Re: [DNSOP] port number in HTTPSSVC
Eric Rescorla <ekr@rtfm.com> Fri, 03 January 2020 20:30 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4560120099 for <dnsop@ietfa.amsl.com>; Fri, 3 Jan 2020 12:30:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id odjOIor0WEkL for <dnsop@ietfa.amsl.com>; Fri, 3 Jan 2020 12:30:51 -0800 (PST)
Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85F3C12004A for <dnsop@ietf.org>; Fri, 3 Jan 2020 12:30:50 -0800 (PST)
Received: by mail-lj1-x22b.google.com with SMTP id u71so44992165lje.11 for <dnsop@ietf.org>; Fri, 03 Jan 2020 12:30:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9LvnL5Q/3Yh4B0MMnwVBiyRhOX0NQcDgvXg8voEW3Zo=; b=tNp43JCzeeRV49px+QvWMdlkzb7eBy1vanr8rP4qKAPBxsjioAEOvsW/2AJbOxZgpH gtVirUJ/waGJWOeXDs41CG+f2rZdnuMCeM1Ix5FkY+0KcVDG87fVLg77sQIwxOvrevd5 Pri7/eBJ3juuAqUNY9q+NeoP6ZBbPq91xp2Gnpxt1cIKNKSI5DFwL6CLr0gaI/+jrBfQ jA10YAIQhLH6REn4vO/QWFjqh1hA+NDOvz8ptdmXfZLKJPNQLfTdcRQTpQ7VYT+8ysKl YjzQ6IT+HuYAOOsyM79EBCuZHR3UNJDVuX+W2KDWi1Bf+bN1Zp0gCy3083HT5A0+3636 yJKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9LvnL5Q/3Yh4B0MMnwVBiyRhOX0NQcDgvXg8voEW3Zo=; b=kVHfnaQ6p7ujb5aBazqksgLuq/cwL0i1iBakCsD7D6foibZnZG32D6+c/NGyWrQkgm L/Xzle+LQxDMdozieGvZbGoXz4AM8ym3+lrtbW8EBfDaUBXiTtnlfygsZMzfzopa1s66 4FeXXGM7/dES8iKS0nV+gOIvCQQPMCWFAP7T79+1YWORqzfTucU1oBy/TPJIsGfJKHBW VIr+5L6fsM9Ljn9NAmVLbkE5G8Skrs/1jWQFGf2DV4prE482FGX/t2XZPubePrPztdvL dlVhprjuaI3+E4elZw9TrMpbKM7f/044WKenR/sv6obbU/IayhWI93Z8nMFuzqFHHyuf Ei2Q==
X-Gm-Message-State: APjAAAW/+6B2dSXTWK80kn9u6p+16Tz5L1lmURNFdeJsI1wiWOG7pZWv dy7eAJ2225RoGzcPqJWxhTGyzhbJ2i8X1imyPTqmEQ==
X-Google-Smtp-Source: APXvYqyUWElDcJTjOvj61CnEYiGmWkE9pRvcDOcPb4wzcyObqwMHMiCWCPHsf+DHvjdifaTKQFYMRyViJaq3LTwtp20=
X-Received: by 2002:a2e:870b:: with SMTP id m11mr51910728lji.93.1578083448740; Fri, 03 Jan 2020 12:30:48 -0800 (PST)
MIME-Version: 1.0
References: <1880498.g4XWyb2Ovm@linux-9daj> <CAHbrMsCcokTmgFgyiDRXvLndmzs9nsJayg11az27xSOFnK0ozw@mail.gmail.com> <CAMGpriX=KNhEBO7AxCi+AQTJs4LV1USWmeJuGidTX7gFtFewRA@mail.gmail.com>
In-Reply-To: <CAMGpriX=KNhEBO7AxCi+AQTJs4LV1USWmeJuGidTX7gFtFewRA@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 03 Jan 2020 12:29:57 -0800
Message-ID: <CABcZeBPdZ66xohrjbavDN=zyTrdc2w3-eNqUShKW2i_dZVSrbg@mail.gmail.com>
To: Erik Kline <ek.ietf@gmail.com>
Cc: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>, dnsop <dnsop@ietf.org>, Paul Vixie <paul@redbarn.org>
Content-Type: multipart/alternative; boundary="0000000000006371af059b422fea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bll8IQrvTqdkhT0xblqBZSN_wrs>
Subject: Re: [DNSOP] port number in HTTPSSVC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2020 20:30:54 -0000
I agree. I do not think we should make this change. -Ekr On Fri, Jan 3, 2020 at 12:02 PM Erik Kline <ek.ietf@gmail.com> wrote: > I think removing port number flexibility might unduly constrain some data > center use cases where service reachability might not have the more common > 443-only limitations. > > On Fri, Jan 3, 2020 at 11:33 AM Ben Schwartz <bemasc= > 40google..com@dmarc.ietf.org <40google.com@dmarc.ietf.org>> wrote: > >> HTTPSSVC co-editor here. >> >> The effect of this change seems similar to deprecating support for >> non-default ports in HTTP/3. While I have some misgivings about the >> handling of non-default ports in HTTPS, I would want to see consensus in >> the HTTP and QUIC working groups before making this change. >> >> I would suggest sending your proposal to those lists, and we can adjust >> the HTTPSSVC draft based on their conclusions. >> >> On Fri, Jan 3, 2020 at 1:24 PM Paul Vixie <paul@redbarn.org> wrote: >> >>> in SRV we added a port number to the rdata because the /etc/services >>> file was >>> painful to keep globally updated. SRV was protocol independent. >>> >>> HTTPSSVC is protocol specific, and when it copied SRV, it included the >>> port >>> number in the rdata, which i think is both unnecessary and error-prone. >>> >>> managed private networks who want to permit outbound HTTP/3 are going to >>> add a >>> rule like "if the far end port number is 443, add a stateful rule". >>> anyone who >>> uses the port number field (if it exists) in HTTPSSVC to specify a >>> different >>> port number is going to suffer, as will many of the clients trying to >>> access >>> that service. >>> >>> i suggest that the port 443 assumption for HTTP/3 be baked in, and that >>> this >>> field be removed from the HTTPSSVC rdata. >>> >>> -- >>> Paul >>> >>> >>> _______________________________________________ >>> DNSOP mailing list >>> DNSOP@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsop >>> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] port number in HTTPSSVC Paul Vixie
- Re: [DNSOP] port number in HTTPSSVC Ben Schwartz
- Re: [DNSOP] port number in HTTPSSVC Erik Kline
- Re: [DNSOP] port number in HTTPSSVC Eric Rescorla
- Re: [DNSOP] port number in HTTPSSVC Paul Vixie
- Re: [DNSOP] port number in HTTPSSVC Christian Huitema
- Re: [DNSOP] port number in HTTPSSVC Rob Sayre
- Re: [DNSOP] port number in HTTPSSVC Ray Bellis