From 0e90cf6a0c8529cb17dd5a4ed57bc2e221667a02 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 31 Jan 2019 09:38:58 -0700 Subject: [PATCH 1/3] Proposal to change the order of .well-known and SRV discovery techniques --- proposals/1831-srv-after-wellknown.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 proposals/1831-srv-after-wellknown.md diff --git a/proposals/1831-srv-after-wellknown.md b/proposals/1831-srv-after-wellknown.md new file mode 100644 index 000000000..53f5ddacc --- /dev/null +++ b/proposals/1831-srv-after-wellknown.md @@ -0,0 +1,19 @@ +# Proposal to do SRV lookups after .well-known to discover homeservers + +Currently there is a logistical error proposed by [MSC1708](https://github.com/matrix-org/matrix-doc/pull/1708) +which results in some homeservers unable to migrate to the new functionality +proposed by [MSC1711](https://github.com/matrix-org/matrix-doc/pull/1711). This +can happen if the delegated homeserver cannot obtain a valid TLS certificate for +the top level domain, and an SRV record is used for backwards compatibility reasons. + +## Proposal + +We change the order of operations to perform a .well-known lookup before falling +back to resolving the SRV record. This allows for domains to delegate to other +hostnames and maintains backwards compatibility with older homeservers. + +## Tradeoffs + +More HTTP hits will be made due to the .well-known lookup being first. This is +somewhat mitigated by servers caching the responses appropriately, and using +connection pools where possible. From ab7876cbef86ba669710c1a07aa4560764361cfc Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 31 Jan 2019 09:55:58 -0700 Subject: [PATCH 2/3] Update 1831-srv-after-wellknown.md --- proposals/1831-srv-after-wellknown.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/1831-srv-after-wellknown.md b/proposals/1831-srv-after-wellknown.md index 53f5ddacc..f1b125f27 100644 --- a/proposals/1831-srv-after-wellknown.md +++ b/proposals/1831-srv-after-wellknown.md @@ -4,7 +4,7 @@ Currently there is a logistical error proposed by [MSC1708](https://github.com/m which results in some homeservers unable to migrate to the new functionality proposed by [MSC1711](https://github.com/matrix-org/matrix-doc/pull/1711). This can happen if the delegated homeserver cannot obtain a valid TLS certificate for -the top level domain, and an SRV record is used for backwards compatibility reasons. +the domain, and an SRV record is used for backwards compatibility reasons. ## Proposal From 2fe6b2cb5c1fc93088378ee86c639582acac1a95 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 31 Jan 2019 10:53:06 -0700 Subject: [PATCH 3/3] Plagiarize from richvdh for a better explanation --- proposals/1831-srv-after-wellknown.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/proposals/1831-srv-after-wellknown.md b/proposals/1831-srv-after-wellknown.md index 53f5ddacc..c0f8ef7a2 100644 --- a/proposals/1831-srv-after-wellknown.md +++ b/proposals/1831-srv-after-wellknown.md @@ -6,6 +6,12 @@ proposed by [MSC1711](https://github.com/matrix-org/matrix-doc/pull/1711). This can happen if the delegated homeserver cannot obtain a valid TLS certificate for the top level domain, and an SRV record is used for backwards compatibility reasons. +Specifically, in order to be compatible with requests from both Synapse 0.34 and 1.0, +servers can have both a SRV and a .well-known file, with Synapse presenting a certificate +corresponding to the target of the .well-known. Synapse 0.34 is then happy because it +will follow the SRV (and won't care about the incorrect certificate); Synapse 1.0 is +happy because it will follow the .well-known (and will see the correct cert). + ## Proposal We change the order of operations to perform a .well-known lookup before falling