IETF Logo Mail Archive

Re: issue 381: Discovery of the support of the HTTP2 protocol: DNS-based Upgrade

Eliot Lear <lear@cisco.com> Tue, 18 February 2014 05:48 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDB171A05CF for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 17 Feb 2014 21:48:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.05
X-Spam-Level:
X-Spam-Status: No, score=-15.05 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.548, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5XC8GfmqD5FP for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 17 Feb 2014 21:48:10 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 641381A00D3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 17 Feb 2014 21:48:10 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1WFdTn-00085d-RQ for ietf-http-wg-dist@listhub.w3.org; Tue, 18 Feb 2014 05:44:27 +0000
Resent-Date: Tue, 18 Feb 2014 05:44:27 +0000
Resent-Message-Id: <E1WFdTn-00085d-RQ@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <lear@cisco.com>) id 1WFdTa-00084a-7l for ietf-http-wg@listhub.w3.org; Tue, 18 Feb 2014 05:44:14 +0000
Received: from [173.38.203.54] (helo=aer-iport-4.cisco.com) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <lear@cisco.com>) id 1WFdTY-0001Ab-UW for ietf-http-wg@w3.org; Tue, 18 Feb 2014 05:44:13 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3189; q=dns/txt; s=iport; t=1392702252; x=1393911852; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=BDwV82FAetxtten68gdLJ76H0arSIETAT+Y/F2HpJaQ=; b=L7irmi4eUA7R29rVr/BGaVuZrlWLM7cSI/GhRfSNx5AmFcGuKiyUTiIw YUHJuOUVQesrv9iuEjFQ6nzwk1IX0lDYdLnvidFUlKl4E8M1rTxmcNTR9 1HhIteHH6q5UiP25eGc+hLSS+O73YqVVpQCMl4uBei2P/7xQv1uGSjGt+ Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhsFAAHyAlOQ/khR/2dsb2JhbABZgwY4g1m8ToETFnSCJQEBAQQjDwFGEAsYAgIFIQICDwIsGgYNAQUCAQGIAQ2of6IHF4EpjVgHgm+BSQSYLJIjgW+BPzs
X-IronPort-AV: E=Sophos;i="4.97,500,1389744000"; d="scan'208";a="607943"
Received: from ams-core-1.cisco.com ([144.254.72.81]) by aer-iport-4.cisco.com with ESMTP; 18 Feb 2014 05:43:45 +0000
Received: from mctiny.local ([10.61.164.243]) by ams-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s1I5hj49003977 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Tue, 18 Feb 2014 05:43:45 GMT
Message-ID: <5302F311.80201@cisco.com>
Date: Tue, 18 Feb 2014 06:43:45 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Josh Goodall <joshua.goodall@gmail.com>
CC: Martin Thomson <martin.thomson@gmail.com>, IETF HTTP WG <ietf-http-wg@w3.org>
References: <9E529263-C8FB-494C-B2A8-DB626C8D0876@gmail.com> <CABkgnnW9SFDKcewS=+WKvn5H=oo=EXrd+gF9jG0NWS709+FkuQ@mail.gmail.com> <53027F39.9000804@cisco.com> <31ED6CE3-CA1E-4EC5-980B-37CF40FF10F1@gmail.com>
In-Reply-To: <31ED6CE3-CA1E-4EC5-980B-37CF40FF10F1@gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=173.38.203.54; envelope-from=lear@cisco.com; helo=aer-iport-4.cisco.com
X-W3C-Hub-Spam-Status: No, score=-10.0
X-W3C-Hub-Spam-Report: AWL=-3.699, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=1.274, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5
X-W3C-Scan-Sig: lisa.w3.org 1WFdTY-0001Ab-UW f2258225c29b8e59dc5c3a0b315f1160
X-Original-To: ietf-http-wg@w3.org
Subject: Re: issue 381: Discovery of the support of the HTTP2 protocol: DNS-based Upgrade
Archived-At: <http://www.w3.org/mid/5302F311.80201@cisco.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/22259
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Josh,

On 2/18/14, 12:08 AM, Josh Goodall wrote:
> Hi,
>
> On 18 Feb 2014, at 8:29 am, Eliot Lear <lear@cisco.com> wrote:
>
>> Right.  I optimized for fewer queries.  The record format that I had was
>> one approach.  The key issue is that one should not have levels of
>> indirection in the RDATA, and even better that the QNAME for the record
>> be the same as for the A or AAAA.  On the other hand, then you have to
>> deploy a new RRtype.
> May I specifically address the issue of more queries? Yes it can
> happen - but I’m not sure it’s going to be a problem in the wild.
> I imagine that would only happen in two unlikely cases:
>
> * someone were to separately delegate the “_tcp” subdomain. Not
>   saying it can’t happen, but I haven’t seen it in ten years of
>   deploying SRV records.

It happens with great regularity in enterprise environments and is the
preferred method for scaling Microsoft AD.  Typically the zone is
delegated to the directory server.  In fact, one enterprise
administrator I spoke with about this didn't realize you had the option
to NOT delegate the _TCP zone.

>
> * If HTTP/2.x changes to specify more transports than TCP. Even
>   then, mechanisms exist to handle that too (new scheme names, or
>   explicit in URL e.g. I think the Diameter protocol includes this).

It is possible to use a new scheme name, but that has been rejected in
the past due to the so-called "side of the bus" problem.  Eg, what do
you do when you see "Go to MyFavoriteExampleDentist.com"?  I think Mark
just wrote a draft entitled draft-nottingham-uri-get-off-my-lawn that
says not to encode too much semantics in the URI itself.
>
> and one slightly more likely case:
>
> * using an alias in the RDATA of a SRV record is a common
>   misconfiguration that causes additional processing.
>
> In practise, most clients using SRV records see one DNS query packet,
> one response, job done. When properly configured, in-zone A and
> AAAA records come back in the Additional Data section, because SRV
> records get special treatment that way. That's *fewer* queries.

I agree the use of the SRV record to get the AAAA record in additional
data is attractive when the information is authoritatively available
(e.g., in the same zone), but there are problems with that as well,
because that information can't be signed.
>
> I have mixed feelings about new record types, they erect barriers
> to entry, and given that I think the case for SRV remains strong.

And my own thinking about this is that you shouldn't have a single path
to success.  Michael Welzl just presented a very strong argument about
this sort of thing at the ITAT workshop.  Use whatever gets you there. 
But I would caution that use of multiple records would be a bad idea. 
Let's pick one (or fewer) and get on with it.

There are a few other issues with SRV.  For one thing, it cannot provide
protocol version information in the RDATA.  That means you would have to
do multiple queries once we get beyond h2.  And we have all but
eliminated any protocol extension mechanism at the http level in
Zürich.  Bad combination.
Eliot

v2.23.0 | Report a Bug | By Email