Hi Patrik, On 1/3/15 4:49 PM, Patrik Fältström wrote: >> On 3 jan 2015, at 15:32, Måns Nilsson <mansaxel@xxxxxxxxxxxxxxxx> wrote: >> >> I strongly support incorporating SRV record support in the HTTPbis >> specification. > FWIW, I am also in favor or SRV, although I (being biased) think "how to use URI with HTTP2" would not be a bad addition either[1]. > > We do though have multiple discussions like these, that I do not think really conclude: > > <https://news.ycombinator.com/item?id=8404612> > > Because of this, what I think IS (at least) needed in the http2 spec are a few words about DNS. Else the discussions will just continue and continue... > > One could for example say something like: > > "If the URI does not include a path (only consists of scheme and authority, which in turn include domain), a client MIGHT look up either SRV record _http._tcp.domain or URI for the same owner_http._tcp.domain and act on the result of those lookups according to the SRV and URI spec respectively." > > And then reference some "happy eyeballs" specification on how to do it in detail. There there was a fuller discussion about this in the WG about two years ago, and then again last year. As John pointed out there are a few more issues, one of which is that the release philosophy taken by the WG is that there is some expectation that HTTP2 will not be the last version released, and some additions may come sooner than later. This presents several problems for SRV. First, as a matter of IANA policy we don't normally allocate more than one name for the same service, no matter the version. This is something of a sore point, and a general one at that. One would really like to be able to pass some initial protocol parameter information back as part of a DNS query such that the information could be reasonably cached (oh, say versioning?). I am not convinced that the WG has a full handle on this with the various header games being considered, but there was a fair bit of discussion about this as well a while back, and there are some tradeoffs to be made, like binding the information tightly to the connection and all of its attendant properties. Also, tying versioning of any form into the DNS where the different versions have different security properties makes the solution dependent on DNSSEC. I'm ALL for DNSSEC, but as there are alternatives that don't require it, it's not the draw we would like in this case. And no, you needn't preach to the choir on this point: it really SHOULD be a draw because it provides huge possibilities for doing all sorts of fun application initialization, but I digress. Second, even if we did handle versioning in SRV, there are known to be residential gateways out there that can't handle very many parallel DNS queries, and so we run into a loss problem. Finally, to address Måns' comments, additional data for the target doesn't get signed (but correct me if I missed a change). (Actually, one of things I wanted from DPRIVE was the ability to handle multiple questions in the same transaction, but alas, probably not.) In addition, with caching times down to small numbers of minutes for many sites (or less), we probably can't say that this is a simple 1st transaction cost. What's more many enterprises do a zone cut at _tcp.example.com, and it is not uncommon to see TCP connections for those transactions (I know at least one network administrator who thought it was unheard of *not* to do a zone cut and delegation at _tcp). To address a bunch of these issues I had posited a record [1] that actually made use of the same QNAME, but it really is quite (dare the author say overly?) complex. And this leads us back to performance. I personally do not have an answer for what acceptable performance is in these circumstances. And so some experimentation would really REALLY be good. Is 100 ms for this feature acceptable? 30? 80? 200? I really can't say, and there was no desire in the WG to go this far. I will say that Cisco has an open RFP for related work if any researchers want to take the challenge.[2] Eliot [1] http://tools.ietf.org/html/draft-lear-httpbis-svcinfo-rr [2] http://www.cisco.com/web/about/ac50/ac207/crc_new/university/RFP/rfp13077.html
Attachment:
signature.asc
Description: OpenPGP digital signature