IETF Logo Mail Archive

Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Brian Dickson <brian.peter.dickson@gmail.com> Thu, 20 May 2021 18:09 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D2493A20F6 for <dnsop@ietfa.amsl.com>; Thu, 20 May 2021 11:09:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D2maKS68YGHr for <dnsop@ietfa.amsl.com>; Thu, 20 May 2021 11:09:49 -0700 (PDT)
Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27DF03A20EB for <dnsop@ietf.org>; Thu, 20 May 2021 11:09:49 -0700 (PDT)
Received: by mail-lj1-x234.google.com with SMTP id p20so20899784ljj.8 for <dnsop@ietf.org>; Thu, 20 May 2021 11:09:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+jiMyHiI78R3SvbChVRAvRiveu0eD4iKe1xH4hviUIM=; b=LsjHwApqcSBA182eFwcdV4BIbLWMgukbMV555ZLiuyP1h43qAIjIAY8V85ln04+qoR ANkNd3Q7bife+YDCo+Nu3xq951kbw2jMH4FRg470poloFVgSbc0uxDynsk4BkRk5YhzY H96Tnpmeujn+gBiMc7lZhGXizoSHnTzcQ4fBJqafREV6BNfhBaxDUr+pfFuzeWqSXHY+ pdla+aINts7AKE5KqfWmqHj8wVgCUPGpNQ7L7KUtlWe84HmpvSuDDVBPRjvCqbEQideP sCNxXk4CyxNN7q7A3YCAWEfOD1iz7fktRmWfEWq4nSFIqlxccHo0UzG6Q80mhjv4mGY5 049A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+jiMyHiI78R3SvbChVRAvRiveu0eD4iKe1xH4hviUIM=; b=e+QqOVu5oMSk1sSYUofnMt426D6mp99kPsWTo3Rwwgm6wYbp1lO1OV44OnygyOFdNJ KZ5ZNk2kzP3tI48Ap8QnXp62Wo+ExGi6LM5nL86Cd6rz0IgZ1l9NtRZqG8Y3PSUKPVVu cXKH6PtdcMVnPsLbHWkEHoGqCwHX+p3BvSZ7l/QrVx9jbHUdThKPM/uNWaav9AU9PqSp itTTpCC3NaoEgPLg4KG8qMF/R0zNwnaVjyH+in67VZqwMThebHtkgPbTfeNei7LSRfsL vkpWe3TNCNykdZT/kySNA6+LfGeeAcNaIhhzP9iAFRezOrQhkRbmK2RlikJADXyfvb/y ewlA==
X-Gm-Message-State: AOAM531OD0jF0vVTbGGU1H8Hh3CCa4BaaU9M5FoiuYwb+EIMJ3COoBK7 e0eXRuQkcKZVKAWiWvNGBqJdMaqBQ+ROSKOENd4=
X-Google-Smtp-Source: ABdhPJyV0D1/Qdnc0sQ6w/jrKpJH2TFEyss4N9Iv4HUv4eVTnval5J6eTRf0Xk61dcF93sD6yEv93Tqo+WZtG1OHKpk=
X-Received: by 2002:a2e:4c19:: with SMTP id z25mr4014756lja.47.1621534186110; Thu, 20 May 2021 11:09:46 -0700 (PDT)
MIME-Version: 1.0
References: <7ADF1FB2-97A4-4C49-8F25-8BF03BE01640@hopcount.ca> <20210512213903.D5F1F7AA827@ary.qy> <CAMOjQcFJjcsvaREF0fr+2GTY4zTy5CxSxR16BEp=Nc-K9WJ0Tg@mail.gmail.com> <CAH1iCipAVKVCuH2ME=+YpeJyijrKCtzJaU3bRFyy1f48EB33iw@mail.gmail.com> <CAHbrMsCjWgV7nc575L_qdvr7HdoEVKqkXRwLdXA2L5NiCgdvwA@mail.gmail.com> <CAH1iCipW_-BSMQZ-S+m18pyzfxTGsCrmG9Pc-b35_VRiLhxh4w@mail.gmail.com> <CAHbrMsDvEkYAxee4xjW5LsQmr0PgBf+UmMAuME-_UvRMg4jJeA@mail.gmail.com> <CAH1iCiq4zJZBv5=f7T2EDRWKa7bAZx66SMKkf+AiDsDPTZokhQ@mail.gmail.com> <CAHbrMsAW_wtKmRDYKZVUrFLZYuM_DqoS-8VRMf-O0Z8WpPBfbg@mail.gmail.com> <CAKC-DJj3nPAZp=qpwjBJ_3yG_EO-q-bcJbaizUNw9uq6deVZjg@mail.gmail.com> <C3734365-D5F7-4F9A-A463-5EFBB841A583@apple.com> <CAH1iCiod61M5aHnF_qrpP6=Oc3nBL+McaSui5NUnLd1GbS=okw@mail.gmail.com> <CAH1iCipcjnHdBcc7VCpLr9rP6vbbTHKYPHtqBkQu_achzpohcg@mail.gmail.com> <D10F7DCD-71AE-4AFC-9835-C9E1F03D831F@icann.org> <CAH1iCiphr71C0MjhP-amR4S5FpDzKc4qkDvsU3qMXhdLNhiwyw@mail.gmail.com> <CAH1iCiqSFk0XP_We+cUfe0xFvmDMusPc3weHxSK-e5CLT6jLwg@mail.gmail.com> <CAKC-DJhH=OK_mraWK1pVEx6a_hiPSPF-KQwd+mDy_2mg_a17CQ@mail.gmail.com> <CAH1iCip=Y0MTh4=ATqWPdWSDot4dmBge96Y-cdL86hk3dk3ddg@mail.gmail.com> <9a138693-60a0-4b75-99f5-6a7544f935a0@www.fastmail.com> <CAH1iCirdY4HWj1o8X3mEkPJODrQZ391YsuC75Hs5m5G4PM3ATA@mail.gmail.com> <1A6728DB-72CB-425E-90D7-38159DC8D4FB@fl1ger.de> <CAMOjQcF=K_Dkya7yamKECxHjmsEVHmLyoaoF3KRnCXqPde4wSw@mail.gmail.com>
In-Reply-To: <CAMOjQcF=K_Dkya7yamKECxHjmsEVHmLyoaoF3KRnCXqPde4wSw@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Thu, 20 May 2021 11:09:34 -0700
Message-ID: <CAH1iCiqbqLwG0cYfftV2XQU908QJ5YkpBtiqnqy6ch_d8zEn2g@mail.gmail.com>
To: Eric Orth <ericorth@google.com>
Cc: Ralf Weber <dns@fl1ger.de>, WG <dnsop@ietf.org>, Martin Thomson <mt@lowentropy.net>
Content-Type: multipart/alternative; boundary="00000000000027819105c2c6d971"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/h9o-tfNPr6PGhsF3CRVDJjdX2o0>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2021 18:09:54 -0000

On Thu, May 20, 2021 at 10:59 AM Eric Orth <ericorth@google.com> wrote:

> A big selling point behind why we have client implementers planning to
> query HTTPS records is the expectation that this will be the only query
> type we will need to add and that it can be extended to handle any future
> information we need for establishing HTTPS connections (and we want
> mechanisms to be able to add stuff in the future to keep improving HTTPS
> connection behavior).  It is not practical to add too many additional DNS
> queries to make web requests, and nobody wants a
> deprecation/new-SVCB-based-record-type cycle every time we need to add
> something.  So in the end, I do not expect HTTPS would see much adoption
> without the extensibility.
>
>
Okay, so the takeaway from that is whatever is done to improve the ability
to parse the records, should include the extensibility.
(That limits the amount that can be done to improve parsing and to make it
more DNS-like, but there is still room for improvement, IMHO.)

I'll think about how that can be done (improving parsing, not
extensibility, i.e. any proposal(s) I make will be based off a baseline
which will be the current format.)

Brian


> On Thu, May 20, 2021 at 6:37 AM Ralf Weber <dns@fl1ger.de> wrote:
>
>> Moin!
>>
>> On 20 May 2021, at 3:32, Brian Dickson wrote:
>> > (There's a reason I'm not suggesting making SVCB non-extensible, or
>> > touching any aspect of the SVCB thing itself.)
>> >
>> > Note that more ALPN values are supported, and how those are
>> > defined/used/etc are really not relevant to the structure (wire format)
>> of
>> > the records (HTTPS or SVCB).
>> >
>> > HTTPS needs transport, port number, name, and maybe some hints for IP
>> > addresses, plus the new encrypted SNI.
>> Well if we created HTTPS five years ago we would not have known about
>> encrypted client helo. The point of an extensible format is that you
>> can extend it beyond what you know now. And I am pretty sure there will
>> be development in the HTTPS arena.
>>
>> For me mentally HTTPS is just a shortcut for
>>         _https.name IN SVCB …
>> so on the right side HTTPS and SVCB are the same and we should keep it
>> that way IMHO.
>>
>> So long
>> -Ralf
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>>
>

v2.23.0 | Report a Bug | By Email