Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt

Willem Toorop <willem@nlnetlabs.nl> Mon, 22 March 2021 09:41 UTC

Return-Path: <willem@nlnetlabs.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FAE73A0D78 for <dnsop@ietfa.amsl.com>; Mon, 22 Mar 2021 02:41:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LMHKSuKuK6kb for <dnsop@ietfa.amsl.com>; Mon, 22 Mar 2021 02:41:27 -0700 (PDT)
Received: from outbound.soverin.net (outbound.soverin.net [116.202.65.218]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC74C3A0D71 for <dnsop@ietf.org>; Mon, 22 Mar 2021 02:41:26 -0700 (PDT)
Received: from smtp.soverin.net (unknown [10.10.3.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by outbound.soverin.net (Postfix) with ESMTPS id BD646600D0; Mon, 22 Mar 2021 09:41:20 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [159.69.232.138]) by soverin.net
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nlnetlabs.nl; s=soverin; t=1616406080; bh=VULqWETNaqx2941EowoleAChKIBEPHPbqDUk9KkNOIw=; h=To:References:From:Subject:Date:In-Reply-To:From; b=VphhlcgRnBAYfSTqi1F674fDt9UpAwbOiWwLA9Ro+0mao61xW0HSk2M9duEyKWFj6 9Z0FVT3+f/EYsnj9JjgLTqtovIau82LGK2XkHKvLNgUQzZGDLfZkwZaSzExrT3y4TV ZBFbkWcmU7p772rMBV5rxVmq9R1jffRzaGjWbM4roRDKc4aZbE+BRy7MJBi0upPZne x0I3XoBcX6DmKGwMGxY7hHwOF5fQV2HPzKl6gycHOW0OWX6qKHA97LeTbbQtbqvevv Axk7SVDiE/SPsteNzr+lXAoMei8JuaVeuc6ggq8nLQC8Gzs085oVOSK1JoJ1Dyeg1w PCu43z1KkrhhQ==
To: Pieter Lexis <pieter.lexis@powerdns.com>, dnsop@ietf.org
References: <161600103837.12472.4123883592260330100@ietfa.amsl.com> <CAHbrMsA3NzpY9RFNhWsvYgQ0hqcqEDuMUrw7HmGBJZ1+uaLtNA@mail.gmail.com> <600ED9AF-2C6F-429F-AF39-445E29E686EF@apple.com> <4DFDEFA6-4132-42CA-8DA7-D0537C5FC29A@isc.org> <99cdd98b-ac59-c96c-a73f-a58729c2ca52@nic.cz> <fbeb99ad-9ccc-1050-a0d2-3b6e5287ed7a@nlnetlabs.nl> <214c21bc-2d05-0c58-ba0f-4891bae0e343@powerdns.com> <b6b65c08-55c1-9f2c-a33b-29ab8e806d45@nlnetlabs.nl> <adad7e8a-280f-3ad6-4dac-eec954fe01bf@powerdns.com>
From: Willem Toorop <willem@nlnetlabs.nl>
Message-ID: <047911f1-87b8-e798-d361-9927bef7e10c@nlnetlabs.nl>
Date: Mon, 22 Mar 2021 10:41:18 +0100
MIME-Version: 1.0
In-Reply-To: <adad7e8a-280f-3ad6-4dac-eec954fe01bf@powerdns.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/sBgE7_Ah5e1SbwMUm8_AsZJr7WI>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2021 09:41:32 -0000

Op 19-03-2021 om 18:03 schreef Pieter Lexis:
> Hi Willem,
> 
> On 3/19/21 11:47 AM, Willem Toorop wrote:
>> That'd be nice!
> 
> PR is here [1].
> 
>> Do you also have tests for peculiar/corner and failure cases?
> 
> I'm a little bit unsure what you men with this :).

Well, I am wondering how much the parser should just normalize or
produce a syntax error instead. I noticed from the 7th example in your
PR, that you automatically put the SvcParams in the correct order, so
you apply normalization there in the sense that your parser sorts the
SvcParams. So do Net::DNS and (unreleased) ldns b.t.w.

But what about the keys in the "mandatory" SvcParam? Should they be
sorted automatically? Or should the parser produce an error if they are
not sorted? Currently both both Net::DNS and ldns sort them for you.

What if keys appear double in the "mandatory" SvcParam? Should the
parser produce an error or remove the doubles? Currently ldns removes
them, but Net::DNS produces and error.

What if keys that may not appear in "mandatory" (like key0 or mandatory
itself) appear in the "mandatory" SvcParam? Should they be removed
automatically or should they produce and error.

What if keys that are listed in "mandatory" do not appear in the RR.

What if there is a DNSSEC signature alongside the SVCB or HTTPS RR?
Should normalization be applied to the rdata then?

What if the SVCB and/or HTTPS is not parsed by an authoritative, but
received via AXFR or IXFR? Or dynamic updates?

Also, I love the annotated RFC3597 format that Net::DNS produces and I
think we should use that in the test-vectors!

> The code is here[2].
> I've also opened a PR updating our parser for the draft-03 changes for
> multiple values, that one also has some tests for the value parser[3].
> 
> Cheers,
> 
> Pieter
> 
> 1 - https://github.com/MikeBishop/dns-alt-svc/pull/307
> 2 -
> https://github.com/PowerDNS/pdns/blob/3a63bb5fca1c45a6e9dee808a56ca6cbea2be0d8/pdns/test-dnsrecords_cc.cc#L209-L230
> 3 -
> https://github.com/PowerDNS/pdns/pull/10074/files#diff-1c55ae7b2d1073637c05a035de9ef6688ecffb209e50b3bef8b3d9ea1c5a329dR308-R393
>