Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Martin Thomson <> Thu, 20 May 2021 01:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6F89D3A2844 for <>; Wed, 19 May 2021 18:47:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=optyX0+V; dkim=pass (2048-bit key) header.b=m8YDcva5
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id AkJGMTn4CKns for <>; Wed, 19 May 2021 18:47:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 707733A2840 for <>; Wed, 19 May 2021 18:47:02 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal []) by mailout.west.internal (Postfix) with ESMTP id 1E2431E5B; Wed, 19 May 2021 21:46:59 -0400 (EDT)
Received: from imap10 ([]) by compute2.internal (MEProxy); Wed, 19 May 2021 21:46:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=W0+euxWzWxq/Euu12F6vS85uy7NS zPJQNXQybGgHbaY=; b=optyX0+VL3GP+1kCtFyVYbvsV39iTnlYKbXgwzGRNST3 jWT01tG5Q/wuqB2VQhsavQvlrtk4KukBSAmXyBmoafvHMPYmlctebwO/VMNX7HIE sgv70Y7CUa49Gt+JSgsuEfc5mbnQR2PH/8/yIKp6pQRBuj/A3pmfvXmBVMALqkbR +lVQL0L1spDwcUO975ZgoxeM+LIcKJvN0cZPKGZEjgeVijZ9NKnJdkUVF+A3fYS2 n+Nl9JsWa4JohErvv4P6gevUxWYwRp/k+NuQkkxJjw4h0v4Q/FEnBgRjwdAJcP/9 trsN+/qEakc2BUZO8ImMxZ3XS5m9FaXBsG9tUEfpbg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=W0+eux WzWxq/Euu12F6vS85uy7NSzPJQNXQybGgHbaY=; b=m8YDcva5cj5laVnBFzMsDx /jt9yfcal8NS4yQEFO5uUI4DsxXf1cQzx/UFpfwlfLVNEpVK1upY+XgTp9bfluiK VVSJp1Y7cE7pGlo8/RMEIOXCl77+AHlbbcYIZnmd3leutDEY/0lb3t0QLDeLIvf0 +q04NVehC2a09F58Xrci8nTio+Sted/c8F3W7X6MWes1T/lqxXVT69MmrZf+QnN0 5baVHXMqW1qN/ZV6qDmptZI4CSiAZKVd1zjs0Ubd4HIBCEIF11mtRlSuHByosRNm KGegd4ZLrwZXKZXTaVYQtWpYgHpIRwjlpdtl+YpaNdyA0bs8+9SnTBNdAncgwZuA ==
X-ME-Sender: <xms:kr-lYJ0eXIP0vQSPCDsh-C11bEwvGb3cOc1sE56Ej1vFgsvabgXSRQ> <xme:kr-lYAEzbFiDUe2afRujqCL1GlcR22q5bQ-grT4k0sjb0Ewnz4pOf8LStUiZtWLAs apZyu9QlzT0kvMDSbs>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdejtddgheduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecugg ftrfgrthhtvghrnhepueevleeitefhiefggeeufeejjeelueffieehvdejgfdvteeijeeh kedutdfhkeffnecuffhomhgrihhnpehhthhtphhsrhgvtghorhgurdhinhenucevlhhush htvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehmtheslhhofigvnhht rhhophihrdhnvght
X-ME-Proxy: <xmx:kr-lYJ71MLYHvyvfNY_NBKHjFW_HoahlsTUol_ZwxT_liYYkHuA_8Q> <xmx:kr-lYG30D0b8DNhJyEacGT_V3ycCdlwEPFj0T4jdK861RONQ9gwgZA> <xmx:kr-lYMHEJEEiGo1aewlaUXgnDoQR3rFBxfrBXLrH3g_8fj9VLyt1fQ> <xmx:kr-lYPxkiQfG8nWo4-WcB0poCE1hqlyFtJFk8R_WIeoGONv92We9Tg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 27CE24E00AB; Wed, 19 May 2021 21:46:58 -0400 (EDT)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-448-gae190416c7-fm-20210505.004-gae190416
Mime-Version: 1.0
Message-Id: <>
In-Reply-To: <>
References: <> <20210512213903.D5F1F7AA827@ary.qy> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
Date: Thu, 20 May 2021 11:46:37 +1000
From: "Martin Thomson" <>
To: "Brian Dickson" <>
Cc: " WG" <>
Content-Type: text/plain
Archived-At: <>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 May 2021 01:47:08 -0000

On Thu, May 20, 2021, at 11:32, Brian Dickson wrote:
> Is it one of those things that are "Well, we think we might need 
> something", or is it "We already know something we need"?

The former is definitely a factor.  Though you might reasonably say that defining another HTTPSv2 codepoint is feasible, that path doesn't scale particularly well.

For the latter, there is a fairly long list of things that don't have enough substance to be really defensible.

Off the cuff, we have discussed in TLS some options that would improve performance and reliability.  It's not clear whether those would fall into extension codepoints on the ECH configuration or the SVCB/HTTPS record.  In QUIC, we are discussing whether ALPN binds to QUIC versions and the implications of that.  Some versions of AltSvc designs relied on QUIC version indications there.  The outcome of that discussion might point toward needing more parameters on HTTPS for QUIC version negotiation.
I would have thought that the former would be sufficient in this case.  The fact that this space has been static an unmovable in the past has repressed a bunch of opportunities.  Locking this down now would return us to that state and would be exceedingly unwise (at least in my view).

Note that I say that as someone who generally tries to avoid creating extension points.  But I've been convinced that extensibility is perhaps the key feature that SVCB delivers.  I'm surprised to find that you think otherwise.