> On 17 Apr 2020, at 20:19, Alessandro Ghedini <alessan...@ghedini.me> wrote: > > Hello, > > First off, I have started implementing support for SVCB and HTTPSSVC as part > of > the dnspython library [0] and I'd be interested in doing some interop testing > with other people's implementations. > > I also have a few comments/questions about the draft, apologies if they have > already been discussed in the past (haven't been following the draft from the > start). > > 1. For interop testing purposes it would be very helpful if the draft listed > commonly agreed upon code-points for the new RR types. Ideally in the form of > an > official early assignment from IANA,
Lets wait until we are certain that the format will not change. Every time I’ve updated the branch there has been a non backwards compatible change. > but if that's not possible picking a couple > of codepoints at random from the "private use" range would also be helpful. In > my implementation I'm currently using "65481" for SVCB and "65482" for > HTTPSSVC. BIND’s implementation is available at: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2135 > 2. The structure of the draft is a bit odd, as it lists a bunch of examples > before introducing any of the records. This was a bit confusing to me, so I'd > suggest moving sections 1.5 and 1.6 _before_ the examples (that is, > immediately > after the introduction). It might also be a good idea to just move the > examples > to an Appendix instead. > > 3. Would it make sense to move the ESNI/ECHO config paramenter to the > ESNI/ECHO > draft instead? This way the DNS draft wouldn't need to depend on the ESNI > draft > (so e.g. if ESNI ends up taking longer, this draft could be published without > having to wait for it). > > 4. What is the point of differentiating between AliasForm and ServiceForm? > Like, > couldn't the draft just say that the SvcFieldValue is an optional field and be > done with that? It seems like not having to explicitly differentiate the two > cases would simplify the draft a bit without sacrificing much, though I might > be missing something. > > 5. Section 2.1.1 says > > The presentation format for SvcFieldValue is a whitespace-separated > list of elements representing a key-value pair, with an absent value > or "=" indicating an empty value. > > It took me longer than I'd like to admit to understand the "with an absent > value > or "=" indicating an empty value" part. I'd suggest rewording that paragraph > to > something like: > > The presentation format for SvcFieldValue is a whitespace-separated list of > key=value pairs (e.g. "key123=value1 keys456=value2"). When the value, or > both the value and the "=" are omitted, the value should be interpreted as > being empty. > > Or something better :) > > 6. In Section 2.2 it says (in reference to param field values): > > o an octet string of the length defined by the previous field. > > It might be good to say here that the format of this octet string is defined > according to the corresponding SvcParamKey, and then reference section 6 for > ths currently defined keys. The same applies for section 2.1.1 for the > presentation format. > > 7. Section 4.3 says: > > All DNS servers SHOULD treat the SvcParam portion of the SVCB RR... > > Should it be SvcFieldValue instead of SvcParam? "SvcParam" is not mentioned > anywhere else. > > 8. Maybe I'm missing something, but the following sentence in Section 6.4 > seems > wrong: > > When SvcDomainName is ".", server operators SHOULD NOT include these hints, > because they are unlikely to convey any performance benefit. > > My understanding is that ipv4hint and ipv6hint are the way to solve the ESNI > multi-CDN problem, so let's say I have "www.example.net" that CNAMEs to both > "cname.cdn-a.example" and "cname.cdn-b.example". A client queries both A and > HTTPSVC concurrently for "www.example.net", and receives two answers (the > answer > to the A query points to CDN A, while the answer to HTTPSSVC points to CDN B): > > www.xample.net 3600 IN CNAME cname.cdn-a.example > cname.cdn-a.example 3600 IN A 192.0.2.1 > > and > > www.xample.net 3600 IN CNAME cname.cdn-b.example > cname.cdn-b.example 3600 IN HTTPSSVC 1 . alpn=h3 esniconfig="..." > > My understanding is that in this case the client could end up connecting to > 192.0.2.1 (CDN A) with CDN B's ESNI config (or e.g. with the wrong ALPN). So > if > the server doesn't provide IP hints there would indeed be impact on > performance > because the client would just straight up fail to connect initially (e.g. > maybe > CDN A doesn't support HTTP/3, but CDN B's HTTPSSVC says the client can use it, > or just because of the wrong ESNI config). > > Long story short, I don't think the text should discourage setting ipv4hint > and > ipv6hint here. I get that it's SHOULD NOT and not MUST NOT, but it's pretty > confusing nevertheless. > > 9. Speaking of multi-CDN, AFAICT the problem is mentioned only once in the > whole > draft and only in relation to ESNI. However this is not ESNI-specific and also > affects e.g. HTTP/3 as per the example above. So I think it would be useful to > go into a little more detail on this. > > 10. Section B.2: s/pther/other/ > > Cheers > > [0] https://github.com/rthalley/dnspython/pull/452 > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
