Hello,
First off, I have started implementing support for SVCB and HTTPSSVC as part of
the dnspython library [0] and I'd be interested in doing some interop testing
with other people's implementations.
I also have a few comments/questions about the draft, apologies if they have
already been discussed in the past (haven't been following the draft from the
start).
1. For interop testing purposes it would be very helpful if the draft listed
commonly agreed upon code-points for the new RR types. Ideally in the form of an
official early assignment from IANA, but if that's not possible picking a couple
of codepoints at random from the "private use" range would also be helpful. In
my implementation I'm currently using "65481" for SVCB and "65482" for HTTPSSVC.
2. The structure of the draft is a bit odd, as it lists a bunch of examples
before introducing any of the records. This was a bit confusing to me, so I'd
suggest moving sections 1.5 and 1.6 _before_ the examples (that is, immediately
after the introduction). It might also be a good idea to just move the examples
to an Appendix instead.
3. Would it make sense to move the ESNI/ECHO config paramenter to the ESNI/ECHO
draft instead? This way the DNS draft wouldn't need to depend on the ESNI draft
(so e.g. if ESNI ends up taking longer, this draft could be published without
having to wait for it).
4. What is the point of differentiating between AliasForm and ServiceForm? Like,
couldn't the draft just say that the SvcFieldValue is an optional field and be
done with that? It seems like not having to explicitly differentiate the two
cases would simplify the draft a bit without sacrificing much, though I might
be missing something.
5. Section 2.1.1 says
The presentation format for SvcFieldValue is a whitespace-separated
list of elements representing a key-value pair, with an absent value
or "=" indicating an empty value.
It took me longer than I'd like to admit to understand the "with an absent value
or "=" indicating an empty value" part. I'd suggest rewording that paragraph to
something like:
The presentation format for SvcFieldValue is a whitespace-separated list of
key=value pairs (e.g. "key123=value1 keys456=value2"). When the value, or
both the value and the "=" are omitted, the value should be interpreted as
being empty.
Or something better :)
6. In Section 2.2 it says (in reference to param field values):
o an octet string of the length defined by the previous field.
It might be good to say here that the format of this octet string is defined
according to the corresponding SvcParamKey, and then reference section 6 for
ths currently defined keys. The same applies for section 2.1.1 for the
presentation format.
7. Section 4.3 says:
All DNS servers SHOULD treat the SvcParam portion of the SVCB RR...
Should it be SvcFieldValue instead of SvcParam? "SvcParam" is not mentioned
anywhere else.
8. Maybe I'm missing something, but the following sentence in Section 6.4 seems
wrong:
When SvcDomainName is ".", server operators SHOULD NOT include these hints,
because they are unlikely to convey any performance benefit.
My understanding is that ipv4hint and ipv6hint are the way to solve the ESNI
multi-CDN problem, so let's say I have "www.example.net" that CNAMEs to both
"cname.cdn-a.example" and "cname.cdn-b.example". A client queries both A and
HTTPSVC concurrently for "www.example.net", and receives two answers (the answer
to the A query points to CDN A, while the answer to HTTPSSVC points to CDN B):
www.xample.net 3600 IN CNAME cname.cdn-a.example
cname.cdn-a.example 3600 IN A 192.0.2.1
and
www.xample.net 3600 IN CNAME cname.cdn-b.example
cname.cdn-b.example 3600 IN HTTPSSVC 1 . alpn=h3 esniconfig="..."
My understanding is that in this case the client could end up connecting to
192.0.2.1 (CDN A) with CDN B's ESNI config (or e.g. with the wrong ALPN). So if
the server doesn't provide IP hints there would indeed be impact on performance
because the client would just straight up fail to connect initially (e.g. maybe
CDN A doesn't support HTTP/3, but CDN B's HTTPSSVC says the client can use it,
or just because of the wrong ESNI config).
Long story short, I don't think the text should discourage setting ipv4hint and
ipv6hint here. I get that it's SHOULD NOT and not MUST NOT, but it's pretty
confusing nevertheless.
9. Speaking of multi-CDN, AFAICT the problem is mentioned only once in the whole
draft and only in relation to ESNI. However this is not ESNI-specific and also
affects e.g. HTTP/3 as per the example above. So I think it would be useful to
go into a little more detail on this.
10. Section B.2: s/pther/other/
Cheers
[0] https://github.com/rthalley/dnspython/pull/452
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
