Re: [Http-srv] Alternative to SRV?
Erik Nygren <erik+ietf@nygren.org> Thu, 23 August 2018 21:57 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: http-srv@ietfa.amsl.com
Delivered-To: http-srv@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9226A130F09 for <http-srv@ietfa.amsl.com>; Thu, 23 Aug 2018 14:57:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.916
X-Spam-Level:
X-Spam-Status: No, score=-1.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GXWQ1nByJypW for <http-srv@ietfa.amsl.com>; Thu, 23 Aug 2018 14:57:19 -0700 (PDT)
Received: from mail-it0-f66.google.com (mail-it0-f66.google.com [209.85.214.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD7331277C8 for <Http-srv@ietf.org>; Thu, 23 Aug 2018 14:57:18 -0700 (PDT)
Received: by mail-it0-f66.google.com with SMTP id d10-v6so9644349itj.5 for <Http-srv@ietf.org>; Thu, 23 Aug 2018 14:57:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=khKVrqd0CumIp1hfY0Pix9BGxmnDlq1Kx4gHPcg8GkM=; b=pM/tM7yMguzlqlWxxSJV52ir5kHCNSM5uTyaQDPp6Synp4mkW3B18CqHg7czOporJz m1CFFJ30rQJiveSefHeiI+b62iFKe164eNp+HXagCHzQY8tSijVFbOfLT+880OW/maG0 PmLnIXdTNLKE9KJZGBGoiVcWFG8Kxde0UfRMAkvUWwrnUf5nSuO178fA8OnY2pjVOHKZ vwaxvQE72iDBwiNAETaAyip546xIUXgmzvczW54so1kxn0+OEPQbPSTc17gEVDipgH3t ML3RLSF4YotBixWLGKKJSb7JzEwH29jAGaZq8r1gQNx2UjkTypFm7qv3XrIzmNZPAcLZ gmhQ==
X-Gm-Message-State: APzg51D37E28mgDItJyzSh15T3NEpmekwVz+hB4whBxFbPMF9h/PLiTR f1xlCQLE0hM46dNrWgsAleLNd0mopoJWYUKItloYc0HL
X-Google-Smtp-Source: ANB0VdaYg/pzFyS6NgZAA46rA+EkczBx3gbYOd9Q3MNLbIs93CxtS/9x6/31sJCUHxhcUaPcSRiPqN6e90WwytCGlbg=
X-Received: by 2002:a24:9ac6:: with SMTP id l189-v6mr2201923ite.0.1535061437960; Thu, 23 Aug 2018 14:57:17 -0700 (PDT)
MIME-Version: 1.0
References: <6aceab29-cf81-8644-20cd-e02281e6394c@bellis.me.uk> <DDFF92A9-9F1D-4883-AF5C-1372EBDAB156@isc.org>
In-Reply-To: <DDFF92A9-9F1D-4883-AF5C-1372EBDAB156@isc.org>
From: Erik Nygren <erik+ietf@nygren.org>
Date: Thu, 23 Aug 2018 17:57:08 -0400
Message-ID: <CAKC-DJj3uGYwgd5v+VUEWCDS08NMcFne+1iZ2EC3FVr2qKmcwg@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: Ray Bellis <ray@bellis.me.uk>, Http-srv@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b7d61f05742157c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-srv/D79ZMSLf49AxPxhFX_sBtiItd-w>
Subject: Re: [Http-srv] Alternative to SRV?
X-BeenThere: http-srv@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Using DNS SRV Records with HTTP <http-srv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-srv>, <mailto:http-srv-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-srv/>
List-Post: <mailto:http-srv@ietf.org>
List-Help: <mailto:http-srv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-srv>, <mailto:http-srv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Aug 2018 21:57:22 -0000
I will point folks again to draft-schwartz-httpbis-dns-alt-svc ( https://tools.ietf.org/html/draft-schwartz-httpbis-dns-alt-svc-02). Another older variation on this is draft-nygren-service-bindings-00 ( https://tools.ietf.org/html/draft-nygren-service-bindings-00) from a few years back takes a similar approach. Why I like this over something more minimal: * Allows indicating the transport to the client, enabling clients that support HTTP/2 or QUIC to start using it immediately without additional RTTs to get an Alt-Svc from the server (giving browsers a performance incentive to support it). * Provides extensibility so that additional hooks can be added in later without requiring clients to look up more records. For example: * With "ESNI" (encrypted SNI) we could include the ESNI key or its name in the ALTSVC DNS record. * Being able to indicate that the first label can be replaced by "_wildcard" in the SNI (eg, to send "_wildcard.example.com" as an SNI) is another sort of extension discussed. * Being able to indicate that some service entries are IPv6-only (no IPv4 A record is present) might be another useful signal to include as an optimization some day. * Provides a better data model and much better operational sanity for things like ESNI in the context of multi-CDN (but also just for cases such as moving between hosting providers or CDNs). By tying attributes like the ESNI key, supported transport protocols, etc within the same RR as the the servername, different servernames on different hosting environments can sanely have different properties. * Fits into the Alt-Svc model already implemented in some clients. I'm not tied as much to the particular encoding specifics (the existing Alt-Svc string format, some CBOR encoding, something that moves a few of the attributes such as server to a more structured RRTYPE but still has extensible fields per RR, etc). What this ends up looking like is something like is an rrset along the lines of: _443._https.example.com. IN TYPE??? {priority1} {transportprotocol1} {servername1} {port1} {extension_fieldset_1} _443._https.example.com. IN TYPE??? {priority2} {transportprotocol2} {servername2} {port2} {extension_fieldset_2} _443._https.example.com. IN TYPE??? {priority3} {transportprotocol3} {servername3} {port3} {extension_fieldset_3} For example: _443._https.example.com. IN ALTSVC 10 quic2 example.com.examplecdn.net 443 ( esni=key124._esni.examplecdn.net ) _443._https.example.com. IN ALTSVC 20 h2 example.com.examplecdn.net 443 ( esni=key124._esni.examplecdn.net; ipv6-only=true ) _443._https.example.com. IN ALTSVC 40 http/1.1 legacy.example.com.examplecdn.net 443 ( esni=key124._esni.examplecdn.net ) I suspect that some CDNs would then have customers CNAME over "_443._ https.example.com." to some name on the CDN. For example in the example above it might be that it actually CNAMEs to _443._https.example.com.examplecdn.net which then means that the A and AAAA records for "example.com.examplecdn.net" can be returned as additionals from the same examplecdn.net authority along with the ALTSVC record. Erik
- [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Tony Finch
- Re: [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Martin Thomson
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Martin Thomson
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Daniel Stenberg
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Tony Finch
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Tony Finch
- Re: [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Erik Nygren
- Re: [Http-srv] Alternative to SRV? Shumon Huque
- Re: [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Shumon Huque
- Re: [Http-srv] Alternative to SRV? Erik Nygren
- Re: [Http-srv] Alternative to SRV? Patrik Fältström
- Re: [Http-srv] Alternative to SRV? Ray Bellis