcFJjcsvaREF0fr+2GTY4zTy5CxSxR16BEp=Nc-K9WJ0Tg@mail.gmail.com> <CAH1iCipAVKVCuH2ME=+YpeJyijrKCtzJaU3bRFyy1f48EB33iw@mail.gmail.com> <CAHbrMsCjWgV7nc575L_qdvr7HdoEVKqkXRwLdXA2L5NiCgdvwA@mail.gmail.com> <CAH1iCipW_-BSMQZ-S+m18pyzfxTGsCrmG9Pc-b35_VRiLhxh4w@mail.gmail.com> <CAHbrMsDvEkYAxee4xjW5LsQmr0PgBf+UmMAuME-_UvRMg4jJeA@mail.gmail.com> <CAH1iCiq4zJZBv5=f7T2EDRWKa7bAZx66SMKkf+AiDsDPTZokhQ@mail.gmail.com> <CAHbrMsAW_wtKmRDYKZVUrFLZYuM_DqoS-8VRMf-O0Z8WpPBfbg@mail.gmail.com>
In-Reply-To: <CAHbrMsAW_wtKmRDYKZVUrFLZYuM_DqoS-8VRMf-O0Z8WpPBfbg@mail.gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Mon, 17 May 2021 17:58:09 -0400
Message-ID: <CAKC-DJj3nPAZp=qpwjBJ_3yG_EO-q-bcJbaizUNw9uq6deVZjg@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
Cc: Brian Dickson <brian.peter.dickson@gmail.com>, dnsop <dnsop@ietf.org>, John Levine <johnl@taugh.com>, Joe Abley <jabley@hopcount.ca>, Eric Orth <ericorth=40google.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001c463605c28db105"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/a-wdZqBVbHlaiW3SNYi_JzHIy8U>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2021 21:58:28 -0000

On Mon, May 17, 2021 at 5:36 PM Ben Schwartz <bemasc=
40google.com@dmarc.ietf.org> wrote:

>
>
> On Sat, May 15, 2021 at 12:48 PM Brian Dickson <
> brian.peter.dickson@gmail.com> wrote:
>
>>
>>
>> On Thu, May 13, 2021 at 10:25 AM Ben Schwartz <bemasc@google.com> wrote:
>>
>>>
>>>
>>> On Thu, May 13, 2021 at 12:51 AM Brian Dickson <
>>> brian.peter.dickson@gmail.com> wrote:
>>>
>>>>
>>>>
>>>> On Wed, May 12, 2021 at 9:33 PM Ben Schwartz <bemasc@google.com> wrote:
>>>>
>>> ...
>
>> Breaking the binding into pieces creates many new opportunities for
>>> error, such as having multiple TargetNames in a single binding.  It
>>> corresponds to a multimap datastructure instead of a standard map.  Every
>>> attribute of each binding would naturally be an unordered collection, which
>>> is a bad fit for attributes that are required to be singular, or an ordered
>>> list, or anything other than a set.
>>>
>> ...
>
>> So, taking your observations about TargetName into account, and borrowing
>> from the overloading of Priority to signal AliasMode, here's an alternative
>> that I think addresses most of the concerns.
>> Priority {AliasTarget | ServiceTarget | KeyName}
>> {ServiceBindingPriorityValue | Value}
>> where
>> Priority == 0 => AliasMode
>> Priority >0, <128 => ServiceMode
>> Priority > 128 => ServiceBinding key-value record
>>
>> The same example would be encoded (again with only RDATA values):
>>
>>> 1 target "h3pool" 128
>>
>>> 128 alpn "h2,h3"
>>
>>> 128 ech "123..."
>>
>>> 2 target "." 129
>> 129 alpn "h2"
>> 129 ech "abc..."
>>
>
> I find this format, with multiple lines and multiple integers per binding,
> much more difficult to read or write than the current draft, especially
> since the elements of each binding can potentially be spread across a zone
> file (perhaps by accident) in arbitrary order.
>
>
I concur with Ben here.  Thank you for spelling out and proposing this
alternative, but this seems much less usable
and understandable by a typical user, either for zone publication or for
reading diagnostic output from tools
like "dig" or for talking about in other drafts specifying SVCB.

Side-note: some precursors to SVCB and earlier discussions in the working
group
proposed using a standardized format such as CBOR for encoding the
SvcParams but
that approach was discarded as bringing in a bunch of its own baggage and
being too
different from typical DNS usage.

An approach HTTP took was to define "Structured Field Values for HTTP"
(rfc8941)
which may be more complexity than is needed here, but perhaps there
is a similar approach that could work for SVCB of defining explicit types
for SvcParamValues?

Another approach could be seeing if there was a way to require
everything to use a limited character set and require escaping
for things outside of these constraints.  For example, alpn values
with a limited set of token characters would be allowed as strings,
but anything else would need escaping.  Would require base64 encoding
of SvcParamValues wanting characters outside of "non-special"
be easier to parse, perhaps with a prefix to indicate that a string is
base64 type?
Are there other similar things that would keep the format similar to the
existing
format but reduce the number of parser special-cases needed?

     Erik

v2.23.0 | Report a Bug | By Email