Re: [DNSOP] draft-ietf-dnsop-svcb-httpssvc-01 feedback

Patrick McManus <> Sat, 07 December 2019 15:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 896AA12001E for <>; Sat, 7 Dec 2019 07:07:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=dVehcRxM; dkim=pass (2048-bit key) header.b=psAcpRmh
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0Z7i15odocWA for <>; Sat, 7 Dec 2019 07:07:42 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1CC5B120232 for <>; Sat, 7 Dec 2019 07:07:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1575731262; cv=none;; s=arc-outbound20181012; b=YxKyy4e5GwAglkzgngbfnLWfjtiCjnd0aYFnW2cbAxbWB5F4oIFC9GsETqWbLJ+R/jlXpbW3xrmhj nAcKe+sZvMtsiRZER2K1WCB49sDJS+KdhDdxXNn4DXACtFCdjJmdZHH8XY04H/EsJDzZ6oW3GN7tDJ F8sEprgkCDFy9/S1Um8qr1sHRTBYExoJe/6MUhJnModopfPyq8TZiNYqKGkFCT+PDfeNMqrNFrJGLQ fEG336Xo2/ItSBToFa9+EvXtqF6+T3jGXn7A1Er/mnb6eBcTH0L4z4zA8ltyvFmb95p6G3Vs1ZTndZ X1QMQ93oobpA2Fjq8fPGFbJvtI2uKdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-outbound20181012; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:dkim-signature:dkim-signature:from; bh=o6az460ffyLeshUdqjsCwLVsUSJdSyBz+iTBrX3WDzg=; b=Nwl0+q7+q8eJLChcCdmM++h/Ssn8//9T18fI4S9JGPKEENsR+4uAFp94elyU3PicVnmhj+OGZ2Qln Aw0q3B58bRBctER1ZBE4bnsBBWHzUvyp1axaOkLxwO/z97fM0AQSserujGg8K0yaqp53yfh2raydIs z1/yxT3ohvIPKslmgSY6QI1OPCuvH+pnL/f9GWde2FYoHjk9fBEI/xNgfZqZ1GsnU7VvmPs9/VskLA khTxwSVX2UBY8ADxsm+EnvmA4SZm9A+uJAIuGYem9qTX7n+1wVfB4wp1OfHfmHg0wDEAmV2yEe0EmT H9/+KRp0oCiMS+QexT2WNAjN6VwXTcw==
ARC-Authentication-Results: i=1;; spf=pass smtp.remote-ip=; dmarc=none; arc=none header.oldest-pass=0;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=duo-1537391512170-ea99bbb3; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=o6az460ffyLeshUdqjsCwLVsUSJdSyBz+iTBrX3WDzg=; b=dVehcRxMMsMBldxxApHM9oEE5jgmNF7wQ1NCdpLj7y8gDoVX8szAEen+Rw2N/TNePz58i0JTKOUTD ssKDbYvAqDGOmyWyw9amFZIDOtrxqoQcjlmP52bXceXvlg8vaOUXvcNEpmgsRX7heReFQ2MAUtZ/EX SUks4gs27j40xTrM=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=dkim-high; h=content-type:cc:to:subject:message-id:date:from:in-reply-to:references: mime-version:from; bh=o6az460ffyLeshUdqjsCwLVsUSJdSyBz+iTBrX3WDzg=; b=psAcpRmham/wl6HR1z6uvrzwNYiN1qW4m/h/o3suu5o4VO8i9ZQ4pAlSz0MXkmvL0+7hbsVuNqLiP cHWkH0t0K9UgSN9Xmnz3DkjyTEyT5PVJV3sesgRYcmaBwy/e7u3ZwXfvpfNHdf9bomkTwFvTkmmQIH oIDPrsLpr3LOZnw66EUxOQvp1ANxKMAdf2KzBHzuY9HSvmqfO8yFye+FPtGgm3UVIYfQWdyCPOzACg /a3+6usQOJtyPsRm9JM7Kc17d5EENFVyQKmE5PpxY7w+9po54dcPfu/Zj8tjvBrlqOzOxv06OycC+U zr1YYKa4mm59/nLd8RjouOoNuaDNPjw==
X-MHO-RoutePath: bWNtYW51cw==
X-MHO-User: 4f0672ee-1903-11ea-b80c-052b4a66b6b2
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from (unknown []) by (Halon) with ESMTPSA id 4f0672ee-1903-11ea-b80c-052b4a66b6b2; Sat, 07 Dec 2019 15:07:40 +0000 (UTC)
Received: by with SMTP id d17so8494191otc.0 for <>; Sat, 07 Dec 2019 07:07:39 -0800 (PST)
X-Gm-Message-State: APjAAAVpHdkI+luvDAxkrwixTYoHN/rASIEo4thETzRGDqScYIASSOl7 ez4ZI3ywsYEIm+Z3wsJRdWk8hfYug0yGxtwRn2E=
X-Google-Smtp-Source: APXvYqxD1gHZyIwZlk/gJ+a7ourK0pfiUyis+DfQhLiKGp6AWv3nMGtxYmMM3RXO1eQIUHxKPjQ48VhPkdBB1xlJ7LY=
X-Received: by 2002:a05:6830:139a:: with SMTP id d26mr15763774otq.75.1575731258780; Sat, 07 Dec 2019 07:07:38 -0800 (PST)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Patrick McManus <>
Date: Sat, 7 Dec 2019 10:07:27 -0500
X-Gmail-Original-Message-ID: <>
Message-ID: <>
To: Eric Orth <>
Cc: dnsop <>
Content-Type: multipart/alternative; boundary="000000000000f0f40305991e8592"
Archived-At: <>
Subject: Re: [DNSOP] draft-ietf-dnsop-svcb-httpssvc-01 feedback
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 07 Dec 2019 15:07:43 -0000

On Fri, Dec 6, 2019 at 5:45 PM Eric Orth <ericorth=>; wrote:

>    - Therefore, unless somebody comes up with a good reason that longer
>    chains need to be supported, we intend to only follow 1 or 2 links before
I'm sure you're not trying to undermine the standards process, but that's
what happens as a side effect of statements like that. We're at an -01,
let's discuss (as Brian does downthread) the reasoning behind design
decisions and see if we can get to consensus on them without threatening to
take the ball and go home already. If there is eventual consensus and
you're in the rough and feel its bad for your product then the appropriate
thing to do is not to implement a standard you don't believe in. but
implementing a different protocol and calling it httpsssvc does nothing but
lead to breakage and undermine the entire point of having a standards based

Maybe you mean you strongly believe this standard should allow at most 2

Brian has got a good point that these are pointers, and pointers don't know
how long the list is and the parties in the list are not strongly
coordinated (which is what makes a pointer powerful - its permissionless).
This also complicates ESNI, but its a fact of life. Also, people trade
latency off against indirection all of the time for reasons they think are
valuable (that's true of DNS but also in general). It would be interesting
to study the distribution of chain lengths, but I can say off the cuff that
3 is really common in web space and imo, this spec should be aligning
itself with existing deployment strategies in order to make its own path to
deployment as frictionless as possible.