Re: [Uri-review] Proposed scheme registration: sdns (DNS stamps)

Frank Denis <ietf@dnscrypt.info> Wed, 24 October 2018 17:11 UTC

Return-Path: <ietf@dnscrypt.info>
X-Original-To: uri-review@ietfa.amsl.com
Delivered-To: uri-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 404C7130E3D for <uri-review@ietfa.amsl.com>; Wed, 24 Oct 2018 10:11:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u-jv1kYWxqOn for <uri-review@ietfa.amsl.com>; Wed, 24 Oct 2018 10:10:57 -0700 (PDT)
Received: from mailout-uk.mx.c9x.org (mailout-uk.mx.c9x.org [137.74.223.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6FE9130E39 for <uri-review@ietf.org>; Wed, 24 Oct 2018 10:10:56 -0700 (PDT)
Received: from msync.c9x.org (localhost [127.0.0.1]) by msync.c9x.org (OpenSMTPD) with ESMTP id 9941c717; Wed, 24 Oct 2018 19:10:54 +0200 (CEST)
Received: from [192.168.12.173] (laubervilliers-657-1-70-46.w90-63.abo.wanadoo.fr [90.63.237.46]) by msync.c9x.org (OpenSMTPD) with ESMTPSA id 1448653f (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Wed, 24 Oct 2018 19:10:54 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\))
From: Frank Denis <ietf@dnscrypt.info>
In-Reply-To: <CA+9kkMAwX1uDguV43MgNbHdz8MyEE-kDa2+k=JmVFas+6=7p8A@mail.gmail.com>
Date: Wed, 24 Oct 2018 19:09:47 +0200
Cc: uri-review@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3D3389E3-292A-408E-9204-B8C3E47BD3F3@dnscrypt.info>
References: <20181024155855.4v4s4lwov4luufrs@msync.c9x.org> <CA+9kkMAwX1uDguV43MgNbHdz8MyEE-kDa2+k=JmVFas+6=7p8A@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>, uri-review@ietf.org
X-Mailer: Apple Mail (2.3445.100.39)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/5C2F12t_LA-D81RJLTYLgyDnTU4>
Subject: Re: [Uri-review] Proposed scheme registration: sdns (DNS stamps)
X-BeenThere: uri-review@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proposed URI Schemes <uri-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uri-review>, <mailto:uri-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review/>
List-Post: <mailto:uri-review@ietf.org>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uri-review>, <mailto:uri-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 17:12:29 -0000

> On 24 Oct 2018, at 18:31, Ted Hardie <ted.ietf@gmail.com>; wrote:
> 
> Hi Frank,

  Hi Ted,


> Thanks for sending the proposal to the list.  A couple of high level comments.  
> 
> First, the syntax you present uses //, which doesn't seem to be correct to me.  If I'm reading the specification correctly, the URL doesn't have a hierarchical part and does not rely on an authority section (which is what the // delimits in RFC 3986 syntax). 

  All the sdns URIs currently in use share a global namespace. However, the parameters specifically use URL-safe base64 to avoid slashes, so URIs can later:

- Support namespaces
- Support implementation-specific filters (e.g. `sdns://.../ipv6only)


> 2nd, it's not clear in the description of addresses how they would be fed into the algorithm you provide in some of the corner cases.  For example:
> "addr is the IP address of the server. It can be an empty string, or just a port number."  Is the port number represented with a preceding colon?  

  A preceding colon is required. The description has been updated to clarify this. Thanks!


> For IPv6 hosts which use [ and ] as delimeters, is the input URL-encoded before being base64 encoded?  Are scopes permitted?

  Scopes are permitted, and are supported by current implementations. The document has been updated to reflect this.

  Strings are not encoded individually, besides being preceded by their length.

  The entire concatenation of all parameters is eventually base64-encoded. The document has been updated to clarify this.


> For hostname, the document says  that hostname is the server host name which will also be used as a SNI name.  If the hostname uses one of the IDNA characters outside the URL-permitted range, is it encoded with URL encoding or punycode?

  SNI names in certificates are raw binary strings. Given the context, we probably shouldn’t apply any encoding either. The document has been updated to clarify this.


> As a stylistic note, I think sdns is likely to be confused with the existing dns scheme name, and I would suggest using "dns-stamps" for additional clarity.

  This is definitely doable, but would be break all existing implementations and servers lists, 


> Thanks again for the opportunity to comment,

  Thanks for your very helpful comments, Ted.