Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Update on ECH
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Niall O'Reilly via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 01 May 2024 20:49:15 +0100
On 2 Apr 2024, at 21:47, Stephen Farrell via curl-library wrote:
> - the handling of HTTPS RRs is relatively basic for
> now, but improving on that would likely be better as
> a separate PR anyway
After discussion with Stephen, I began to look at what
we thought should be the next improvement to handling
these RRs. This was dealing with HTTPS RRsets
according to the *Priority* field of the RDATA, rather
than in whatever order they occurred in the DNS
response.
The special case of *AliasMode* (*Priority=0*)
HTTPS RRs seemed like a good place to start, and
https://github.com/niallor/curl/tree/DOH-follow-alias
has working code for chasing a (limited) chain of
AliasMode RRs.
Next steps, in no particular order, will probably
include:
- testing and debugging against some alias chains
that Stephen is planning to set up on the
*defo.ie* webserver,
- making use of the *ipv4hint* and *ipv6hint*
service parameters in case no *A* or *AAAA*
records are available,
- placing additional *A* and *AAAA* queries
to resolve addresses for the Target host,
- adding support for ordered RRsets,
- exploring re-use for additional DNS queries
of the DOH TLS sessions as an alternative to
the current single-session-per-query model,
- exploring filtering of the HTTPS RRsets
according to whether the advertised set of
service parameters matched the capabilities
available,
- (probably in the longer term) adding HTTPS RR
support to other "DNS backends" in libcurl.
As I can't make it to the **curl up** meeting this
weekend, I hope that people will follow up by email.
I wish all the participants a productive and
enjoyable couple of days.
Best regards,
Niall O'Reilly
Date: Wed, 01 May 2024 20:49:15 +0100
On 2 Apr 2024, at 21:47, Stephen Farrell via curl-library wrote:
> - the handling of HTTPS RRs is relatively basic for
> now, but improving on that would likely be better as
> a separate PR anyway
After discussion with Stephen, I began to look at what
we thought should be the next improvement to handling
these RRs. This was dealing with HTTPS RRsets
according to the *Priority* field of the RDATA, rather
than in whatever order they occurred in the DNS
response.
The special case of *AliasMode* (*Priority=0*)
HTTPS RRs seemed like a good place to start, and
https://github.com/niallor/curl/tree/DOH-follow-alias
has working code for chasing a (limited) chain of
AliasMode RRs.
Next steps, in no particular order, will probably
include:
- testing and debugging against some alias chains
that Stephen is planning to set up on the
*defo.ie* webserver,
- making use of the *ipv4hint* and *ipv6hint*
service parameters in case no *A* or *AAAA*
records are available,
- placing additional *A* and *AAAA* queries
to resolve addresses for the Target host,
- adding support for ordered RRsets,
- exploring re-use for additional DNS queries
of the DOH TLS sessions as an alternative to
the current single-session-per-query model,
- exploring filtering of the HTTPS RRsets
according to whether the advertised set of
service parameters matched the capabilities
available,
- (probably in the longer term) adding HTTPS RR
support to other "DNS backends" in libcurl.
As I can't make it to the **curl up** meeting this
weekend, I hope that people will follow up by email.
I wish all the participants a productive and
enjoyable couple of days.
Best regards,
Niall O'Reilly
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-05-01