-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC1708: .well-known support for server name resolution #1708
Conversation
Thanks for the quick feedback @turt2live ! |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
A note on all the let's look what the rest of the world is doing: Apparently the IETF has decided that DNSSEC+DANE is not enough for SMTP, so they created MTA-MTS, which is basically the same as this proposal, getting trust from .well-known. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since #1711 is very important and this spec change is considered a pre-requisite for it, I'll try to move forward here: I'd be in favour of matrix-sts (matrix-strict transport security), instead of this PR, based on RFC8461. The goal would not be to move the delegation out of DNS to .well-known, but to confirm it via .well-known. Does that sound like an okay option?
@jcgruenhage it's certainly something worth considering. I'd need to be convinced it actually represents a material improvement over what's suggested here. I haven't been yet, and my questions would depend on how exactly you envision it working... |
The final comment period, with a disposition to merge, as per the review above, is now complete. |
Original proposals: * #1708 (note: the JSON requirements were softened by #1824) * #1711 Implementation proofs: * matrix-org/synapse#4489 * No explicit PRs for MSC1711 could be found, however Synapse is known to implement it. There are no intentional changes which differ from the proposals in this commit, however the author has relied upon various historical conversations outside of the proposals to gain the required context. Inaccuracies introduced by the author are purely accidental.
This spec violates RFC5785 Defining Well-Known Uniform Resource Identifiers (URIs) by claiming direct use of the According to rfc5785,
This specification should be updated to conform to acceptable use of the .well-known resource space defined by RFC5785. Instead of trying to serve Matrix's json document on RFC5785 goes as far as to directly contradict the behavior MSC1708 opted for, in directly using
There should be no resource available on Please update this specification to more respectfully cooperate & interoperate with other well-known resources a server might have. Claiming the /cc @richvdh |
@rektide i’m failing to follow. this MSC only specs behaviour for the https://<server_name>/.well-known/matrix/server path? |
afaict, the first point is valid, that document specifies that someone from the spec core team should write an email to those people over at IETF to get their approval. It is unfortunate that this concern has only been brought forward after this proposal has only landed in production though. |
My apologies all. @ara4n is right. I mis-read these changes. this line backs up what @ara4n is saying, that this is for a It would be good to get this particular well-known resource registered with IANA. 🤞 |
np. have filed a bug at #1914 for that IANA dance. |
For links: the order of SRV and |
Rendered