IETF Logo Mail Archive

Re: [DNSOP] Fwd: HTTPSSVC record draft

Erik Nygren <erik+ietf@nygren.org> Fri, 26 July 2019 18:58 UTC

Return-Path: <nygren@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C25221201DD for <dnsop@ietfa.amsl.com>; Fri, 26 Jul 2019 11:58:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.557
X-Spam-Level:
X-Spam-Status: No, score=-1.557 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.091, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TYJbFRh7C0TI for <dnsop@ietfa.amsl.com>; Fri, 26 Jul 2019 11:58:45 -0700 (PDT)
Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DC2712015C for <dnsop@ietf.org>; Fri, 26 Jul 2019 11:58:44 -0700 (PDT)
Received: by mail-wm1-f45.google.com with SMTP id 207so48833101wma.1 for <dnsop@ietf.org>; Fri, 26 Jul 2019 11:58:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ox+cYED7RixRo7UjAH6skGjP31PFf1fjpqtEiRZG2HI=; b=QH2qXn1dP86WPRwezkmnAi0PsSQH7WIrh6lu5mvlqPtimESU0huM0VQtWyG8WoP/8W UnQIjlY3He3B8IcOXivHFcr8DJm1L76iRE3D2dLIm4BMD+Vs216uCE+wHUotidHvHBH3 WbWqCYiz66/jbqNCUSkAw/hdvPONzJHXA/FK1WrnYE/S4pqc5c3vK0Y/9FiE4mLsbeJd 0VU9eFH0EpZtnOUvFlvWG7J/tllQoDvtQAyckG0xwluNFsibVEj5r6wkj9Y0KT+9610V haIxXxVWGjGtk/gQvYReDwrnh5gjWXWV3naOT+7fQnFg76fxsbB4YQ/kibNMTnghP9ZG f+qw==
X-Gm-Message-State: APjAAAUwC2gRqu144g9TOGIWxUkXuS3ddBToD+ihDzKkKD6ByQsZXlQQ WoFeKQfdsPaHvyUkePjLsQfBNNdaCFNeCato5Y0=
X-Google-Smtp-Source: APXvYqwuCPGE16Ybs1J/6mo4XrGBos5bUmKbFQ1ykYLah3yxobbPUKhEUqYijE6rqDn9mbbBKUOm9Tiz/HhYdm51sK8=
X-Received: by 2002:a1c:f914:: with SMTP id x20mr7944611wmh.142.1564167522376; Fri, 26 Jul 2019 11:58:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAKC-DJikByP+wX-GoD6ntpUWTbr6ioJzB4i8nGQL4NtPWePL3g@mail.gmail.com> <ae353a56-efe5-ce5d-1786-465fc0195071@bellis.me.uk> <cd42bccb-89db-4084-e9e5-7dad0d59cb35@pletterpet.nl> <CAJE_bqf2V2vk2uR2bsHzZ9+eDzCwA1hVi88AT7NWR6ibmE4MAg@mail.gmail.com>
In-Reply-To: <CAJE_bqf2V2vk2uR2bsHzZ9+eDzCwA1hVi88AT7NWR6ibmE4MAg@mail.gmail.com>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Fri, 26 Jul 2019 14:58:30 -0400
Message-ID: <CAKC-DJhxLXMuE9BdHmFK742AeFHvPsfmEE5Rfy1XHc+vB8nUAg@mail.gmail.com>
To: 神明達哉 <jinmei@wide.ad.jp>
Cc: Matthijs Mekking <matthijs@pletterpet.nl>, dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008a65bc058e9a2130"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/b66SYB6b753pCsVO4czc47TIwO8>
Subject: Re: [DNSOP] Fwd: HTTPSSVC record draft
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2019 18:58:47 -0000

The need to bootstrap ESNI (encrypted SNI) keys via DNS is the forcing
function here for clients.  They need to do something new here to address
that, and if that requires an additional lookup then there is opportunity
if other problems can be solved at the same time as long as we don't slow
down ESNI deployment or hurt performance over an ESNI-specific solution.

    Erik


On Fri, Jul 26, 2019 at 2:52 PM 神明達哉 <jinmei@wide.ad.jp> wrote:

> At Tue, 23 Jul 2019 17:04:43 +0200,
> Matthijs Mekking <matthijs@pletterpet.nl> wrote:
>
> > But as soon as clients start querying for ANAME (and not address
> > records) meaning it will chase the target itself, the DNS server
> > actually does not have to do a target lookup anymore.
>
> True, but my understanding is that the key difference is that the web
> browser community (at least some big players of it) is willing to
> support HTTPSSVC, thereby already overcoming the most difficult part
> of the chicken-and-egg problem: how to deploy it in the client side.
> I actually don't fully understand how HTTPSSVC has got the support
> while ANAME hasn't though (perhaps because of the incentive of other
> HTTPSSVC features like the alternative service form?).
>
> Once a sufficient number of clients support it, the authoritative side
> will have the incentive of deploying HTTPSSVC, and if it's
> sufficiently deployed in the authoritative side, too, then we can
> eventually hope to deprecate the practice of CNAME at apex.
>
> Right now, I'm not sure how we can expect this to happen for ANAME
> (except by waiting for perhaps several decades, until almost all
> recursive servers natively support ANAME).
>
> --
> JINMEI, Tatuya
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email