IETF Logo Mail Archive

Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt

Eric Orth <ericorth@google.com> Thu, 20 May 2021 18:00 UTC

Return-Path: <ericorth@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 693923A2092 for <dnsop@ietfa.amsl.com>; Thu, 20 May 2021 11:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LpW2HRYcglaE for <dnsop@ietfa.amsl.com>; Thu, 20 May 2021 10:59:57 -0700 (PDT)
Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E2273A2090 for <dnsop@ietf.org>; Thu, 20 May 2021 10:59:57 -0700 (PDT)
Received: by mail-yb1-xb2e.google.com with SMTP id r7so1923028ybs.10 for <dnsop@ietf.org>; Thu, 20 May 2021 10:59:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EqitjVpy6h+THsYm4Sa+RQCppLn8/qkC3w0RTDGCSso=; b=eAnA/empboPEfMf93wBicxbR59T8IUW3P/RC7qH8r8Ok2GQOVdbWsuNaPgYHHvNbZf jLoQqw8cboKsofWSr3PqCV8hf7/C71Ni0X3b7YRil7xAFBz+YjNBmbSblta0DHCytXMy dL9LMH/VmHKx+QRb2C3AShZwXjnzfvKCcNhdpRn8/LG9XHqGDr83erI5VhOLb3O2iDdK IcAPqlnNpTWzbcAj+DaHPlS5TpbKf7YYfmNzJ2vmsDPR7Gxk+MujlvJ0q9iZKlavsK3s CyPBWW1zGjx+8961Ly9gYhoyJ9XJhh8B7ThMupHix+NYOlrJBQ1EqAkWrWPvGmawTy5P E5Kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EqitjVpy6h+THsYm4Sa+RQCppLn8/qkC3w0RTDGCSso=; b=ZOYuyXj+0SuyqxV7PjuaW5beO7yWhnCLWhbL4i3LRrGqlWpmbj1v/zC7mX0D2e7aE4 Uc1VtUBVobS6RwwPHn6bWC9VpQuVsdcqyMtd6lbDYq95zJC5AmlIsIbPqtwrGLDB1i8q N4sjri9I8VNVVwpomv3QGkYUh9bLtAVn7Jsebh9alRJiVCSsI8kMgiz5FXLEw2zu55Pt wGVVKOfeu/hF3W+SyJKPt3kwyjE5Vhnh1/HVysiX31azKPZ9X0uPrXg8jv32aFSHViIf 18tb2FaVpKLN0EV1rK9ccmqa2UJ5CPIs/bKfBhWcJoZWhCDaQ1Qi8Cnc3Mx1tEPFV4hn 6sWw==
X-Gm-Message-State: AOAM530iAua3PLw8CGkSXyt6wy70BHEdCq9Jw2v89ervN/ueEuM6wzNg iEii9hF/i82mc6IOfCehT51NHqG1nNSb/du2kmJ4qRgta0s=
X-Google-Smtp-Source: ABdhPJxIbYRSBgG3ex3c31GHS+579zn6dmDGY2tAe9bcmtVly1rGaOXCdvwr2uSNVegBcYLxb+4YSl9KKpz99jupcu4=
X-Received: by 2002:a25:6b51:: with SMTP id o17mr9399644ybm.149.1621533595769; Thu, 20 May 2021 10:59:55 -0700 (PDT)
MIME-Version: 1.0
References: <7ADF1FB2-97A4-4C49-8F25-8BF03BE01640@hopcount.ca> <20210512213903.D5F1F7AA827@ary.qy> <CAMOjQcFJjcsvaREF0fr+2GTY4zTy5CxSxR16BEp=Nc-K9WJ0Tg@mail.gmail.com> <CAH1iCipAVKVCuH2ME=+YpeJyijrKCtzJaU3bRFyy1f48EB33iw@mail.gmail.com> <CAHbrMsCjWgV7nc575L_qdvr7HdoEVKqkXRwLdXA2L5NiCgdvwA@mail.gmail.com> <CAH1iCipW_-BSMQZ-S+m18pyzfxTGsCrmG9Pc-b35_VRiLhxh4w@mail.gmail.com> <CAHbrMsDvEkYAxee4xjW5LsQmr0PgBf+UmMAuME-_UvRMg4jJeA@mail.gmail.com> <CAH1iCiq4zJZBv5=f7T2EDRWKa7bAZx66SMKkf+AiDsDPTZokhQ@mail.gmail.com> <CAHbrMsAW_wtKmRDYKZVUrFLZYuM_DqoS-8VRMf-O0Z8WpPBfbg@mail.gmail.com> <CAKC-DJj3nPAZp=qpwjBJ_3yG_EO-q-bcJbaizUNw9uq6deVZjg@mail.gmail.com> <C3734365-D5F7-4F9A-A463-5EFBB841A583@apple.com> <CAH1iCiod61M5aHnF_qrpP6=Oc3nBL+McaSui5NUnLd1GbS=okw@mail.gmail.com> <CAH1iCipcjnHdBcc7VCpLr9rP6vbbTHKYPHtqBkQu_achzpohcg@mail.gmail.com> <D10F7DCD-71AE-4AFC-9835-C9E1F03D831F@icann.org> <CAH1iCiphr71C0MjhP-amR4S5FpDzKc4qkDvsU3qMXhdLNhiwyw@mail.gmail.com> <CAH1iCiqSFk0XP_We+cUfe0xFvmDMusPc3weHxSK-e5CLT6jLwg@mail.gmail.com> <CAKC-DJhH=OK_mraWK1pVEx6a_hiPSPF-KQwd+mDy_2mg_a17CQ@mail.gmail.com> <CAH1iCip=Y0MTh4=ATqWPdWSDot4dmBge96Y-cdL86hk3dk3ddg@mail.gmail.com> <9a138693-60a0-4b75-99f5-6a7544f935a0@www.fastmail.com> <CAH1iCirdY4HWj1o8X3mEkPJODrQZ391YsuC75Hs5m5G4PM3ATA@mail.gmail.com> <1A6728DB-72CB-425E-90D7-38159DC8D4FB@fl1ger.de>
In-Reply-To: <1A6728DB-72CB-425E-90D7-38159DC8D4FB@fl1ger.de>
From: Eric Orth <ericorth@google.com>
Date: Thu, 20 May 2021 13:59:44 -0400
Message-ID: <CAMOjQcF=K_Dkya7yamKECxHjmsEVHmLyoaoF3KRnCXqPde4wSw@mail.gmail.com>
To: Ralf Weber <dns@fl1ger.de>
Cc: Brian Dickson <brian.peter.dickson@gmail.com>, WG <dnsop@ietf.org>, Martin Thomson <mt@lowentropy.net>
Content-Type: multipart/alternative; boundary="000000000000f80ed005c2c6b51c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wA-QvOPyxaPq7ryIL4fjkne7_Wo>
Subject: Re: [DNSOP] [Ext] I-D Action: draft-ietf-dnsop-svcb-https-05.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2021 18:00:03 -0000

A big selling point behind why we have client implementers planning to
query HTTPS records is the expectation that this will be the only query
type we will need to add and that it can be extended to handle any future
information we need for establishing HTTPS connections (and we want
mechanisms to be able to add stuff in the future to keep improving HTTPS
connection behavior).  It is not practical to add too many additional DNS
queries to make web requests, and nobody wants a
deprecation/new-SVCB-based-record-type cycle every time we need to add
something.  So in the end, I do not expect HTTPS would see much adoption
without the extensibility.

On Thu, May 20, 2021 at 6:37 AM Ralf Weber <dns@fl1ger.de> wrote:

> Moin!
>
> On 20 May 2021, at 3:32, Brian Dickson wrote:
> > (There's a reason I'm not suggesting making SVCB non-extensible, or
> > touching any aspect of the SVCB thing itself.)
> >
> > Note that more ALPN values are supported, and how those are
> > defined/used/etc are really not relevant to the structure (wire format)
> of
> > the records (HTTPS or SVCB).
> >
> > HTTPS needs transport, port number, name, and maybe some hints for IP
> > addresses, plus the new encrypted SNI.
> Well if we created HTTPS five years ago we would not have known about
> encrypted client helo. The point of an extensible format is that you
> can extend it beyond what you know now. And I am pretty sure there will
> be development in the HTTPS arena.
>
> For me mentally HTTPS is just a shortcut for
>         _https.name IN SVCB …
> so on the right side HTTPS and SVCB are the same and we should keep it
> that way IMHO.
>
> So long
> -Ralf
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email