Re: [DNSOP] DNS HTTPS/SVCB record type support in iOS 14

Tommy Pauly <tpauly@apple.com> Sat, 26 September 2020 02:08 UTC

Return-Path: <tpauly@apple.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 240093A0E70; Fri, 25 Sep 2020 19:08:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.794
X-Spam-Level:
X-Spam-Status: No, score=-3.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ft1CQ8p2TezT; Fri, 25 Sep 2020 19:08:06 -0700 (PDT)
Received: from ma1-aaemail-dr-lapp03.apple.com (ma1-aaemail-dr-lapp03.apple.com [17.171.2.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 903853A0E77; Fri, 25 Sep 2020 19:08:03 -0700 (PDT)
Received: from pps.filterd (ma1-aaemail-dr-lapp03.apple.com [127.0.0.1]) by ma1-aaemail-dr-lapp03.apple.com (8.16.0.42/8.16.0.42) with SMTP id 08Q27ced006965; Fri, 25 Sep 2020 19:08:01 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=content-type : content-transfer-encoding : from : mime-version : subject : date : message-id : references : cc : in-reply-to : to; s=20180706; bh=I1Laql+P0DXrtguY8FZ34XJn2qdaXhJewycj1dt6w7g=; b=sOqQhWlDi29TOdBItL6atqt6vN87E1ZY3C+TWk43ckucJS4GpcWNLP/bAZTNE8AUE7Ws 4Z+7l0JuSBOEXe0npE4JziSSm6RIj5hs0/bvQFemTaWTZwbdBqZ13hUfS0hPZPGXk82N uyKA4chI9vx5T6mtTak3QPV9MKmMbcRqurrMHJ6TwqQwaSwcf3ovKIKDJCCqNu8ZLPqr SMWJ2gfLpOcaFqiYrVxhABWQMjM37r7JGNlPKXa9WwxbfFZzyn1VD+xrTQvRPgox2tTR EP1xpz8JVVO55hUCwm9Emt/XUATy6DLhEWfKiJnZxgO8ZjDjuCP7L2OunqoI/WGaPwvQ 7w==
Received: from rn-mailsvcp-mta-lapp04.rno.apple.com (rn-mailsvcp-mta-lapp04.rno.apple.com [10.225.203.152]) by ma1-aaemail-dr-lapp03.apple.com with ESMTP id 33ngywfc55-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 25 Sep 2020 19:08:01 -0700
Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp04.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPS id <0QH800172TXCOI60@rn-mailsvcp-mta-lapp04.rno.apple.com>; Fri, 25 Sep 2020 19:08:00 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) id <0QH800B00TLI8900@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Fri, 25 Sep 2020 19:08:00 -0700 (PDT)
X-Va-A:
X-Va-T-CD: aefb07da2fd6938664ce892a3812191f
X-Va-E-CD: e876165c9a9a1c02d6ae715e100a7f1a
X-Va-R-CD: a244d06e8d95a99d70ca2b44f71fbcff
X-Va-CD: 0
X-Va-ID: 9b20f73c-56d2-4445-8ac5-dadbea86fdd1
X-V-A:
X-V-T-CD: aefb07da2fd6938664ce892a3812191f
X-V-E-CD: e876165c9a9a1c02d6ae715e100a7f1a
X-V-R-CD: a244d06e8d95a99d70ca2b44f71fbcff
X-V-CD: 0
X-V-ID: 45a84cfd-ba75-489f-9901-02cd69d372f7
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-26_03:2020-09-24, 2020-09-26 signatures=0
Received: from localhost.localdomain (unknown [10.104.254.36]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPSA id <0QH800YJNTXARD00@rn-mailsvcp-mmp-lapp01.rno.apple.com>; Fri, 25 Sep 2020 19:07:59 -0700 (PDT)
Content-type: multipart/alternative; boundary=Apple-Mail-BB6354ED-D8C9-4F4F-8C7C-7DABF039BEC0
Content-transfer-encoding: 7bit
From: Tommy Pauly <tpauly@apple.com>
MIME-version: 1.0 (1.0)
Date: Fri, 25 Sep 2020 19:07:57 -0700
Message-id: <B34F1567-9658-4D9D-A660-3180ADA6038F@apple.com>
References: <CACpbDccFFO=0+MoeBGbq03+BXNtcACFcjO9kf5=Y9X=E8+xNCw@mail.gmail.com>
Cc: Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org>, David Schinazi <dschinazi.ietf@gmail.com>, dnsop WG <dnsop@ietf.org>, QUIC WG <quic@ietf.org>
In-reply-to: <CACpbDccFFO=0+MoeBGbq03+BXNtcACFcjO9kf5=Y9X=E8+xNCw@mail.gmail.com>
To: Jana Iyengar <jri.ietf@gmail.com>
X-Mailer: iPhone Mail (18A373)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-26_03:2020-09-24, 2020-09-26 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/eeP4H9fli712JPWnEMvDg1sLEfg>
Subject: Re: [DNSOP] DNS HTTPS/SVCB record type support in iOS 14
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Sep 2020 02:08:08 -0000

Hi Jana,

Currently, HTTP/3 support in Safari needs to be enabled by the user (under Experimental Features). When it is enabled, the ALPN hint in the HTTPS record causes the stack to race QUIC first (assuming we have no history of QUIC failures), even when no previous connections had been made to the host. 

Thanks,
Tommy

> On Sep 25, 2020, at 6:08 PM, Jana Iyengar <jri.ietf@gmail.com> wrote:
> 
> 
> Thanks for sharing this, Tommy -- this is exciting indeed.
> Can you share if Safari uses this information for deciding when to race a QUIC connection?
> 
> - jana
> 
>> On Fri, Sep 25, 2020 at 1:19 PM Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote:
>> Hi David,
>> 
>> Sorry for the lack of clarity! The HTTPS query will be made alongside A/AAAA queries for all connections that use Network.framework/NSURLSession for URL schemes “http://“ and “https://“, or TCP port 80 or port 443.
>> 
>> Thanks,
>> Tommy
>> 
>>> On Sep 25, 2020, at 1:12 PM, David Schinazi <dschinazi.ietf@gmail.com> wrote:
>>> 
>>> Hi Tommy,
>>> 
>>> Thanks for the announcement! It's really exciting to see this deployed in the wild.
>>> Clarification question: your email mentioned support for the HTTPS DNS query,
>>> but it didn't mention when iOS makes those queries. For example, do you query
>>> this record every single time you perform A/AAAA queries? (in the context of
>>> a Network.framework connection to port 443)
>>> 
>>> David
>>> 
>>> On Fri, Sep 25, 2020 at 12:59 PM Tommy Pauly <tpauly=40apple.com@dmarc.ietf.org> wrote:
>>>> Hello DNSOP & QUIC,
>>>> 
>>>> I wanted to provide an update that the production version of iOS 14, which shipped last week, includes support for sending HTTPS (SVCB) DNS queries (RR type 65) for applications using our system networking APIs.
>>>> 
>>>> The implementation status has been updated here: https://github.com/MikeBishop/dns-alt-svc/blob/master/svcb-implementations.md
>>>> 
>>>> For those with HTTP/3 QUIC deployments, this means that (when HTTP/3 experimental support is enabled) iOS will use the ALPN indication in the HTTPS record to enable HTTP/3 prior to receiving an Alt-Svc indication. As previously noted on the DNSOP list, Cloudflare is already supporting publishing these records, and we’d encourage other server deployments that support QUIC to do the same.
>>>> 
>>>> To note, this behavior is the same in the betas of macOS 11.
>>>> 
>>>> Best,
>>>> Tommy
>>> _______________________________________________
>>> DNSOP mailing list
>>> DNSOP@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dnsop
>>