Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Dick Franks <rwfranks@gmail.com> Sun, 09 May 2021 12:02 UTC

Return-Path: <rwfranks@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BA8B3A0E1F for <dnsop@ietfa.amsl.com>; Sun, 9 May 2021 05:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1K0vovUYhIby for <dnsop@ietfa.amsl.com>; Sun, 9 May 2021 05:02:08 -0700 (PDT)
Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32DC13A0E1D for <dnsop@ietf.org>; Sun, 9 May 2021 05:02:08 -0700 (PDT)
Received: by mail-io1-xd2f.google.com with SMTP id b10so12189165iot.4 for <dnsop@ietf.org>; Sun, 09 May 2021 05:02:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=lXXiAtcBkRaavl27wpt8aro/4cx3Oa7dUocR2JAGL9U=; b=lgAfev+JyzaWdRRu/r3sEzkpiJgKu5nQhIoSV+A4er0acfH0uvfgEEr1gp6+ggaJ5j BCrAHT6QxaDgMNTP2gO8Sfi9w7AOKyaQsrvJ6RC6PS+dGK14vdZX4O/lYm68DVkKDJHJ QJfj2lhV6WX8SlExheXOp7YidH+ygmIJoeYaN/3SA0vZXoof1DlUvA3bS5k0kyw5/uBQ m8f06fvt5dJeFMM0fX7odkmpBgYcPBaDQvmLs9F5S86F5+JYZ4u5DIqh/d+PTwU1wH54 4imQCfwhML4z0x4J+W3QRtyahwP4QpNhZcXR35wIOg4zDM0oPg+uYoS784QUpso1RfUF 7fnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=lXXiAtcBkRaavl27wpt8aro/4cx3Oa7dUocR2JAGL9U=; b=ChfTfGGe7faLO/cY72ATBd+oKO4fPNBiN6SENc5Q9t0h8NCHkfBNaLtzIJo2KrgK2Y yYr6wYL9jAHfTgu8XWbVEFaqW8Yq9ABgdDizrMBPhNheBSE9alAne98VEcoXIQyuZhUo blP+aNBTqNPN0hurxy91OgGE9uuCfnYEiYQr5UirryKmpjxQJNalKZJnJeAPZO+cbndS BhEKv+JDXNMXOCAcE8oZ4iz/rm7BnWdBpD8MssGexmx+Eu2mtTzU6NHOCdgYBgQIjn62 WUMBKO+3Wa4+LnlFroD5qeunJpALyo6udTxa4gbtZp7qy/1l/6RXrIm4rmsiDfSPmN0d qKQw==
X-Gm-Message-State: AOAM530INw0tPy4EjYJfXZgLO+whADNSHvmSkeNqyLmsEgvpwvTnCwkU EvNhM0vM8jIlxDHpm09+hoLYAxP2C9hkXt8F1yaZffsE2wM=
X-Google-Smtp-Source: ABdhPJxmfCzc/szE6jbgdqqsil8DHkxCiyne3+PaBO9FaxUmr3RiC1DcbdPgMWwMc+BPHySi48jA5aQHt5mvXnm1eWk=
X-Received: by 2002:a02:a88f:: with SMTP id l15mr17573724jam.86.1620561726470; Sun, 09 May 2021 05:02:06 -0700 (PDT)
MIME-Version: 1.0
References: <161901308063.21005.875603362157576926@ietfa.amsl.com> <6245BB4F-4E2F-435F-ABC0-18C0420C8541@akamai.com> <CAHbrMsDGq0usDiqr0HtbFCR4Y8swtyv_0i7UOFf=C_ExW+0FNQ@mail.gmail.com> <303AD4A1-A9BE-4C31-B730-7B4D42587206@akamai.com> <CAHbrMsCj8OToEhjo7O0YkW4WGosGK7stBYTneYHUoX_KckY7Uw@mail.gmail.com> <80539395-F1F6-4BA1-8AFF-667DDF7604B1@icann.org> <CAHbrMsAC3Mb+e18Gv361XnCU3kBOWqCbUXPujuuqOULh4e-v=g@mail.gmail.com> <CAKW6Ri4Yi2v+owa7KABATBoRmEB9u0k_hxd235iDL0ngbGhuLA@mail.gmail.com> <B0F5B473-9A40-447D-9555-F549F54CE0B5@isc.org> <CAHbrMsDNUKzYC__R1z6yzt_9xxyp4Eov1FekumT9sDpFkmPVPw@mail.gmail.com> <CAKW6Ri6bybyLTZOPFjR=Gpus96OYz1_DcxsJe8r+K9u7z=_LXQ@mail.gmail.com> <CAHbrMsCgShoeTbSruFH_zigYtXEQEoEOihjE6kjSUmfW5VSVUw@mail.gmail.com> <CAKW6Ri6HWTv_7_qcJX5mnxJODfwGsDmc1X2UW4kxPi=ZfZBDcA@mail.gmail.com> <CAHbrMsCYFmmM+WfS8VQWfSvRQgp4wXHEsOJcHi3Nvunb++wuHg@mail.gmail.com> <CAKW6Ri6BPXPeb_jExwoUk2MNccCVTwPTZRahqSouEUcMeskA=g@mail.gmail.com> <aa9f870b-b3f1-ffa5-3a64-f5882e26e116@powerdns.com> <E2CCC482-58FC-4771-AC60-E731FF681BC7@icann.org>
In-Reply-To: <E2CCC482-58FC-4771-AC60-E731FF681BC7@icann.org>
From: Dick Franks <rwfranks@gmail.com>
Date: Sun, 09 May 2021 13:01:30 +0100
Message-ID: <CAKW6Ri4EwbH8fNgXZtSot4mU9Y4K3ktX7sRoAOxhmndpRUeBNg@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Cc: Paul Hoffman <paul.hoffman@icann.org>, Pieter Lexis <pieter.lexis@powerdns.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vQhtygpQocCkrMXc7r0uc3o-pug>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 May 2021 12:02:13 -0000

On Fri, 7 May 2021 at 16:52, Paul Hoffman <paul.hoffman@icann.org> wrote:
>
> On May 7, 2021, at 3:21 AM, Pieter Lexis <pieter.lexis@powerdns.com> wrote:
> > For PowerDNS, we treat the parsing of SVCParams as a two-step process.
> > First we use the normal rfc1035 character decoder on the full SVCParam
> > value, after which we apply the value-list parser. The former parses
> > 'foo\\,bar' into 'foo\,bar' that is then parsed to a list of length 1
> > with value {'foo,bar'}. So nothing changes from the perspective of the
> > rfc 1035 parser.

Pre-processing of '\\,' into the RFC1035 standard '\,' is
superficially attractive, but also fraught with danger.

A parser could have some fun with this one:

    $ORIGIN example.com
    @   SVCB   1 foo
key6="\032\001\013\184\000\000\000\000\000\000\000\000\\\\,\000"
    ; a.k.a.   ipv6hint=2001:db8::5c5c:2c00

> >
> > I can see how this might be confusing to those writing zone contents and
> > would support a solution that either prohibits comma's in SVCParam list
> > values or a different value separator that is not allowed to be embedded
> > in values.
>
> Pieter has a point here: to parse correctly, you need a two-step (or two-level) process. The *only* way to prevent that in the spec would be to say that commas are forbidden in  parameter values. However, even if the spec said that, someone would mess up and put a comma in a parameter value, and then different parsers will yield different values based on whether or not they took that shortcut.
>
> Escaping is hard.

Undeniably.

The spec only needs to say that a comma needs to be escaped  ( \, ) in
order to be disregarded as a separator.

BIND, NSD, Net::DNS, and PowerDNS can all do this, so there is little
mileage in claiming that it is not possible.

The "impossible" can be made possible by doing the right things in the
correct order.
Selecting the right things and the correct order is left as an
exercise for the student.




--Dick