Re: [Driu] [DNSOP] SRV and HTTP

Nico Williams <nico@cryptonector.com> Wed, 11 July 2018 21:24 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: driu@ietfa.amsl.com
Delivered-To: driu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31CA4130FBB; Wed, 11 Jul 2018 14:24:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.861
X-Spam-Level:
X-Spam-Status: No, score=0.861 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_L5=2.851] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXDXVN-Pjbo7; Wed, 11 Jul 2018 14:24:32 -0700 (PDT)
Received: from homiemail-a108.g.dreamhost.com (homie-sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 17CF1130FCB; Wed, 11 Jul 2018 14:24:32 -0700 (PDT)
Received: from homiemail-a108.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a108.g.dreamhost.com (Postfix) with ESMTP id 95D0D20047613; Wed, 11 Jul 2018 14:24:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=xPKVnZ4/vNP10qcQ0dMbRsKEbkA=; b=dvbs53irB00 eznSocVoVCNHX2rcDhbmBJBxlClzec1bANNMl/xXPwd0cj0QqsWwmje0/jaeFr+K fRNh7kVzRPIuFFjs6HuHUnv5ydtGHAJ0fEPi6NrKeGQxhXnKL/85Sinhrmm6mcNS FJz5Z3NpYlYTZjO1vJ3FPx1Rcj6/Cyu8=
Received: from localhost (cpe-70-123-158-140.austin.res.rr.com [70.123.158.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a108.g.dreamhost.com (Postfix) with ESMTPSA id D0D432004760B; Wed, 11 Jul 2018 14:24:29 -0700 (PDT)
Date: Wed, 11 Jul 2018 16:24:28 -0500
From: Nico Williams <nico@cryptonector.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: Mark Andrews <marka@isc.org>, Joe Abley <jabley@hopcount.ca>, dnsop@ietf.org, DoH WG <doh@ietf.org>, Adam Roach <adam@nostrum.com>, driu@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20180711212427.GA9723@localhost>
References: <alpine.LRH.2.21.1807101056140.5219@bofh.nohats.ca> <4a845808-5348-d6e4-dda2-59aaf0e85c14@nostrum.com> <3DF5A66C-CCBF-4116-A1FC-35CF8E05808B@hopcount.ca> <e1675184-f0bc-670d-3db1-b99a9daf1657@nostrum.com> <CAJhMdTOZtOpF_aK-ZzP0DfkDMcAtTKFLdSpKkrSPvP1cOgnOjQ@mail.gmail.com> <e658445a-242b-5f94-f1fc-0bc4c850319d@nostrum.com> <CAJhMdTOPjhbOK=NQijnYZ3kCY_+f-87n7wwwuR38ifHUG5msqA@mail.gmail.com> <F6C1AF50-EB1B-4E09-9A72-229AD4AC7E57@mnot.net> <82099DED-CCB6-4CDC-BFE6-97B1AB3EB0A4@isc.org> <7A9000F5-0772-49FC-BDBB-862C8141BA54@mnot.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <7A9000F5-0772-49FC-BDBB-862C8141BA54@mnot.net>
User-Agent: Mutt/1.5.24 (2015-08-30)
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/driu/DBcLGg1yhFy3emlKj_XYg_WelX8>
Subject: Re: [Driu] [DNSOP] SRV and HTTP
X-BeenThere: driu@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "DNS Resolver Identification and Use \(DRIU\)." <driu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/driu>, <mailto:driu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/driu/>
List-Post: <mailto:driu@ietf.org>
List-Help: <mailto:driu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/driu>, <mailto:driu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 21:24:41 -0000

> > On 11 Jul 2018, at 11:30 am, Mark Andrews <marka@isc.org>; wrote:
> >
> > > > On 11 Jul 2018, at 3:55 am, Joe Abley <jabley@hopcount.ca>; wrote:
> > > >
> > > > *cups hand to ear*
> > > > 
> > > > Was that the sound of a distant desire to specify use of SRV for
> > > > HTTP?
> > 
> > I think there are three main objections.
> > 
> > 1) Wildcards don’t work with prefixes.
> > 2) Additional data isn’t always returned it may require multiple round trips.
> > 3) Additional data processing doesn’t support negative responses.
> > 
> > All of these issues are trivially easy to fix.  It just require willingness to implement.
> > 
> > 1) is addressed by defining a new type(s) rather than using prefixes.

While that is correct, and truly, it is trivial to implement, it is not
trivial to deploy: too many DNS hosting providers would have to update
UIs.

Let me add my voice in favor of new RR types by which to replace SRV
RRs.  URI is one of them, for the sorts of things we do in Kerberos for
KDC discovery, but no really appropriate for resolving HTTP authorities.

> > 2) is addressed by getting recursive servers to fill in missing additional data before returning.  Named has code in review for this for SRV as proof of concept.

That would be very nice indeed.  Unbound will need that too.

> > 3) is addressed by adding some signalling between the client and recursive server to indicate if the additional section is complete or not.

Well, OK, but as with (2) that requires recursive resolver critical
mass.  Not necessarily a big deal, though it will take enough time that
many apps will need to support falling back to doing multiple queries
one by one.

Nico
--