Again this is tail wagging the dog. It should all be about ease of data entry.
Adding another backslash escape with meaning should be trivial. It was in BIND.
It was no harder than handling \. in a DNS label. Instead we have complicated
data
entry.
Making it easy for millions of people entering data vs a handful of people
writing
parsers.
B.T.W. port=“\055\053” is illegal and I suspect that some of the parsers
requiring the
double quoting don’t detect that. See the various "SvcParamValue MUST NOT
contain escape
sequences”.
Mark
> On 4 May 2021, at 03:23, Ben Schwartz <bem...@google.com> wrote:
>
> The purpose of this two-layer escaping is to allow key-independent tokenizing
> of SvcParam values. For example, I just wrote an implementation of the
> parser that works as follows:
>
> 1. Tokenize
> a. Scan forward looking for whitespace or "=". This is the key name.
> b. If "=" was found, run the standard char-string parser. Its output is
> the SvcParam presentation value.
> 2. Create a SvcParam representing (key name, value).
> a. Choose a value parser based on the key name.
> - Parsers that use the "value-list" pattern call a subroutine with a tiny
> chunk of escaping logic for handling backslash and comma.
> b. Run the parser on the value.
>
> If we use single-layer escaping, this arrangement is not possible. Instead,
> (1) we would need to add complexity to the char-string parser that is shared
> by many RR types.
> (2) we would need to integrate key-type-specific behavior into the tokenizer,
> complicating the interface between the parsing function and the SvcParams
> implementation.
>
> In the draft's arrangement, those implementation choices are allowed, but not
> required.
>
> For the administrators, this all seems likely to remain irrelevant. There is
> no known use case where escaping is or will be used in a value-list element.
> The functionality is defined only to preserve ALPN as 8-bit-clean, as
> requested by some TLS experts, but there will likely never be a defined ALPN
> that contains these characters.
>
> On Sun, May 2, 2021 at 5:27 PM Mark Andrews <ma...@isc.org> wrote:
> I agree with you Dick, but some developers complained that they "couldn’t
> re-use their string parsers" (despite no existing parser supporting
> key=“value”)
> so now we have to double escape backslashes. I very much feel that this is
> tail
> wagging the dog.
>
> > On 3 May 2021, at 01:25, Dick Franks <rwfra...@gmail.com> wrote:
> >
> > All,
> >
> > I have considerable difficulty with these test vectors at the end of
> > Appendix D.2:
> >
> > 16 foo.example.org. alpn="f\\\\oo\\,bar,h2"
> > 16 foo.example.org. alpn=f\\\092oo\092,bar,h2
> >
> > \# 35 (
> > 00 10 ; priority
> > 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 67 00 ; target
> > 00 01 ; key 1
> > 00 0c ; param length 12
> > 08 ; alpn length 8
> > 66 5c 6f 6f 2c 62 61 72 ; alpn value
> > 02 ; alpn length 2
> > 68 32 ; alpn value
> > )
> >
> > which appear to be incompatible with RFC1035 5.1 paragraph 10:
> >
> > Because these files are text files several special encodings are
> > necessary to allow arbitrary data to be loaded. In particular:
> >
> > ...
> >
> > \X where X is any character other than a digit (0-9), is
> > used to quote that character so that its special meaning
> > does not apply. For example, "\." can be used to place
> > a dot character in a label.
> >
> > \DDD where each D is a digit is the octet corresponding to
> > the decimal number described by DDD. The resulting
> > octet is assumed to be text and is not checked for
> > special meaning.
> >
> > The intention appears to be to include (a) a single arbitrary octet in
> > the argument, and (b) a plain text comma not being a delimiter in the
> > argument list. The specimen result is consistent with that assumption.
> >
> > Armed with the weapons supplied by RFC1035, the obvious way to
> > represent such an argument is: alpn="f\092oo\,bar,h2"
> >
> >
> > A parser adhering strictly to RFC1035 zone file escape conventions:
> >
> > #!/usr/bin/perl
> > use Net::DNS 1.31;
> > use Net::DNS::ZoneFile;
> >
> > my $zonefile = new Net::DNS::ZoneFile(\*DATA);
> > while ( my $rr = $zonefile->read ) {
> > $rr->print;
> > }
> > exit;
> >
> > __DATA__
> > rfc1035-compliant.example. SVCB 16 foo.example.org.
> > alpn="f\092oo\,bar,h2"
> >
> > produces the desired wire-format image:
> >
> > rfc1035-compliant.example. IN SVCB ( \# 35 0010 ; 16
> > 03666f6f076578616d706c65036f7267 00 ;
> > foo.example.org.
> > 0001 000c 08665c6f6f2c626172026832 )
> >
> > Other parsers are available.
> >
> >
> > The test vectors, as written, appear to rely upon somehow reactivating
> > the special meaning of the escape character which is explicitly
> > disallowed by RFC1035.
> >
> > The result in each case is:
> >
> > non-compliant.example. IN SVCB ( \# 37 0010 ; 16
> > 03666f6f076578616d706c65036f7267 00 ;
> > foo.example.org.
> > 0001 000e 06665c5c6f6f5c03626172026832 )
> >
> > the escaped escape characters being inserted as uninterpreted text per
> > RFC1035.
> >
> >
> > Dick Franks
> > ________________________
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
