Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Managing application data fetched from DNS (eg for ESNI)

From: Peter Wu via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 11 Oct 2019 13:58:04 +0200

Hi,

On Mon, Sep 30, 2019 at 04:29:38PM +0200, Daniel Stenberg via curl-library wrote:
> On Mon, 30 Sep 2019, Niall O'Reilly wrote:
>
> > > And the TXT one is just in the draft that will soon go away, right?
> >
> > IIUC, it's in service in Cloudflare's pilot implementation, so I think
> > "will soon go away" is true only for a value of "soon" which depends (a)
> > on the IETF process reaching a stage where IANA assign an official ESNI
> > code point instead of TYPE65439, and (b) Cloudflare complete a migration
> > process.
> >
> > Draft 3 (binary blob with signature 0xFF02) seems more likely to me to
> > go away soon, as I'm not aware of any deployment at scale.

Draft 3 is most likely not going to be implemented by Cloudflare. It
does not make sense to implement something that is not supported by
major clients (Firefox and Chrome).

> > This all may depend on how the IETF process for SVCB and HTTPSSVC converge.
>
> ... and also what the other "big players" do. Firefox has an ESNI
> implementation that I figure they like having in sync with for example
> Cloudflare. I figure there's a risk the first version will remain lingering
> around for a while until there seems to be a consensus on the new draft's
> method *and* some efforts done to upgrade Cloudflare, Firefox and the likes.
>
> So yeah, maybe continue with the TXT format supported for now but with the
> knowledge that we can probably rip that code out again at a later point.
>
> (It seems Chrome has not yet implemented ESNI:
> https://bugs.chromium.org/p/chromium/issues/detail?id=908132)

Chrome uses boringssl and will use whatever draft version is implemented
in boringssl. At the moment there is an in-progress patch for draft 4:
https://boringssl-review.googlesource.com/c/boringssl/+/37704

I have updated the current state of art here accordingly:
https://github.com/cloudflare/tls-tris/issues/138#issuecomment-479521149

TXT support will not remain forever. As soon as Cloudflare moves to a
newer ESNI draft version, support for the previous draft is most likely
dropped (the same happened with how TLS 1.3 was deployed for example). 

-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-10-11