- From: Mark Andrews <marka@isc.org>
- Date: Fri, 5 Jul 2019 13:18:52 +1000
- To: Ben Schwartz <bemasc@google.com>
- Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
> On 4 Jul 2019, at 6:21 am, Ben Schwartz <bemasc@google.com> wrote: > > > > On Wed, Jul 3, 2019 at 3:58 PM Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Wed, Jul 03, 2019 at 02:45:47PM -0400, Erik Nygren wrote: > > Ben, Mike, and I have submitted the first version of a proposal for an > > "HTTPSSVC" DNS record. > > > > TL;DR: This attempts to address a number of problems (ESNI, QUIC > > bootstrapping, HTTP-to-HTTPS redirection via DNS, SRV-equivalent for HTTP, > > etc) in a holistic manner through a new extensible DNS record, rather than > > in a piecemeal fashion. It is based on some previous proposals such as > > "Alt-Svc in the DNS" and "Service Bindings" but takes into account feedback > > received in DNSOP and elsewhere. > > > > Feedback is most welcome and we're looking forward to discussing with > > people in Montreal. > > > > Draft link: > > > > https://tools.ietf.org/html/draft-nygren-httpbis-httpssvc-01 > > Some quick comments: > > - What if SvcDomainName has length different from its length field? > DNS wire-form names are self-delimiting (DNS message parsing relies > on this). > > Thanks for the review! The serialization format can definitely be improved; we want to make it easy to implement and consistent with typical DNS practices. > > The current rationale for the length field is that we need some way of distinguishing the empty name (i.e. "", meaning "absent") from a name consisting of an empty label (i.e. "."). I agree; there's probably a more intuitive way to represent that. Suggestions welcome.] Why not have “." mean “same host”? “.” isn’t otherwise a sane value for type 2. No service can be indicated by '1 0 . “”’. > - What does it mean for SvcDomainName to be absent in alternative > service form? I would guess it means "same as RRNAME". > > Sort of. Alt-Svc has a concept of "uri-host omitted", in which case the connection proceeds to the same host. I think the net effect is the same. > > I agree, this seems like something the draft should clarify. We also need to figure out what the text representation is. > > - Why there is length field for SvcFieldValue? Why not let it run to > the end of record? > - 2 byte length field can encode values up to 65535, not 65536. > And the length of SvcFieldValue can not be that big, because > RRDATA and DNS message length limits (both 65535) would be hit. > > Suggestions welcome. > > - Why 302 redirects instead of 307? 302 is frequently buggy. > > You're right, 307 is probably closer to what we mean. > > - I-D.ietf-tls-tls13 -> RFC8446. > - Is there any envisioned use for chained HTTPSSVC records, except > for type 0 record pointing to type 1 record? > > You can also have longer chains, (0 -> 0 -> 1), but type 1 does not chain further. > > - The MUST requirement to have only one type 0 record and then > SHOULD behave non-deterministically if this is violated is pretty > odd. > > Agreed, we can improve that recommendation. > > > > -Ilari -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Received on Friday, 5 July 2019 03:21:38 UTC