jdev - 2020-01-16


  1. moparisthebest

    lovetox, MattJ: actually webfolk are implementing a "srv2" RFC currently called httpsvc to support esni and http3 and such

  2. moparisthebest

    So we'll need a xep0368 successor to let us use it, but we can put more stuff in there, should be interesting

  3. pep.

    "http"svc :/

  4. moparisthebest

    This might be the recent one https://tools.ietf.org/html/draft-nygren-dnsop-svcb-httpssvc-00 basically allows extra stuff like I was trying to cram into HACX, just implement some more DNS records they are cheap! :)

  5. moparisthebest

    pep.: Before you get too worked up: > The specific name for this RR type is an open topic > for discussion. "SVCB" and "HTTPSSVC" are meant as placeholders as > they are easy to replace. Other names might include "B", "SRV2", > "SVCHTTPS", "HTTPS", and "ALTSVC".

  6. moparisthebest

    Maybe xsf should officially advocate for one of the better alternatives?

  7. pep.

    Is there a comparison with SRV? What's the difference/why it's not suitable

  8. pep.

    ok they add optional key=value pairs to the record and port is now optional

  9. moparisthebest

    pep.: Look at the psuedo example up top, you can't cram stuff like "use http3" or "here are the esni keys" in regular SRV

  10. pep.

    There doesn't seem to be a weight anymore either

  11. moparisthebest

    For xmpp we can have this be 1 lookup and include direct TLS, regular, quic, likely Bosh and websocket too

  12. moparisthebest

    Hmm why would you want weight when you can just pay a CDN

  13. moparisthebest

    Too bitter? :)

  14. pep.

    hmm?

  15. pep.

    I personally avoid CDNs like the plague

  16. pep.

    But I don't understand the comment anyway

  17. moparisthebest

    Http rfcs seem to be dominated by browsers and cdns

  18. pep.

    You mean CDN would do load balancing themselves so no need for weight?

  19. moparisthebest

    I wildly assume since weight kind of let's you do your own load balancing, maybe the cdns didn't want to because it could cut on their business

  20. pep.

    One does wonder when does capitalism ever stop..

  21. pep.

    Anyway.. this doesn't seem completely useless, the xsf should certainly keep an eye on it

  22. moparisthebest

    Especially if we want esni and QUIC, which we do :)

  23. moparisthebest

    pep.: ah https://tools.ietf.org/html/draft-nygren-dnsop-svcb-httpssvc-00#page-29

  24. moparisthebest

    > Some other similar mechanisms such as SRV have a weight in-addition > to priority. That is excluded here for simplicity. It could always > be added as an optional SVCB parameter.

  25. sonny has left

  26. sonny has joined

  27. debacle has left

  28. bhaveshsgupta has joined

  29. moparisthebest has left

  30. moparisthebest has joined

  31. bhaveshsgupta has left

  32. serge90 has left

  33. bhaveshsgupta has joined

  34. serge90 has joined

  35. actupper has joined

  36. bhaveshsgupta has left

  37. moparisthebest has left

  38. moparisthebest has joined

  39. bhaveshsgupta has joined

  40. bhaveshsgupta has left

  41. bhaveshsgupta has joined

  42. bhaveshsgupta has left

  43. bhaveshsgupta has joined

  44. bhaveshsgupta has left

  45. bhaveshsgupta has joined

  46. bhaveshsgupta has left

  47. bhaveshsgupta has joined

  48. bhaveshsgupta has left

  49. bhaveshsgupta has joined

  50. bhaveshsgupta has left

  51. bhaveshsgupta has joined

  52. bhaveshsgupta has left

  53. bhaveshsgupta has joined

  54. bhaveshsgupta has left

  55. bhaveshsgupta has joined

  56. bhaveshsgupta has left

  57. bhaveshsgupta has joined

  58. actupper has left

  59. actupper has joined

  60. bhaveshsgupta has left

  61. bhaveshsgupta has joined

  62. asterix has joined

  63. bhaveshsgupta has left

  64. bhaveshsgupta has joined

  65. asterix has left

  66. asterix has joined

  67. paul has left

  68. paul has joined

  69. lovetox has joined

  70. bhaveshsgupta has left

  71. bhaveshsgupta has joined

  72. wurstsalat has joined

  73. asterix has left

  74. asterix has joined

  75. asterix has left

  76. asterix has joined

  77. bhaveshsgupta has left

  78. bhaveshsgupta has joined

  79. asterix has left

  80. asterix has joined

  81. asterix has left

  82. asterix has joined

  83. bhaveshsgupta has left

  84. lovetox has left

  85. bhaveshsgupta has joined

  86. bhaveshsgupta has left

  87. bhaveshsgupta has joined

  88. aj has joined

  89. lovetox has joined

  90. bhaveshsgupta has left

  91. aj has left

  92. bhaveshsgupta has joined

  93. bhaveshsgupta has left

  94. bhaveshsgupta has joined

  95. lovetox has left

  96. bhaveshsgupta has left

  97. bhaveshsgupta has joined

  98. asterix has left

  99. asterix has joined

  100. bhaveshsgupta has left

  101. bhaveshsgupta has joined

  102. paul has left

  103. paul has joined

  104. asterix has left

  105. asterix has joined

  106. bhaveshsgupta has left

  107. bhaveshsgupta has joined

  108. bhaveshsgupta has left

  109. bhaveshsgupta has joined

  110. sonny has left

  111. goffi has joined

  112. bhaveshsgupta has left

  113. bhaveshsgupta has joined

  114. bhaveshsgupta has left

  115. sonny has joined

  116. bhaveshsgupta has joined

  117. sonny has left

  118. bhaveshsgupta has left

  119. pulkomandy has left

  120. pulkomandy has joined

  121. kikuchiyo has joined

  122. bhaveshsgupta has joined

  123. Guus has left

  124. Guus has joined

  125. bhaveshsgupta has left

  126. bhaveshsgupta has joined

  127. madhur.garg has joined

  128. pep.

    https://tools.ietf.org/html/draft-nygren-dnsop-svcb-httpssvc-00#section-6.1 I never understand why one SHOULDs the type of value that a sender can use, and MUSTs receivers not to read it if it doesn't correspond to that type

  129. pep.

    Especially for a new protocol

  130. pep.

    What's the goal behind? Allow custom stuff on top of that? Somebody implementing something custom would have a say on both writer and reader, they would be breaking the spec anyway.

  131. pep.

    And if it's to allow extensions, one would need to say "In this case you can set the value as XXX" alongside "you can read the value as XXX"..

  132. pep.

    Maybe that was for xsf@, meh. that's where I got the link

  133. sonny has joined

  134. bhaveshsgupta has left

  135. bhaveshsgupta has joined

  136. bhaveshsgupta has left

  137. bhaveshsgupta has joined

  138. rion has left

  139. rion has joined

  140. debacle has joined

  141. sonny has left

  142. bhaveshsgupta has left

  143. Bartek has joined

  144. Bartek has left

  145. bhaveshsgupta has joined

  146. bhaveshsgupta has left

  147. bhaveshsgupta has joined

  148. sonny has joined

  149. sonny has left

  150. Wojtek has joined

  151. pulkomandy has left

  152. pulkomandy has joined

  153. asterix has left

  154. asterix has joined

  155. lovetox has joined

  156. lovetox has left

  157. lovetox has joined

  158. serge90 has left

  159. serge90 has joined

  160. Wojtek has left

  161. flow

    pep., it's not really "doesn't correspond to that value". It says receivers have to ignore the whole entry if they do not understand the value

  162. flow

    Clients MUST ignore SVCB RRs where the "alpn" SvcParamValue is unknown or unsupported.

  163. lovetox

    hm if a user sets a proxy lets say socks5, does he expect DNS resolution via proxy?

  164. lovetox

    i know TOR users would not like if i dns resolve not via proxy, basically leaking the DNS request

  165. flow

    lovetox, tor users would say yes

  166. flow

    lovetox, I think the answer is that some do and some do not

  167. flow

    i.e. if you just use the socks5 proxy to be able to "reach the internet", but local dns resolves fine, then you are probably fine with dns lookups not using the socks5 proxy

  168. lovetox

    ok but is this some special case, or would you say this is should be followed always

  169. flow

    well if you implement support for dns lookups via the proxy, then I would probably simply always do it, and not make it configurable (or at least, only make it an advanced configuration option)

  170. lovetox

    ah no flow proxys support only very limited DNS resolution

  171. lovetox

    only A/AAAA

  172. lovetox

    which is probably still fine for socks5

  173. flow

    lovetox, IIRC socks5 supports udp?

  174. lovetox

    but for example its impossible to connect via websocket, without leaking the dns request

  175. flow

    at least at the protocol layer, not sure about the implementations

  176. flow

    so you could perform the lookup via udp over the proxy using a well known dns resolver

  177. lovetox

    of course you could do a dns resolution via socks5, but you have to impl the whole dns resolution protocol

  178. lovetox

    not really something i want to do to be honest

  179. flow

    some dns resolver libraries allow you to specify the IP or even the network link (for tunnels) to be used for the lookups

  180. pep.

    flow, my question was rather why do specs also not use MUST for the writer side ("Thou SHALL not use unsupported values")

  181. MattJ

    So they can remain extensible

  182. MattJ

    A future spec might add a new value, for example

  183. pep.

    Which I don't understand, as I said above

  184. MattJ

    and it's good to specify what legacy clients should do

  185. pep.

    MattJ, then the future spec would say "scrap that, you can use a new value here"

  186. MattJ

    Correct

  187. pep.

    So.. as the SHOULD is going to be overriten anyway by new specs, that's not an argument for extensibility imo

  188. MattJ

    Maybe also certain deployment-specific stuff would go there

  189. MattJ

    and it's good to know that clients that don't implement it will still have a defined behaviour

  190. pep.

    sure, because it says the reader should ignore it, that's fine

  191. pep.

    MUST

  192. pep.

    actually

  193. pep.

    It's just the fact that it's not symmetrical that confuses me

  194. sonny has joined

  195. MattJ

    Because the person doing the sending gets to make the choice what value they put there

  196. MattJ

    The reader doesn't get the option to explode if it sees an unknown value

  197. MattJ

    That's totally sensible if you ask me

  198. pep.

    What's the point of sending stuff that's "allowed by the spec" (SHOULD) that nobody can read (MUST) ?

  199. pep.

    Extensions would redefine both anyway

  200. MattJ

    But old clients wouldn't update

  201. MattJ

    So you still want their behaviour to be known

  202. MattJ

    Rather than undefined

  203. pep.

    receiving old clients?

  204. pep.

    Sending old clients would still be fine with MUST/MUST anyway

  205. pep.

    Receiving old clients are also fine with MUST/MUST anyway

  206. pep.

    From what I understand

  207. pep.

    If you can find me a case where it doesn't work anymore with MUST/MUST I'll be happy to oblige :p

  208. MattJ

    Of course it would *work*

  209. MattJ

    It just means the spec doesn't restrict stuff that it doesn't have to

  210. MattJ

    Spec A defines list of types X, everyone implements it, everyone is happy

  211. MattJ

    Spec B adds new type for that field

  212. MattJ

    In a MUST/MUST world, anyone who complies with Spec B suddenly stops being compliant with Spec A

  213. MattJ

    and that's just unnecessary

  214. pep.

    No, they would implement Spec A + Spec B

  215. pep.

    Or rather.. they'd implement Spec B

  216. MattJ

    They can't implement both because Spec A expressly forbids them from implementing Spec B

  217. pep.

    And they'd use spec B with compatible devices?

  218. pulkomandy has left

  219. MattJ

    I'm not sure how much there is that I haven't said that isn't obvious

  220. MattJ

    I have a meeting I'm prepping for, so need to disappear for a bit

  221. pep.

    Defining something obvious isn't generally helping

  222. pep.

    Have fun

  223. lovetox has left

  224. bhaveshsgupta has left

  225. bhaveshsgupta has joined

  226. pulkomandy has joined

  227. lovetox has joined

  228. Zash has left

  229. Neustradamus has left

  230. sonny has left

  231. Zash has joined

  232. pulkomandy has left

  233. pulkomandy has joined

  234. bhaveshsgupta has left

  235. bhaveshsgupta has joined

  236. bhaveshsgupta has left

  237. bhaveshsgupta has joined

  238. pulkomandy has left

  239. pulkomandy has joined

  240. kikuchiyo has left

  241. bhaveshsgupta has left

  242. bhaveshsgupta has joined

  243. actupper has left

  244. actupper has joined

  245. actupper has left

  246. actupper has joined

  247. kikuchiyo has joined

  248. Wojtek has joined

  249. sonny has joined

  250. bhaveshsgupta has left

  251. actupper has left

  252. actupper has joined

  253. bhaveshsgupta has joined

  254. lovetox has left

  255. bhaveshsgupta has left

  256. bhaveshsgupta has joined

  257. lovetox has joined

  258. bhaveshsgupta has left

  259. bhaveshsgupta has joined

  260. actupper has left

  261. actupper has joined

  262. sonny has left

  263. goffi has left

  264. bhaveshsgupta has left

  265. bhaveshsgupta has joined

  266. bhaveshsgupta has left

  267. bhaveshsgupta has joined

  268. actupper has left

  269. actupper has joined

  270. kikuchiyo has left

  271. sonny has joined

  272. pulkomandy has left

  273. actupper has left

  274. pulkomandy has joined

  275. rion has left

  276. bhaveshsgupta has left

  277. lovetox has left

  278. bhaveshsgupta has joined

  279. kikuchiyo has joined

  280. rion has joined

  281. debacle has left

  282. lovetox has joined

  283. pulkomandy has left

  284. pulkomandy has joined

  285. lovetox has left

  286. Wojtek has left

  287. bhaveshsgupta has left

  288. bhaveshsgupta has joined

  289. sonny has left

  290. bhaveshsgupta has left

  291. bhaveshsgupta has joined

  292. debacle has joined

  293. pulkomandy has left

  294. paul has left

  295. pulkomandy has joined

  296. Wojtek has joined

  297. bhaveshsgupta has left

  298. bhaveshsgupta has joined

  299. Wojtek has left

  300. asterix has left

  301. asterix has joined

  302. paul has joined

  303. serge90 has left

  304. serge90 has joined

  305. paul has left

  306. asterix has left

  307. asterix has joined

  308. bhaveshsgupta has left

  309. bhaveshsgupta has joined

  310. debacle has left

  311. debacle has joined

  312. wurstsalat has left

  313. wurstsalat has joined

  314. debacle has left

  315. asterix has left

  316. asterix has joined

  317. debacle has joined

  318. asterix has left

  319. asterix has joined

  320. debacle has left

  321. debacle has joined

  322. bhaveshsgupta has left

  323. bhaveshsgupta has joined

  324. strar has left

  325. strar has joined

  326. pulkomandy has left

  327. pulkomandy has joined

  328. bhaveshsgupta has left

  329. asterix has left

  330. bhaveshsgupta has joined

  331. pulkomandy has left

  332. pulkomandy has joined

  333. Syndace has left

  334. Syndace has joined

  335. bhaveshsgupta has left

  336. bhaveshsgupta has joined

  337. sonny has joined

  338. MattJ has left

  339. sonny has left

  340. paul has joined

  341. bhaveshsgupta has left

  342. sonny has joined

  343. paul has left

  344. bhaveshsgupta has joined

  345. MattJ has joined

  346. kikuchiyo has left

  347. kikuchiyo has joined

  348. sonny has left

  349. sonny has joined

  350. debacle has left

  351. debacle has joined

  352. kikuchiyo has left

  353. kikuchiyo has joined

  354. strar has left

  355. strar has joined

  356. sonny has left

  357. kikuchiyo has left

  358. kikuchiyo has joined

  359. paul has joined

  360. strar has left

  361. strar has joined

  362. strar has left

  363. kikuchiyo has left

  364. strar has joined

  365. bhaveshsgupta has left

  366. sonny has joined

  367. bhaveshsgupta has joined

  368. kikuchiyo has joined

  369. Zash has left

  370. Alex has left

  371. Alex has joined

  372. sonny has left

  373. paul has left

  374. Zash has joined

  375. paul has joined

  376. sonny has joined

  377. Zash has left

  378. wurstsalat has left

  379. Zash has joined

  380. bhaveshsgupta has left

  381. bhaveshsgupta has joined

  382. sonny has left

  383. sonny has joined

  384. bhaveshsgupta has left

  385. bhaveshsgupta has joined

  386. debacle has left

  387. debacle has joined