IETF Logo Mail Archive

Re: [DNSOP] alpn parsing in SVCB

Ben Schwartz <bemasc@google.com> Tue, 19 April 2022 18:24 UTC

Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0742A3A0736 for <dnsop@ietfa.amsl.com>; Tue, 19 Apr 2022 11:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.608
X-Spam-Level:
X-Spam-Status: No, score=-17.608 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ks-Q8iWHZGvv for <dnsop@ietfa.amsl.com>; Tue, 19 Apr 2022 11:23:58 -0700 (PDT)
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D57C3A0C0E for <dnsop@ietf.org>; Tue, 19 Apr 2022 11:23:54 -0700 (PDT)
Received: by mail-wr1-x432.google.com with SMTP id m14so23580519wrb.6 for <dnsop@ietf.org>; Tue, 19 Apr 2022 11:23:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8Q4SJ4gsr/PN2/wiuHZd1ZBuB1uqs3rUz/JCSguGEhg=; b=Xq1c7e3UrOqBCJkC1/CbTPMD3PybQR7jdKJA1c6QHyj4vdTz0TLcagvVr+f96cwtjQ 3ZrVhBLxBgR0LLcOgp1uYBM6eQOYD+8ttPV3H8ql4R9QvPiSLtDQzmQyXJAHSROp/EIf Ks2zXch6lUaSXa0YTl+KJ5B6+3yqwd1qh9OGwmM9IVzeN7PKAbMrAmc57wgy4Hk4hLxc kGO/+ACGmviwVHf2btLY4IslTUug9Yq0m4nktePPROB/br/UKo8o+gYIBAti+Wy59clu +M9PIOjxDWn/pT6dSLxT4Dh8gmLsy2adl1zt7Nsid1uig519dua9uhdRaUhq8nVz1ETK eSXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8Q4SJ4gsr/PN2/wiuHZd1ZBuB1uqs3rUz/JCSguGEhg=; b=V4z3FF1XofJqXDNR8EDsYSHctJw1rZv5JLNdBNRbGatpmNvTU6gZ5IN0KYF/ffd/5k ir1gz6d7yLV1FFMZrEg5terUTVtdpSpowFuVN3tPa0Sz2I8FSqDN+mVfQNIgm+qafsZA B9sehrfeNoTO8JwzEqLf/4fPQQFd4IsbJ4MgGmd97KLuxkW22MVajGSI+rVB1CIzKXLN ICKCSLtYsUjGHOot6Jy7GbGU+Nq7P2lhmASc0gxmfedIjutehpl3/7oE3d0mPTttvPBN HTsd25Vnqg9H4zCYjpcMhu+9+9VL+FtHFXrcHr3DV2FAGmzziC21hZ4ZtNIxbo7Zmxde xacQ==
X-Gm-Message-State: AOAM530+Xj3HhrZAD7ZGnQj8x2DH5zxw5mrfE29nhr+l8b1ZQeHNbNRP qZ8tiCQHjXHDVJgqk8KnPkS1KqTJza5YbSbBjx51bxPDZxGKKw==
X-Google-Smtp-Source: ABdhPJwh9nrMiEcgWTzPvQETHdrmo7OwpiKkw/ADsojTTFNG7WVlHWEbfDuYiCeb24vMdGNJMfOG44UnJ6ukeSALZe8=
X-Received: by 2002:a05:6000:1863:b0:20a:988f:e0ad with SMTP id d3-20020a056000186300b0020a988fe0admr8248575wri.572.1650392632312; Tue, 19 Apr 2022 11:23:52 -0700 (PDT)
MIME-Version: 1.0
References: <f261e303-8b36-34a4-e2ad-262d4a224cf0@time-travellers.org>
In-Reply-To: <f261e303-8b36-34a4-e2ad-262d4a224cf0@time-travellers.org>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 19 Apr 2022 14:23:41 -0400
Message-ID: <CAHbrMsBec8oN1eSJfyrCHwY-fKwNgTKEUgav_FnxZ=XD+oOvyw@mail.gmail.com>
To: Shane Kerr <shane@time-travellers.org>
Cc: dnsop <dnsop@ietf.org>, Erik Nygren <erik+ietf@nygren.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="0000000000009e7ee905dd05fa92"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ih3Im_xcerLO9ArVXjV7cXYa6Pk>
Subject: Re: [DNSOP] alpn parsing in SVCB
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Apr 2022 18:24:03 -0000

Hi Shane,

It's never too late.  Even after publication, the IETF can always change
the rules for registration of ALPN values.  However, ALPN is controlled by
the TLS working group, so you would have to make that argument there.

The SVCB authors engaged with the TLS working group on this topic last
year: https://mailarchive.ietf.org/arch/msg/tls/JqhlkWX0H1F4Hi4pjMOcn1tkm-I/
.  We concluded that there was not enough support for tightening the ALPN
registration rules, which is how we ended up with the current text.

--Ben

On Tue, Apr 19, 2022 at 2:16 PM Shane Kerr <shane@time-travellers.org>
wrote:

> Dear Colleagues,
>
> I know it's really late, but I hadn't worked with the SVCB until
> recently. Apologies if this has been thoroughly discussed. 😬
>
> I implemented a parser for the "alpn" service parameter, and the code
> was a lot more complex than I thought it should be. Basically, the
> double-encoding required for full implementation of the presentation
> format is cumbersome.
>
> I also think it is completely unnecessary.
>
> Can't we just restrict alpn, so that we don't use comma in the name?
> That would get rid of the need for the double-encoded values, the
> decision that implementers have to make whether or not to support them,
> plus all of Appendix A.
>
> I don't see any strong motivation for allowing comma in alpn name. As
> far as I can tell none of the existing ALPN values use a comma:
>
>
> https://www.iana.org/assignments/tls-extensiontype-values.xhtml#alpn-protocol-ids
>
> Again, apologies for chiming in so late. Maybe other implementers have
> had a different experience with this, and I'm way off-base. But if
> others agree, maybe it's not *too* late?
>
> Cheers,
>
> --
> Shane
>

v2.8.7 | Report a Bug | By Email