Proxies SHOULD provide all routes for resolved addresses about draft-ietf-masque-connect-ip HOT 8 CLOSED

I agree

from draft-ietf-masque-connect-ip.

What is a client expected to do with this information? Say I ask for the proxy to connect to example.com:443. I get back a RA that includes the result of DNS lookups for example.com (maybe multiple RAs that include all the answers from A/AAAA records?). Am I supposed to assume that this is the result of the DNS lookup? How do I distinguish that from other RAs that might just advertise where I might be able send packets via the tunnel?

If the purpose of this is to provide name resolution, it is probably better to include an explicit signal. It's a bit of a rathole, but a new capsule type seems fairly obvious. That leads me to ask a whole bunch of questions about whether the proxy needs to supply a DNS service, ...

from draft-ietf-masque-connect-ip.

Say I ask for the proxy to connect to example.com:443

Nit: there is no port number.

Am I supposed to assume that this is the result of the DNS lookup?

That's the status quo in this draft for hostname targets. The implicit signal here doesn't bother me, since it's unambiguous.

I'm also fine with dropping support for DNS targets, although I think it might be useful in some scenarios.

from draft-ietf-masque-connect-ip.

there is no port number

Of course. I somehow got mislead by the first example: "https://masque.example.org/{target}/{target_port}/"

from draft-ietf-masque-connect-ip.

Yeah, looks like that example had a copy paste error from CONNECT-UDP.

I filed #38

from draft-ietf-masque-connect-ip.

The ability to specify a host to proxy to was important in our discussions for keeping parity with other proxying methods.

from draft-ietf-masque-connect-ip.

Indeed, that was bad copy-pasta from me, my apologies. It's been fixed in the editor's copy.

from draft-ietf-masque-connect-ip.

@DavidSchinazi thanks!

from draft-ietf-masque-connect-ip.