Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-13 Thread Paul Vixie
i'm replying to two messages here, one from patrick, one from stephen. Patrick McManus wrote on 2020-03-10 12:24: On Tue, Mar 10, 2020 at 2:54 PM Paul Vixie > wrote: httpssvc is not an alternate service description permitting fallback to the non-alternative; httpssvc

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Stephen Farrell
Hiya, On 10/03/2020 19:11, Paul Vixie wrote: > On Tuesday, 10 March 2020 19:05:39 UTC Stephen Farrell wrote: >> Paul, >> >> ... >> >> What's the difference between having a port number >> as part of HTTPSSVC (or whatever we call it;-) in >> the DNS and having a web page on 443 that includes >> hr

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Patrick McManus
On Tue, Mar 10, 2020 at 2:54 PM Paul Vixie wrote: > httpssvc is not > an alternate service description permitting fallback to the > non-alternative; > httpssvc is the service description itself. > 7.2. Relationship to Alt-Svc Publishing a ServiceForm HTTPSSVC record in DNS is intended to be

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Paul Vixie
On Tuesday, 10 March 2020 19:05:39 UTC Stephen Farrell wrote: > Paul, > > ... > > What's the difference between having a port number > as part of HTTPSSVC (or whatever we call it;-) in > the DNS and having a web page on 443 that includes > hrefs with https:// schemed URLs that are not using > por

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Stephen Farrell
Paul, On 10/03/2020 18:54, Paul Vixie wrote: > the httpssvc "port" parameter leading > a service operator to put something on an "alternative origin" whose port > number will be broadly unrecognized by far end managed private networks, > which > would prevent flow-state creation, thus creatin

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Paul Vixie
On Tuesday, 10 March 2020 18:25:57 UTC Patrick McManus wrote: > alt-svc is quite robust to reachability failures of the alternative origins > should some client find itself on a network that filters full transit. > > This process is already existing technology (rfc 7838). From that > perspective t

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Erik Nygren
We should also look at how and where we want to separate operational guidance from what mechanisms are available. Ideally we'd minimize foot-guns (hence the inclusion of a default transport, at least for the HTTPS use-cases) and we should have safe defaults, but I'm not sure to what degree we want

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Patrick McManus
alt-svc is quite robust to reachability failures of the alternative origins should some client find itself on a network that filters full transit. This process is already existing technology (rfc 7838). From that perspective the DNS record is just a way to bootstrap it over DNS rather than the def

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Paul Vixie
On Tuesday, 10 March 2020 13:30:53 UTC Patrick McManus wrote: > another positive feature of ports in this record is that it provides some > address space independent of the origin security model of the URI. By this > I mean that https://www.foo.com(implicit :443) and https://www.foo.com:555 > are d

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-10 Thread Patrick McManus
another positive feature of ports in this record is that it provides some address space independent of the origin security model of the URI. By this I mean that https://www.foo.com(implicit :443) and https://www.foo.com:555 are different origins with different web security boundaries. While two dif

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-09 Thread Paul Vixie
On Tuesday, 10 March 2020 02:42:01 UTC Erik Nygren wrote: > On Mon, Mar 9, 2020 at 10:32 PM Paul Vixie wrote: > > On Monday, 9 March 2020 20:56:39 UTC Ben Schwartz wrote: > > > ... > > > > i propose that section 6.2 for "port", and all references to same, be > > removed. > > We discussed this so

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-09 Thread Erik Nygren
On Mon, Mar 9, 2020 at 10:32 PM Paul Vixie wrote: > On Monday, 9 March 2020 20:56:39 UTC Ben Schwartz wrote: > > It occurs to me that I hit "publish" on this draft without updating the > > release notes, so I'll mention some of the many changes since -01 here > > instead: > > > > ... > > > > As

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-09 Thread Paul Vixie
On Monday, 9 March 2020 20:56:39 UTC Ben Schwartz wrote: > It occurs to me that I hit "publish" on this draft without updating the > release notes, so I'll mention some of the many changes since -01 here > instead: > > ... > > As always, please review and send comments. We also expect to do a >

Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-09 Thread Ben Schwartz
It occurs to me that I hit "publish" on this draft without updating the release notes, so I'll mention some of the many changes since -01 here instead: - All changes to Alt-Svc have been removed. I would like to see some updates to Alt-Svc, but since this draft is now in DNSOP, and any changes t

[DNSOP] I-D Action: draft-ietf-dnsop-svcb-httpssvc-02.txt

2020-03-09 Thread internet-drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Domain Name System Operations WG of the IETF. Title : Service binding and parameter specification via the DNS (DNS SVCB and HTTPSSVC) Authors : Ben