Re: HTTPSSVC record draft

Mark Andrews <marka@isc.org> Fri, 05 July 2019 03:24 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 106421200E7 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 4 Jul 2019 20:24:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.651
X-Spam-Level:
X-Spam-Status: No, score=-2.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4e7GUnQSOiuC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 4 Jul 2019 20:24:08 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0BB51200D7 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 4 Jul 2019 20:24:08 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1hjEn8-0005Je-0r for ietf-http-wg-dist@listhub.w3.org; Fri, 05 Jul 2019 03:21:42 +0000
Resent-Date: Fri, 05 Jul 2019 03:21:42 +0000
Resent-Message-Id: <E1hjEn8-0005Je-0r@frink.w3.org>
Received: from uranus.w3.org ([128.30.52.58]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <marka@isc.org>) id 1hjEn4-0005Iv-Mh for ietf-http-wg@listhub.w3.org; Fri, 05 Jul 2019 03:21:38 +0000
Received: from www-data by uranus.w3.org with local (Exim 4.89) (envelope-from <marka@isc.org>) id 1hjEn4-0002qR-93 for ietf-http-wg@listhub.w3.org; Fri, 05 Jul 2019 03:21:38 +0000
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <marka@isc.org>) id 1hjEks-0003c1-Lj for ietf-http-wg@listhub.w3.org; Fri, 05 Jul 2019 03:19:22 +0000
Received: from mx.pao1.isc.org ([149.20.64.53]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <marka@isc.org>) id 1hjEkq-0002Vr-TZ for ietf-http-wg@w3.org; Fri, 05 Jul 2019 03:19:22 +0000
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 34A913AB005; Fri, 5 Jul 2019 03:18:58 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 1A412160047; Fri, 5 Jul 2019 03:18:58 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 05333160066; Fri, 5 Jul 2019 03:18:58 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id aE4_VmciSwn5; Fri, 5 Jul 2019 03:18:57 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 06A07160047; Fri, 5 Jul 2019 03:18:56 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAHbrMsDZ2D_e2xWbNnc3CcR-Sf7oQZc+6_qRjjk=JCw3zedAKQ@mail.gmail.com>
Date: Fri, 05 Jul 2019 13:18:52 +1000
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <AA5054B7-7907-4606-8168-F93600B53961@isc.org>
References: <CAKC-DJikByP+wX-GoD6ntpUWTbr6ioJzB4i8nGQL4NtPWePL3g@mail.gmail.com> <20190703195457.GA2536105@LK-Perkele-VII> <CAHbrMsDZ2D_e2xWbNnc3CcR-Sf7oQZc+6_qRjjk=JCw3zedAKQ@mail.gmail.com>
To: Ben Schwartz <bemasc@google.com>
X-Mailer: Apple Mail (2.3445.9.1)
Received-SPF: pass client-ip=149.20.64.53; envelope-from=marka@isc.org; helo=mx.pao1.isc.org
X-W3C-Hub-Spam-Status: No, score=-9.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1hjEkq-0002Vr-TZ 40d48c5d9c40df928ff85ac53c5d04c8
X-caa-id: 38fa1e650f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTPSSVC record draft
Archived-At: <https://www.w3.org/mid/AA5054B7-7907-4606-8168-F93600B53961@isc.org>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/36754
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> On 4 Jul 2019, at 6:21 am, Ben Schwartz <bemasc@google.com> wrote:
> 
> 
> 
> On Wed, Jul 3, 2019 at 3:58 PM Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> On Wed, Jul 03, 2019 at 02:45:47PM -0400, Erik Nygren wrote:
> > Ben, Mike, and I have submitted the first version of a proposal for an
> > "HTTPSSVC" DNS record.
> > 
> > TL;DR:  This attempts to address a number of problems (ESNI, QUIC
> > bootstrapping, HTTP-to-HTTPS redirection via DNS, SRV-equivalent for HTTP,
> > etc) in a holistic manner through a new extensible DNS record, rather than
> > in a piecemeal fashion.  It is based on some previous proposals such as
> > "Alt-Svc in the DNS" and "Service Bindings" but takes into account feedback
> > received in DNSOP and elsewhere.
> > 
> > Feedback is most welcome and we're looking forward to discussing with
> > people in Montreal.
> > 
> > Draft link:
> > 
> >       https://tools.ietf.org/html/draft-nygren-httpbis-httpssvc-01
> 
> Some quick comments:
> 
> - What if SvcDomainName has length different from its length field?
>   DNS wire-form names are self-delimiting (DNS message parsing relies
>   on this).
> 
> Thanks for the review!  The serialization format can definitely be improved; we want to make it easy to implement and consistent with typical DNS practices.
> 
> The current rationale for the length field is that we need some way of distinguishing the empty name (i.e. "", meaning "absent") from a name consisting of an empty label (i.e. ".").  I agree; there's probably a more intuitive way to represent that.  Suggestions welcome.]

Why not have “." mean “same host”?  “.” isn’t otherwise a sane value for type 2.
No service can be indicated by '1 0 . “”’.

> - What does it mean for SvcDomainName to be absent in alternative
>   service form? I would guess it means "same as RRNAME".
> 
> Sort of.  Alt-Svc has a concept of "uri-host omitted", in which case the connection proceeds to the same host.  I think the net effect is the same.
> 
> I agree, this seems like something the draft should clarify.  We also need to figure out what the text representation is.
>  
> - Why there is length field for SvcFieldValue? Why not let it run to
>   the end of record?
> - 2 byte length field can encode values up to 65535, not 65536. 
>   And the length of SvcFieldValue can not be that big, because
>   RRDATA and DNS message length limits (both 65535) would be hit.
> 
> Suggestions welcome.
>  
> - Why 302 redirects instead of 307? 302 is frequently buggy.
> 
> You're right, 307 is probably closer to what we mean.
>  
> - I-D.ietf-tls-tls13 -> RFC8446.
> - Is there any envisioned use for chained HTTPSSVC records, except
>   for type 0 record pointing to type 1 record?
> 
> You can also have longer chains, (0 -> 0 -> 1), but type 1 does not chain further.
>  
> - The MUST requirement to have only one type 0 record and then
>   SHOULD behave non-deterministically if this is violated is pretty
>   odd.
> 
> Agreed, we can improve that recommendation.
>  
> 
> 
> -Ilari

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org