Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard

Mark Nottingham <mnot@mnot.net> Thu, 29 January 2015 05:33 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 059381A8BB6 for <ietf@ietfa.amsl.com>; Wed, 28 Jan 2015 21:33:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.302
X-Spam-Level:
X-Spam-Status: No, score=-2.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2GgdcjS4-Jw for <ietf@ietfa.amsl.com>; Wed, 28 Jan 2015 21:33:16 -0800 (PST)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 364C31A6F2B for <ietf@ietf.org>; Wed, 28 Jan 2015 21:33:16 -0800 (PST)
Received: from [192.168.1.83] (unknown [118.209.44.193]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 8F74022E1F4; Thu, 29 Jan 2015 00:33:12 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
Subject: Re: Last Call: <draft-faltstrom-uri-10.txt> (The Uniform Resource Identifier (URI) DNS Resource Record) to Proposed Standard
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <6F9BB11D-C224-4D7B-A06C-41EACBAAB4B2@netnod.se>
Date: Thu, 29 Jan 2015 16:33:08 +1100
Content-Transfer-Encoding: quoted-printable
Message-Id: <35ED5FAE-A2AA-4F32-9821-23D85D394E75@mnot.net>
References: <20150127223859.28024.43756.idtracker@ietfa.amsl.com> <4257D8A3-0EFE-40E3-B0AD-8E23772B7693@mnot.net> <6F9BB11D-C224-4D7B-A06C-41EACBAAB4B2@netnod.se>
To: Patrik Fältström <paf@netnod.se>
X-Mailer: Apple Mail (2.1993)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/f6SZwx7wOC8sdq2MVKp59vbYtEQ>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 05:33:19 -0000

> On 28 Jan 2015, at 7:46 pm, Patrik Fältström <paf@netnod.se> wrote:
> 
> 
>> On 28 jan 2015, at 08:12, Mark Nottingham <mnot@mnot.net> wrote:
>> 
>> IESG / Patrik,
>> 
>> First of all - I think it's interesting to carry URIs in DNS. However, I have a few concerns about the document that I'd like to work through.
> 
> Mark, thanks for these comments. Let me try to address them, but first some history.
> 
> The first version of this draft was posted as draft-ietf-enum-uri-00.txt on March 31 2007. In those days the ENUM wg did discuss a revision of the ENUM RFC and did look at using this URI RRType instead of the (to me personally much more complicated) NAPTR construction. The consensus in the wg was to NOT go down the path of URI RRType.
> 
> After this, the draft left the ENUM wg and turned into draft-faltstrom-uri series. A long discussion did take place in various DNS working groups, in parallell with the new process for registration of RRTypes (that did not need RFCs anymore). Slight confusion over what path to take, RFC or RRType registration lead to the RRType be registered, which the URI RR is, with number 256 on 2011-02-22.
> 
> This draft should because of this TODAY maybe be informational and not proposed, but that "stuck" from the early days of processing the draft.
> 
> The draft has been discussed several times on many mailing lists, and I do never think we will reach full consensus, to be honest, as I have never seen anything related to DNS reach anything better than rough consensus ;-) New issues get added every day... And old ones come back!

IC, that's helpful, thanks.


> So, with that as a background, here are my comments.
> 
>> ## The ENUM service registry
>> 
>> The document effectively gives a "type" for the URI by associating a value from the ENUM service registry. While that makes sense from the standpoint of ENUM, if this mechanism is truly generic to *all* URIs, it seems to me that it'd be much more sensible to use the typing system already in place for URIs -- link relations <http://tools.ietf.org/html/rfc5988>.
>> 
>> As it is, I think this proposal is going to surprise a lot of people very unpleasantly, when they find that URIs have effectively become subservient to ENUM, at least within the confines of DNS.
>> 
>> This could be addressed by either using link relations (although I realise that would require a fair amount of work), or by renaming the RR to "ENUM_URI" or similar, along with appropriate changes in the text (i.e., this is a record specific to ENUM, not generic to all URIs in DNS).
> 
> The RRType is registered and can not be changed.
> 
> That said, what can be referred to is a "better" registry for services. IETF do not have a registry for services for SRV. If IETF did, then I would have referenced that registry. I think it is "stupid" to create a new registry. This draft refer to the ENUM Service Registry. For SRV no real registry exists, but the DNS-SD people have this: <http://www.dns-sd.org/servicetypes.html>

I think most of my concern centres around things appearing in the registry without coordination with the community surrounding that service -- such as the Web / HTTP case. 

I.e., if the URI RR points to a registry, and that registry contains an entry for a service "foo", I expect that applications that implement "foo" should use the URI RR in their operation. 

When this isn't the case, it's not good for interoperability, potential security issues are introduced, and the community of the service often isn't involved in the registration.

So, I'm going to ever-so-gently push back on your characterisation of a new registry here as "stupid."


>> ## The "home page" example
>> 
>> Section 6 uses a "home page" lookup as the only example application for this RR. To my knowledge, no Web browser does this or is considering doing so, and moreover, pretty much any Web stack person would be extremely surprised by both this.
>> 
>> Do you have any implementations of this use case, or prospect for them? Have you talked to Web security folks about the implications of doing so?
> 
> I am working within the libcurl community to look at support for URI resource record types and others.
> 
> I have questions from various developers that want to use URI, but you are correct that they are not "web browsers". They are more "people that use HTTP for transport for data used for their service".
> 
> I agree that with that as a background a different example might make that more clear, although it might be harder to understand.
> 
> Is your suggestion to add more examples? I think that is a fair request that makes lot of sense.

It'd help, yes. It'd also be good to have the conversation with the Web folks, to see where that goes (perhaps they'll want to support it, but if they don't, it might be good to take that 
example out).


>> ## Alternative approaches
>> 
>> In Appendix A (D), the original allocation request says:
>> 
>> """
>> There is no easy way to get from a domain name to a URI (or IRI).
>> """
>> 
>> That's not actually true any more; we now have Well-Known URIs <https://tools.ietf.org/html/rfc5785>, which allows an application to define how to get a URI from a bare hostname. While it's true that it's currently a little more expensive than DNS (requiring a TCP connection for the time being), we do have substantial deployment experience with it, and it seems to be operationally much simpler, as compared to adding a new DNS record.
>> 
>> Are there use cases where .well-known isn't workable, as compared to this RR?
> 
> Yes, when the namespace of the web server is not under control by the parties running services (i.e. they are given URIs).

Hm, that's largely an administrative issue, but OK.


> And on top of that you have already pointed at the issue with lookups in DNS compared to the HTTP transport, where also lots of redirects are common, specifically in CDNs, virtual hosting (www.example.com / example.com is a trivial example of course) etc.

For now -- note that as we write, the IAB workshop on TCP evolution is considering how to move protocols like HTTP to UDP :)


> But you also point at a for the IETF sensible issue. When the well known URI was discussed, I did present the URI RRType (and SRV, and NAPTR and...) but as too often happens "the web community" responded with "we can only look up A records". So the use of more efficient mixes of DNS and HTTP to reach the for the user best experience was never really discussed. Not there, not then, not before and not after. :-(

We've been trying to get discussion going between the HTTP and DNS communities, with limited success. Maybe it's time to try again (e.g., in Dallas as a Bar BoF)?


> The problem NOW on the table though is to get an RFC that describes the already existing RRType URI.

Understood. 

Cheers,


--
Mark Nottingham   https://www.mnot.net/