Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Dick Franks <rwfranks@gmail.com> Thu, 06 May 2021 20:17 UTC

Return-Path: <rwfranks@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A5523A3053 for <dnsop@ietfa.amsl.com>; Thu, 6 May 2021 13:17:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3XkYQeoWyJO4 for <dnsop@ietfa.amsl.com>; Thu, 6 May 2021 13:17:32 -0700 (PDT)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A9263A304E for <dnsop@ietf.org>; Thu, 6 May 2021 13:17:31 -0700 (PDT)
Received: by mail-io1-xd29.google.com with SMTP id p11so5971189iob.9 for <dnsop@ietf.org>; Thu, 06 May 2021 13:17:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Zlgj2ejYaAcKUHisguqE6lx/kmGuMbz24DkKqPTyx+U=; b=trRTGWJw9lFLFfGJ6th8ZG0jwultQnIDDGf317xAvC4gTBk2je5nRya8YwqgcGH/Po 7JZIq1sh4OBzh5/dltcAZwMc5NfhjN4r+Hj2RrDRRcoSc3ryoWgpagIIQB+MgwYcT7ip 9aifunnzfxQnblpMjsOnjdoqmRbs66jkTItWd1LfSaLJXwDCbaCBLsQ4b2avcs9NuFBN Dg8vhqS4CeM1W3bYF/bEOg3FRZlG8XviOiuaOZL7zzqZ/TCcfRZc1uamqG9hfxDyvzDn xA8GK2tUcRydqptPmN8MXyayG/UG47A8TYFT/uAtxx2C+MIdDC2MSR+uLeDi4I9G1vdw kfvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Zlgj2ejYaAcKUHisguqE6lx/kmGuMbz24DkKqPTyx+U=; b=DYKNrpSWC5kw2mF2MyjOaqYBfi7QBxgIyfIczkYbfAqPV3LFcn7LVeoqrVH+nua1Be 6HO66XtToONqAWs8M7QpmeES4tnnA/1FCl5TPowjA9Arb1EK+o17Cs8lS7ga5hB/yqlf yp77HRmnqY30jW9BRDBvt4KiWwrDrkMxmd9bISMk3exqJZIO2+Chuqrq12CYM4ry+gfb mPT5bVsY5tMIb2otLQG4wG87ayQXjVv0Fw1jAHAQKsYLoecGtOlJcVra/ae9nRUOLMzg DSTx/I6OiT2G1Zqfvl2rudEFOZXOGy0/WKEwkFiv1QSvDUE7zxrNQSQntmtJ7filr9sX recw==
X-Gm-Message-State: AOAM530Wt2jZfrnW7HttDaOQY81pleT8+QdFVBGmU4LyRJfznHvG9vGB 2anBQMjGyk21aaPMBXG8cLoB0T8nztxWcxzoLDw=
X-Google-Smtp-Source: ABdhPJy/+e4cH/CC7g3KXIYDNx0Q1Ensefwg8XkNITz9ZnmSe3TcDCbL0GDB1hFk8iuqxIyfSrCUY418gJ3jkfh57vM=
X-Received: by 2002:a6b:7944:: with SMTP id j4mr4827474iop.60.1620332250686; Thu, 06 May 2021 13:17:30 -0700 (PDT)
MIME-Version: 1.0
References: <161901308063.21005.875603362157576926@ietfa.amsl.com> <CAHbrMsA4TMfE+3LAT+un0FF3DGXKsYB1zAtvUwf2YKr97mJ+sQ@mail.gmail.com> <87B615B4-9CA3-4060-93C2-E4B953C11FB2@akamai.com> <CAHbrMsDaqrQ+XDO4z395tC_yOH4MBH8OmoH8zTXWEHfcDC1+Ew@mail.gmail.com> <6245BB4F-4E2F-435F-ABC0-18C0420C8541@akamai.com> <CAHbrMsDGq0usDiqr0HtbFCR4Y8swtyv_0i7UOFf=C_ExW+0FNQ@mail.gmail.com> <303AD4A1-A9BE-4C31-B730-7B4D42587206@akamai.com> <CAHbrMsCj8OToEhjo7O0YkW4WGosGK7stBYTneYHUoX_KckY7Uw@mail.gmail.com> <80539395-F1F6-4BA1-8AFF-667DDF7604B1@icann.org> <CAHbrMsAC3Mb+e18Gv361XnCU3kBOWqCbUXPujuuqOULh4e-v=g@mail.gmail.com> <CAKW6Ri4Yi2v+owa7KABATBoRmEB9u0k_hxd235iDL0ngbGhuLA@mail.gmail.com> <B0F5B473-9A40-447D-9555-F549F54CE0B5@isc.org> <CAHbrMsDNUKzYC__R1z6yzt_9xxyp4Eov1FekumT9sDpFkmPVPw@mail.gmail.com> <CAKW6Ri6bybyLTZOPFjR=Gpus96OYz1_DcxsJe8r+K9u7z=_LXQ@mail.gmail.com> <CAHbrMsCgShoeTbSruFH_zigYtXEQEoEOihjE6kjSUmfW5VSVUw@mail.gmail.com> <CAKW6Ri6HWTv_7_qcJX5mnxJODfwGsDmc1X2UW4kxPi=ZfZBDcA@mail.gmail.com> <CAHbrMsCYFmmM+WfS8VQWfSvRQgp4wXHEsOJcHi3Nvunb++wuHg@mail.gmail.com>
In-Reply-To: <CAHbrMsCYFmmM+WfS8VQWfSvRQgp4wXHEsOJcHi3Nvunb++wuHg@mail.gmail.com>
From: Dick Franks <rwfranks@gmail.com>
Date: Thu, 06 May 2021 21:16:54 +0100
Message-ID: <CAKW6Ri6BPXPeb_jExwoUk2MNccCVTwPTZRahqSouEUcMeskA=g@mail.gmail.com>
To: Ben Schwartz <bemasc@google.com>
Cc: dnsop <dnsop@ietf.org>, Mark Andrews <marka@isc.org>, Paul Hoffman <paul.hoffman@icann.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/f84uMrQ0_KWmtIWYMB0OBnjJWzU>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2021 20:17:36 -0000

On Thu, 6 May 2021 at 19:11, Ben Schwartz <bemasc@google.com> wrote:
>
> On Thu, May 6, 2021 at 8:50 AM Dick Franks <rwfranks@gmail.com> wrote:
>> But that is precisely what you are NOT doing.
>> You have assigned a special significance to the character sequence
>> "\\," contrary to RFC1035.
>>
>> The language of RFC1035 is crystal clear that an escaped character is
>> parsed as plain text, independently, without regard to context, and
>> that any special meaning does not apply.
>>
>> Strict application of the RFC1035 rules causes string   "...\\,..."
>> to be equivalent to "...\092,...".
>
>
> I'm not sure what you're describing.  Those two inputs are universally equivalent in zone files under the current draft.  They are both reduced to {'\', '"'} by char-string parsing, which is applied uniformly and without modification to all SvcParamValues.

... and the '\' without any special meaning fails to protect the comma
from the attention of the argument splitter.


> Each SvcParamValue has its own input format.  For some SvcParamValues, '\' and ',' may not be allowed characters.  For others, they may be ordinary characters to be copied into the output, or they may have special significance.
>
... and I might, or might not, have a boiled egg for breakfast!


>> BIND, NSD, and Net::DNS are all able to arrive at implementations of
>> SVCB using the RFC1035 standard escape conventions, which demonstrates
>> beyond reasonable doubt that recognising "\\," is not an essential
>> requirement.
>
> I disagree: what you are proposing is a deviation from RFC1035 escape conventions, and what the draft does is specifically to ensure that no such deviation is required.

I am advocating strict adherence to RFC1035 escape conventions.  You
are the one proposing to deviate.


> ...  I have now encountered multiple codebases where modifying the RFC1035 char-string parsing in the way that you suggest would be prohibitively complex, and that complexity will only grow over time as new SvcParamValues are defined.

If the development cost is prohibitive, the obvious solution is to use
BIND, NSD, or one of the other respectable implementations which are
certain to be not far behind.  If Google cannot afford the license
fee, a six line perl Net::DNS script could be used to translate
RFC1035 compliant SVCB RRs into RFC3597 format at nil cost.

>
> The "value-list" format is a bit like a (much simpler) cousin of the SPF macro language (https://tools.ietf.org/html/rfc7208#section-7.1).  In both cases, the char-string decoder's output contains embedded commands that allow the next processing stage to distinguish between delimiters (comma and space, respectively) and escaped delimiters ("\," and "%_", respectively).

That is no justification at all.   SPF people can do whatever they
like within the arguments of a TXT record.


--Dick