[auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review
Amanda Baber via RT <iana-matrix@iana.org> Tue, 24 October 2023 18:05 UTC
Return-Path: <iana-shared@icann.org>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D270C1516E2; Tue, 24 Oct 2023 11:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.656
X-Spam-Level:
X-Spam-Status: No, score=-6.656 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PkYMbjyd22KS; Tue, 24 Oct 2023 11:05:08 -0700 (PDT)
Received: from smtp.lax.icann.org (smtp.lax.icann.org [192.0.33.81]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39738C14CE4A; Tue, 24 Oct 2023 11:05:08 -0700 (PDT)
Received: from request6.lax.icann.org (request1.lax.icann.org [10.32.11.221]) by smtp.lax.icann.org (Postfix) with ESMTP id 0EFEEE16CA; Tue, 24 Oct 2023 18:05:08 +0000 (UTC)
Received: by request6.lax.icann.org (Postfix, from userid 48) id 0CB9E7A6CA; Tue, 24 Oct 2023 18:05:08 +0000 (UTC)
RT-Owner: amanda.baber
From: Amanda Baber via RT <iana-matrix@iana.org>
Reply-To: iana-matrix@iana.org
In-Reply-To: <6F5990FC-5007-4CEC-990E-147FA69E21FA@amsl.com>
References: <RT-Ticket-1284364@icann.org> <20230909024843.23314E5EA7@rfcpa.amsl.com> <PH0PR22MB3102689F598B65A0549D2027DAF9A@PH0PR22MB3102.namprd22.prod.outlook.com> <E9C199B0-4A37-4D3E-862B-70C7ED633E9B@amsl.com> <BN8PR15MB32816A6ED8DD517245E00396B3D8A@BN8PR15MB3281.namprd15.prod.outlook.com> <5079D5C3-5849-4602-A623-BFB652852C6E@amsl.com> <BN8PR15MB32813076DCCF2E7E93A52BA7B3D8A@BN8PR15MB3281.namprd15.prod.outlook.com> <9B9236D2-8628-4B6B-83D0-6BC246D2891C@amsl.com> <BN8PR15MB3281E93F2EB081C714740AA1B3DFA@BN8PR15MB3281.namprd15.prod.outlook.com> <6F5990FC-5007-4CEC-990E-147FA69E21FA@amsl.com>
Message-ID: <rt-5.0.3-1366268-1698170707-853.1284364-37-0@icann.org>
X-RT-Loop-Prevention: IANA
X-RT-Ticket: IANA #1284364
X-Managed-BY: RT 5.0.3 (http://www.bestpractical.com/rt/)
X-RT-Originator: amanda.baber@icann.org
To: bemasc@meta.com, lbartholomew@amsl.com
CC: warren@kumari.net, tls-chairs@ietf.org, tjw.ietf@gmail.com, rwilton@cisco.com, rfc-editor@rfc-editor.org, nygren@gmail.com, mbishop@evequefou.be, ietf@bemasc.net, dnsop-chairs@ietf.org, dnsop-ads@ietf.org, auth48archive@rfc-editor.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-RT-Original-Encoding: utf-8
Precedence: bulk
Date: Tue, 24 Oct 2023 18:05:08 +0000
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/BiLcwmmbxx6DQtILV5mJTOCa_hc>
Subject: [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 18:05:12 -0000
Hi, We've updated the registration to read as follows: Number: 5 Name: ech Meaning: RESERVED (held for Encrypted ClientHello) Change Controller: IETF Reference: [RFC-ietf-dnsop-svcb-https-12] Please see https://www.iana.org/assignments/dns-svcb Amanda On Tue Oct 24 16:19:04 2023, lbartholomew@amsl.com wrote: > Hi, Ben, *IANA, and **Rob. > > IANA, please update <https://www.iana.org/assignments/dns-svcb/> per > per Ben's note below. > > **Rob and Ben, please confirm that the reference mismatch ("N/A" in > this document versus "[RFC-ietf-dnsop-svcb-https-12]" (to be changed > to "[RFC9460]" after publication) on the IANA page) is acceptable. > > Thank you! > > RFC Editor/lb > > > On Oct 24, 2023, at 8:36 AM, Ben Schwartz <bemasc@meta.com> wrote: > > > > The requested change in the IANA registry is: > > > > OLD > > RESERVED (will be used for ECH) > > > > NEW > > RESERVED (held for Encrypted ClientHello) > > > > --Ben SchwartzFrom: Lynne Bartholomew <lbartholomew@amsl.com> > > Sent: Monday, October 23, 2023 5:10 PM > > To: Ben Schwartz <bemasc@meta.com> > > Cc: Erik Nygren <nygren@gmail.com>; Mike Bishop > > <mbishop@evequefou.be>; Warren Kumari <warren@kumari.net>; iana- > > matrix-comment@iana.org <iana-matrix-comment@iana.org>; dnsop- > > ads@ietf.org <dnsop-ads@ietf.org>; Rob Wilton <rwilton@cisco.com>; > > Tim Wicinski <tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org <rfc- > > editor@rfc-editor.org>; ietf@bemasc.net <ietf@bemasc.net>; dnsop- > > chairs <dnsop-chairs@ietf.org>; auth48archive@rfc-editor.org > > <auth48archive@rfc-editor.org>; TLS Chairs <tls-chairs@ietf.org> > > Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be > > 9460 <draft-ietf-dnsop-svcb-https-12> for your review > > !------------------------------------------------------------------- > > | > > This Message Is From an External Sender > > > > |-------------------------------------------------------------------! > > > > Hi, Ben. > > > > Can you please clarify what that update to the document might be, > > using "OLD" and "NEW" text? > > > > Thank you! > > > > RFC Editor/lb > > > > > On Oct 23, 2023, at 9:26 AM, Ben Schwartz <bemasc@meta.com> wrote: > > > > > > RFC-to-be 9460 does request a change to the "Meaning" field that > > > has not yet been implemented on iana.org, so I think it's fair to > > > say that the IANA registry is not "in sync" with that document, and > > > an update is requested. > > > > > > --BenFrom: Lynne Bartholomew <lbartholomew@amsl.com> > > > Sent: Monday, October 23, 2023 12:22 PM > > > To: Erik Nygren <nygren@gmail.com>; Mike Bishop > > > <mbishop@evequefou.be>; Warren Kumari <warren@kumari.net>; Ben > > > Schwartz <bemasc@meta.com> > > > Cc: iana-matrix-comment@iana.org <iana-matrix-comment@iana.org>; > > > dnsop-ads@ietf.org <dnsop-ads@ietf.org>; Rob Wilton > > > <rwilton@cisco.com>; Tim Wicinski <tjw.ietf@gmail.com>; rfc- > > > editor@rfc-editor.org <rfc-editor@rfc-editor.org>; > > > ietf@bemasc.net<ietf@bemasc.net>; dnsop-chairs <dnsop- > > > chairs@ietf.org>; auth48archive@rfc-editor.org <auth48archive@rfc- > > > editor.org>; TLS Chairs <tls-chairs@ietf.org> > > > Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be > > > 9460 <draft-ietf-dnsop-svcb-https-12> for your review > > > !------------------------------------------------------------------- > > > | > > > This Message Is From an External Sender > > > > > > |------------------------------------------------------------------- > > > ! > > > > > > Hello, all. > > > > > > It is not clear to us whether or not further changes are required > > > for this document. > > > Currently (best viewed with a fixed-point font): > > > +===========+=================+================+=========+==========+ > > > |Number | Name | Meaning |Reference|Change > > > | > > > | | | | > > > |Controller| > > > +===========+=================+================+=========+==========+ > > > ... > > > +-----------+-----------------+----------------+--------- > > > +----------+ > > > |5 | ech | RESERVED |N/A |IETF > > > | > > > | | | (held for | | > > > | > > > | | | Encrypted | | > > > | > > > | | | ClientHello) | | > > > | > > > +-----------+-----------------+----------------+--------- > > > +----------+ > > > > > > The corresponding IANA entry (which would normally match) on > > > <https://www.iana.org/assignments/dns-svcb/ >: > > > Number Name Meaning Change > > > Controller Reference > > > ... > > > 5 ech RESERVED (will be used for ECH) IETF > > > [RFC-ietf-dnsop-svcb-https-12] > > > > > > Please let us know if this mismatch is acceptable. > > > > > > Thank you. > > > > > > RFC Editor/lb > > > > > > > > > > On Oct 23, 2023, at 8:31 AM, Ben Schwartz <bemasc@meta.com> > > > > wrote: > > > > > > > > Given the large-scale rollout of ECH, and the fact that ECHConfig > > > > is internally versioned, there's simply no scenario in which we > > > > change this codepoint. "ech" is and will be codepoint 5. > > > > > > > > There are some process questions about which document owns that > > > > row during this awkward interim period, but the current registry > > > > contents look great [1] and I think our best strategy for now is > > > > to declare victory and move on. > > > > > > > > --Ben > > > > > > > > [1] https://www.iana.org/assignments/dns-svcb/dns-svcb.xhtml > > > > From: Erik Nygren <nygren@gmail.com> > > > > > > > Sent: Monday, October 23, 2023 11:19 AM > > > > To: Mike Bishop <mbishop@evequefou.be> > > > > Cc: Warren Kumari <warren@kumari.net>; Lynne Bartholomew > > > > <lbartholomew@amsl.com>; iana-matrix-comment@iana.org <iana- > > > > matrix-comment@iana.org>; dnsop-ads@ietf.org<dnsop-ads@ietf.org>; > > > > Rob Wilton <rwilton@cisco.com>; Tim Wicinski > > > > <tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org <rfc-editor@rfc- > > > > editor.org>; ietf@bemasc.net<ietf@bemasc.net>; dnsop-chairs > > > > <dnsop-chairs@ietf.org>; Ben Schwartz <bemasc@meta.com>; > > > > auth48archive@rfc-editor.org <auth48archive@rfc-editor.org>; TLS > > > > Chairs <tls-chairs@ietf.org> > > > > Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to- > > > > be 9460 <draft-ietf-dnsop-svcb-https-12> for your review > > > > This Message Is From an External Sender > > > > > > > > + TLS Chairs > > > > > > > > There are also implementations using this codepoint so if major > > > > changes are needed that don't fit into the versioning supported > > > > in ECHConfig then we might already need to switch to a new > > > > codepoint. As Mike mentioned, the TLS WG was also discussing > > > > requesting a SvcParam codepoint for this so we might be at the > > > > right point for that. > > > > > > > > On Mon, Oct 23, 2023, 5:05 PM Mike Bishop <mbishop@evequefou.be> > > > > wrote: > > > > This entry was originally used by this document; when that was > > > > extracted out, this document “Reserved” it for the future use of > > > > ECH to ensure the codepoint doesn’t get allocated elsewhere. I > > > > don’t see why we really care where the reservation points, so > > > > long as it’s reserved. It would be formally allocated when some > > > > ECH document is published to make use of it. > > > > > > > > Frankly, I think we’d also be fine to drop the reservation – > > > > there’s already an adopted document that requests the assignment > > > > of this codepoint, so as a practical matter I don’t think it will > > > > get stomped on. > > > > > > > From: Warren Kumari <warren@kumari.net> > > > > Sent: Saturday, October 21, 2023 3:49 PM > > > > To: Lynne Bartholomew <lbartholomew@amsl.com> > > > > Cc: iana-matrix-comment@iana.org; Erik Nygren <nygren@gmail.com>; > > > > dnsop-ads@ietf.org; Rob Wilton <rwilton@cisco.com>; Tim Wicinski > > > > <tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org; Mike Bishop > > > > <mbishop@evequefou.be>; ietf@bemasc.net; dnsop-chairs <dnsop- > > > > chairs@ietf.org>; Ben Schwartz <bemasc@meta.com>; > > > > auth48archive@rfc-editor.org > > > > Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to- > > > > be 9460 <draft-ietf-dnsop-svcb-https-12> for your review > > > > > > > > On Fri, Oct 20, 2023 at 11:59 PM, Lynne Bartholomew > > > > <lbartholomew@amsl.com> wrote: > > > > Hi, Amanda, Erik, and *AD (Warren or Rob). Amanda, thank you for > > > > making the updates! All looks good (but we're asking the AD about > > > > the updated "ech" entry). > > > > Erik, thank you for your suggestion. * Warren or Rob, please see > > > > Erik's suggestion re. a reference for the "ech" entry, and let us > > > > know if that suggested update in this document and on > > > > <https://www.iana.org/assignments/dns-svcb > would be acceptable. > > > > Please see <https://www.rfc- > > > > editor.org/authors/rfc9460.html#table-1 > and IANA's note below. > > > > > > > > Erm, I think I got lost somewhere in the (many) levels of > > > > quoting… > > > > Doesn't that mean that the reference would be to a (currently in > > > > progress) draft? Is this OK? What if the draft significantly > > > > changes? > > > > W > > > > > > > > Thanks again! RFC Editor/lb On Oct 19, 2023, at 5:09 PM, Erik > > > > Nygren <nygren@gmail.com> wrote: > > > > Another option for the reference for "ech" would be to "draft- > > > > ietf-tls-svcb-ech-00" which is where that portion of the format > > > > specification has moved to and where the TLS WG is working on it. > > > > Thanks, Erik On Thu, Oct 19, 2023 at 8:01 PM Amanda Baber via RT > > > > <iana-matrix-comment@iana.org> wrote: Hi, > > > > We've completed these changes, but need to make a note about the > > > > second one: > > > > On Wed Oct 18 19:43:35 2023, lbartholomew@amsl.com wrote: Dear > > > > IANA, We are preparing this document for publication. Please make > > > > the following updates to the "Resource Record (RR) TYPEs" > > > > registry on > > > > <https://www.iana.org/assignments/dns-parameters/ >: > > > > OLD: > > > > General Purpose Service Binding > > > > Service Binding type for use with HTTP NEW: > > > > General-purpose service binding > > > > SVCB-compatible type for use with HTTP This is complete: > > > > https://www.iana.org/assignments/dns-parameters > > > > = = = = = Please make the following update to the "Service > > > > Parameter Keys > > > > (SvcParamKeys)" registry on > > > > <https://www.iana.org/assignments/dns-svcb/ >: > > > > OLD (column name): > > > > Format Reference NEW: > > > > Reference The Service Parameter Keys (SvcParamKeys) registry > > > > originally had the "Format Reference" field populated by the > > > > document and a "Reference" field added by IANA. Aside from the > > > > entry for "ech", which was filled in with "N/A", the former > > > > contained either a more detailed version of IANA's reference or > > > > the same reference. > > > > We've removed IANA's "Reference" field and changed the name of > > > > the "Format Reference" field to "Reference," but we've also > > > > replaced "N/A" with "[RFC-ietf-dnsop-svcb-https-12]" for "ech", > > > > so as to avoid leaving that entry unreferenced: > > > > https://www.iana.org/assignments/dns-svcb > > > > thanks, > > > > Amanda Thank you! RFC Editor/lb On Oct 18, 2023, at 12:31 PM, > > > > Lynne Bartholomew > > > > <lbartholomew@amsl.com> wrote: > > > > Hi, Ben. Great; thanks! RFC Editor/lb On Oct 18, 2023, at 12:26 > > > > PM, Ben Schwartz <bemasc@meta.com> wrote: > > > > Correct. On Oct 18, 2023, at 11:26 AM, Lynne Bartholomew > > > > <lbartholomew@amsl.com> wrote: > > > > Hi, Ben. Just to confirm -- 'replace the "Reference" column that > > > > IANA added' means 'change IANA's "Format Reference" column > > > > heading to > > > > "Reference"; correct? Thank you! RFC Editor/lb On Oct 18, 2023, > > > > at 11:17 AM, Ben Schwartz <bemasc@meta.com> wrote: > > > > That's correct. This will replace the "Reference" column that > > > > IANA added for compliance with their usual processes. > > > > --Ben SchwartzFrom: Lynne Bartholomew <lbartholomew@amsl.com> > > > > Sent: Wednesday, October 18, 2023 1:34 PM > > > > To: Mike Bishop <mbishop@evequefou.be> > > > > Cc: Erik Nygren <nygren@gmail.com>; Ben Schwartz > > > > <bemasc@meta.com>; ietf@bemasc.net <ietf@bemasc.net>; rfc- > > > > editor@rfc-editor.org <rfc-editor@rfc-editor.org>; dnsop- > > > > ads@ietf.org<dnsop-ads@ietf.org>; dnsop-chairs@ietf.org <dnsop- > > > > chairs@ietf.org>;tjw.ietf@gmail.com <tjw.ietf@gmail.com>; > > > > auth48archive@rfc-editor.org<auth48archive@rfc-editor.org> > > > > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https- > > > > 12> for your review > > > > !------------------------------------------------------------------- > > > > | > > > > This Message Is From an External Sender > > > > |------------------------------------------------------------------- > > > > ! Hi, Mike. So noted: https://www.rfc-editor.org/auth48/rfc9460 > > > > Before we ask IANA to make updates per changes made to this > > > > document, we first want to confirm that, per AUTH48 XML updates > > > > that you sent us on26 September, we also need to ask for the > > > > following change on <https://www.iana.org/assignments/dns-svcb/ > > > > >: OLD (column name): > > > > Format Reference NEW: > > > > Reference Please let us know about the above. We will wait to > > > > hear from you before proceeding. > > > > Thank you! RFC Editor/lb On Oct 17, 2023, at 12:52 PM, Mike > > > > Bishop <mbishop@evequefou.be> wrote: > > > > Approved -- thanks to everyone for their work on this. > > > > -----Original Message----- > > > > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Monday, > > > > October 16, 2023 11:30 AM > > > > To: Erik Nygren <nygren@gmail.com> > > > > Cc: Ben Schwartz <bemasc@meta.com>; Mike Bishop > > > > <mbishop@evequefou.be>; ietf@bemasc.net; rfc-editor@rfc- > > > > editor.org; dnsop-ads@ietf.org; dnsop-chairs@ietf.org; > > > > tjw.ietf@gmail.com; auth48archive@rfc-editor.org > > > > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https- > > > > 12> for your review > > > > Hi, Erik. Thank you for confirming your approval! RFC Editor/lb > > > > On Oct 15, 2023, at 6:45 AM, Erik Nygren <nygren@gmail.com> > > > > wrote: > > > > I just looked at the latest and it looks good to me. Thanks! Erik > > > > On Fri, Oct 13, 2023 at 5:53 PM Lynne Bartholomew > > > > <lbartholomew@amsl.com> wrote: > > > > Hi, Erik, Ben, and Mike. Ben and Mike, we have made further > > > > updates to this document per your notes below. > > > > The latest files are posted here (please refresh your browser): > > > > https://www.rfc-editor.org/authors/rfc9460.txt > > > > https://www.rfc-editor.org/authors/rfc9460.pdf > > > > https://www.rfc-editor.org/authors/rfc9460.html > > > > https://www.rfc-editor.org/authors/rfc9460.xml > > > > https://www.rfc-editor.org/authors/rfc9460- > > > > diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > auth48diff.html https://www.rfc-editor.org/authors/rfc9460- > > > > lastdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > lastrfcdiff.html > > > > https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html > > > > https://www.rfc-editor.org/authors/rfc9460- > > > > xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- > > > > diff.html > > > > Erik and Ben, we have noted your approvals on the AUTH48 status > > > > page. Please note, however, that if you object to any subsequent > > > > updates to this document you will let us know: > > > > https://www.rfc-editor.org/auth48/rfc9460 > > > > Thank you! RFC Editor/lb On Oct 12, 2023, at 2:05 PM, Mike Bishop > > > > <mbishop@evequefou.be> wrote: > > > > I’ve finished my final read-through. These are minor issues, and > > > > everything else looks fine. > > > > I caught a few uses of the first-person through the document. I > > > > suggest: > > > > • Section 1.3: “Our terminology…” => “Terminology in this > > > > document…” > > > > • Section 2.3: “We term this behavior "Port Prefix Naming" and > > > > use it in the examples throughout this document.” => “This > > > > document terms this behavior "Port Prefix Naming" and uses it in > > > > the examples throughout.” > > > > • Appendix A: “Here, we summarize…” => “The following > > > > summarizes…” > > > > • Appendix C: “…by providing an extensible solution that solves > > > > multiple problems we will overcome this inertia…” => “…an > > > > extensible solution that solves multiple problems will overcome > > > > this inertia…” > > > > There is a nested parenthetical in 2.3. I suggest the following: > > > > Current: > > > > (Parentheses are used to ignore a line break in DNS zone-file > > > > presentation format ([RFC1035], Section 5.1).) > > > > Proposed: > > > > (Parentheses are used to ignore a line break in DNS zone-file > > > > presentation format, per Section 5.1 of [RFC1035].) > > > > On Oct 11, 2023, at 10:51 AM, Ben Schwartz <bemasc@meta.com> > > > > wrote: > > > > The caption of Figure 10 is 'An alpn Value with ...'. I believe > > > > "alpn" should be quoted for consistency, resulting in > > > > 'An "alpn" Value with ...". Apart from that suggestion, I approve > > > > this version for publication. > > > > --Ben Schwartz On Oct 11, 2023, at 10:34 AM, Erik Nygren > > > > <nygren@gmail.com> wrote: > > > > Approved from my perspective! (Assuming no objections from Mike > > > > or Ben.) > > > > Best, Erik On Wed, Oct 11, 2023 at 12:11 PM Lynne Bartholomew > > > > <lbartholomew@amsl.com> wrote: > > > > Hi, Erik. We have updated this document per your note below. The > > > > latest files are posted here (please refresh your browser): > > > > https://www.rfc-editor.org/authors/rfc9460.txt > > > > https://www.rfc-editor.org/authors/rfc9460.pdf > > > > https://www.rfc-editor.org/authors/rfc9460.html > > > > https://www.rfc-editor.org/authors/rfc9460.xml > > > > https://www.rfc-editor.org/authors/rfc9460-diff.html > > > > https://www.rfc-editor.org/authors/rfc9460- > > > > rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > auth48diff.html https://www.rfc-editor.org/authors/rfc9460- > > > > lastdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > lastrfcdiff.html > > > > https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html > > > > https://www.rfc-editor.org/authors/rfc9460- > > > > xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- > > > > diff.html > > > > We will wait to hear from your coauthors regarding any subsequent > > > > changes before noting anyone's approval. > > > > Thank you! RFC Editor/lb On Oct 10, 2023, at 2:13 PM, Erik Nygren > > > > <nygren@gmail.com> wrote: > > > > I took a final reading pass through and the only thing that > > > > jumped out would be to change this: > > > > - "," and "\" characters instead of implementing the > > > > <tt>value-list</tt> escaping > > > > + "," and "\" characters in ALPN IDs instead of implementing the > > > > <tt>value-list</tt> escaping > > > > The current text is ambiguous as to whether those characters are > > > > prohibited in ALPN IDs or prohibited in value-list. It is clear > > > > that the intent is for them to only be prohibited in ALPN IDs so > > > > that value-list can contain commas, but inserting the "in ALPN > > > > IDs" would reduce risk of misreading. > > > > Everything else looks good. I believe Mike and Ben are making > > > > similar read-throughs. Thanks, Erik On Fri, Oct 6, 2023 at > > > > 4:30 PM Mike Bishop > > > > <mbishop@evequefou.be> wrote: > > > > Ben proposed this text on GitHub: In this document, this > > > > algorithm is referred to as "character- string decoding", because > > > > <xref target="RFC1035" sectionFormat="of" section="5.1"/> uses > > > > this > > > > algorithm to produce a <tt><character-string></tt>. (And a > > > > corresponding "the allowed input" => "some allowed inputs".) > > > > The attached XML incorporates this proposal, if that works for > > > > everyone. > > > > -----Original Message----- > > > > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Thursday, > > > > October 5, 2023 12:32 PM > > > > To: Erik Nygren <erik+ietf@nygren.org>; Ben Schwartz > > > > <bemasc@meta.com> > > > > Cc: Mike Bishop <mbishop@evequefou.be>;ietf@bemasc.net; rfc- > > > > editor@rfc-editor.org; dnsop-ads@ietf.org; dnsop- > > > > chairs@ietf.org; tjw.ietf@gmail.com; auth48archive@rfc- > > > > editor.org > > > > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- > > > > https-12> for your review > > > > Hi, Erik and Ben. Erik, thank you for the suggestion. Ben, is > > > > Erik's suggestion acceptable, and may we update accordingly? > > > > Thank you! RFC Editor/lb On Oct 5, 2023, at 6:12 AM, Erik Nygren > > > > <erik+ietf@nygren.org> wrote: > > > > What about "described in" (instead of just "in" or "per") ? So: > > > > -it is used to produce a <tt><character-string></tt> in > > > > +it is used to produce the <tt><character-string></tt> > > > > described in ? On Wed, Oct 4, 2023 at 11:58 AM Ben Schwartz > > > > <bemasc@meta.com> wrote: > > > > Re: "We made the additional update (changed "in" to "per") per > > > > your note for 1) below." > > > > I think we need to give that section another look. I believe that > > > > "per" may not be correct here. > > > > --Ben Schwartz From: Lynne Bartholomew <lbartholomew@amsl.com> > > > > Sent: Tuesday, October 3, 2023 12:29 PM > > > > To: Mike Bishop <mbishop@evequefou.be> > > > > Cc: ietf@bemasc.net<ietf@bemasc.net>;erik+ietf@nygren.org > > > > <erik+ietf@nygren.org>; rfc-editor@rfc-editor.org <rfc- > > > > editor@rfc-editor.org>; dnsop-ads@ietf.org <dnsop-ads@ietf.org>; > > > > dnsop-chairs@ietf.org <dnsop- > > > > chairs@ietf.org>;tjw.ietf@gmail.com<tjw.ietf@gmail.com>; > > > > auth48archive@rfc-editor.org <auth48archive@rfc-editor.org> > > > > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- > > > > https-12> for your review > > > > !------------------------------------------------------------------- > > > > | > > > > This Message Is From an External Sender > > > > |------------------------------------------------------------------- > > > > ! Hi, Mike. Thank you for the latest updated XML file! We made > > > > the additional update (changed "in" to "per") per your note for > > > > 1) below. > > > > FYI that the new line breaks in the list in Section 1.2 > > > > constitute a bug (https://github.com/ietf- > > > > tools/xml2rfc/issues/1045). We hope that this issue will be > > > > resolved soon. The latest files are posted here (please refresh > > > > your browser): > > > > https://www.rfc-editor.org/authors/rfc9460.txt > > > > https://www.rfc-editor.org/authors/rfc9460.pdf > > > > https://www.rfc-editor.org/authors/rfc9460.html > > > > https://www.rfc-editor.org/authors/rfc9460.xml > > > > https://www.rfc-editor.org/authors/rfc9460-diff.html > > > > https://www.rfc-editor.org/authors/rfc9460-rfcdiff.html > > > > https://www.rfc-editor.org/authors/rfc9460- > > > > auth48diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > lastdiff.html https://www.rfc-editor.org/authors/rfc9460- > > > > lastrfcdiff.html > > > > https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html > > > > https://www.rfc-editor.org/authors/rfc9460-xmldiff2.html > > > > https://www.rfc-editor.org/authors/rfc9460-alt-diff.html > > > > Thanks again! RFC Editor/lb On Sep 29, 2023, at 11:52 AM, Mike > > > > Bishop > > > > <mbishop@evequefou.be> wrote: > > > > 1) This is fine. 2) All reasonable, but we'd prefer to avoid > > > > nested parentheses. In the attached, we've changed this to > > > > "supported protocols" in 3.2 and moved the expansion back to > > > > 7.1. We also noted in reviewing the change to the title of Figure > > > > 1 that this URL was not quoted, so we've added those. > > > > -----Original Message----- > > > > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Thursday, > > > > September 28, 2023 11:48 AM > > > > To: Mike Bishop <mbishop@evequefou.be> > > > > Cc: ietf@bemasc.net;erik+ietf@nygren.org; rfc-editor@rfc- > > > > editor.org; dnsop-ads@ietf.org; dnsop-chairs@ietf.org; > > > > tjw.ietf@gmail.com; auth48archive@rfc-editor.org > > > > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- > > > > https-12> for your review > > > > Hi, Mike. Thank you very much for the updated XML file! Thanks > > > > also for the detailed list of updates after your > > > > "late-arriving review from the DNS Directorate" note; your note > > > > informed us that we would not need to ask for AD approval for any > > > > of those updates; very helpful and much appreciated! > > > > A couple follow-up items for you: 1) "used to produce a > > > > <character-string> in Section 5.1 of > > > > [RFC1035]" reads a bit oddly. May we change it to "used to > > > > produce a <character-string> per Section 5.1 of [RFC1035]"? > > > > 2) Please note that per our style guidelines we made the > > > > following updates to your copy: > > > > * Moved the expansion of "ALPN" from Section 7.1 to Section > > > > 3.2. > > > > * Changed "Section 2.4.2 and Section 3" to "Sections 2.4.2 and 3" > > > > in Section 9.1. > > > > * Changed "At" to "at" in the title of Figure 1. The latest files > > > > are posted here: https://www.rfc-editor.org/authors/rfc9460.txt > > > > https://www.rfc-editor.org/authors/rfc9460.pdf > > > > https://www.rfc-editor.org/authors/rfc9460.html > > > > https://www.rfc-editor.org/authors/rfc9460.xml > > > > https://www.rfc-editor.org/authors/rfc9460- > > > > diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > auth48diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > lastdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > lastrfcdiff.html > > > > https://www.rfc-editor.org/authors/rfc9460- > > > > xmldiff1.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- > > > > diff.html > > > > Again, many thanks for your help with this document! RFC > > > > Editor/lb On Sep 26, 2023, at 11:40 AM, Mike Bishop > > > > <mbishop@evequefou.be> wrote: > > > > Hi, Lynne - > > > > Please see attached an updated XML from our side, with the > > > > following changes in response to your questions. > > > > • We expanded "RR" in the document title. Please let us know any > > > > objections. > > > > We have adjusted the title to expand the initialism while > > > > avoiding nested parentheses. > > > > Original: > > > > Service Binding and Parameter Specification via the DNS > > > > (DNS SVCB and > > > > HTTPS Resource Records (RRs)) > > > > Current: > > > > Service Binding and Parameter Specification via the DNS > > > > (SVCB and > > > > HTTPS Resource Records) 2. Please insert any keywords… > > > > We have added various relevant keywords. 3. Datatracker "idnits" > > > > output for the original approved document included the following > > > > warning … There are 2 instances of lines with non-RFC2606- > > > > compliant FQDNs > > > > These instances are false positives. 4. Section 1.1: We changed > > > > this section title, as it did not match the contents of the > > > > section. If this update is incorrect, perhaps some text is > > > > missing? If so, please clarify "goal" vs. "goals". We have > > > > accepted the new section title, and also corrected an obsolete > > > > reference to statements that were previously > > > > “mentioned above” but now appear later in the document. Original: > > > > (As mentioned above, this all > > > > applies equally to the HTTPS RR, which shares the same encoding, > > > > format, and high-level semantics.) > > > > Current: > > > > (As discussed in <xref target="svcb-compatible"/>, this all > > > > applies > > > > equally to the HTTPS RR, which shares the same encoding, format, > > > > and > > > > high-level semantics.) 5. Please review the "type" attribute of > > > > each sourcecode element… > > > > We have added types and converted “artwork” tags to > > > > “sourcecode” as appropriate. 6. Section 2.4.2: As it appears that > > > > "multiple" means "multiple RRs" (as opposed to "multiple > > > > RRSets"), we updated this sentence accordingly. If this is > > > > incorrect, please provide clarifying text. > > > > We have adjusted this to “multiple AliasMode RRs”. 7. Section > > > > 4.2: Is resolution of unknown RR types the only type of normal > > > > response construction, or should "i.e." ("that is") be "e.g." > > > > ("for example") here? Yes. For clarity, we’ve removed this use of > > > > “i.e.” entirely. > > > > 8. Section 4.3: Does "even if the contents are invalid" refer to > > > > the "MUST" clause, the "MAY" clause, or both? > > > > It refers to the “MAY” clause. To improve clarity, we’ve > > > > restructured this sentence and the following one. > > > > Original: > > > > Recursive resolvers <bcp14>MUST</bcp14> be able to convey SVCB > > > > records > > > > with unrecognized SvcParamKeys, and <bcp14>MAY</bcp14> treat the > > > > entire SvcParams portion of the record as opaque, even if the > > > > contents > > > > are invalid. Alternatively, recursive resolvers > > > > <bcp14>MAY</bcp14> > > > > report an error such as SERVFAIL to avoid returning a > > > > SvcParamValue that is invalid according to the SvcParam's > > > > specification. > > > > Current: > > > > Recursive resolvers <bcp14>MUST</bcp14> be able to convey SVCB > > > > records > > > > with unrecognized SvcParamKeys. Resolvers > > > > <bcp14>MAY</bcp14> > > > > accomplish this by treating the entire SvcParams portion of the > > > > record > > > > as opaque, even if the contents are invalid. If a recognized > > > > SvcParamKey is followed by a value that is invalid according to > > > > the > > > > SvcParam's specification, a recursive resolver > > > > <bcp14>MAY</bcp14> > > > > report an error such as SERVFAIL instead of returning the record. > > > > 9. Section 7.2: Should "this SvcParam" be > > > > "this SvcParamValue" here? > > > > Yes. (Corrected.) 10. Section 9.1: Please clarify the meaning of > > > > "Following of". > > > > We’ve clarified by reformulating this sentence and including > > > > references to the relevant sections where the behavior is > > > > defined. > > > > Original: > > > > Following of HTTPS AliasMode RRs and CNAME aliases is unchanged > > > > from SVCB. > > > > Current: > > > > The procedure for following HTTPS AliasMode RRs > > > > and CNAME aliases is unchanged from SVCB (as described in > > > > <xref target="alias-mode"/> and <xref target="client- > > > > behavior"/>). 11. Should the instances of "9443" be "8443" here? > > > > No, this distinction is intentional. 12. Section 9.4 and Table 1: > > > > Does "ECH" refer to citations for draft-ietf-tls-esni and not to > > > > "Encrypted ClientHello" in general, or does it refer to some > > > > (unknown) future specification related to ECH (in which case the > > > > text should be clarified)? > > > > For clarity, we’ve replaced “ECH” here with that reference, and > > > > expanded the acronym where it appears in the IANA instructions. > > > > The assignment is currently captured in draft-sbn-tls-svcb-ech- > > > > 00, which was extracted from this document. The TLS WG has > > > > adopted that document, and will need to decide whether to fold it > > > > into draft-ietf-tls-esni or advance it separately. > > > > 13. Section 9.6: Should 'HTTP URL' be '"http" URL'? … Also, we > > > > could not find any instances of > > > > "requestURL" in [WebSocket], any other published RFC, or > > > > [FETCH]. > > > > We’ve replaced ‘HTTP URL” with the formal term defined in RFC > > > > 9110: “HTTP-related URI scheme”. > > > > Since we wrote this text, WHATWG has moved the definition of > > > > “requestURL” to a new document. We’ve fixed the problem by adding > > > > that reference here. > > > > Original: > > > > All HTTP connections to named origins are eligible to use HTTPS > > > > RRs, > > > > even when HTTP is used as part of another protocol or without an > > > > explicit HTTP URL. For example, clients that support HTTPS RRs > > > > and > > > > implement the altered WebSocket <xref target="RFC6455"/> opening > > > > handshake from the W3C Fetch specification <xref target="FETCH"/> > > > > <bcp14>SHOULD</bcp14> use HTTPS RRs for the > > > > <tt>requestURL</tt>. > > > > Current: > > > > All HTTP connections to named origins are eligible to use HTTPS > > > > RRs, > > > > even when HTTP is used as part of another protocol or without an > > > > explicit HTTP-related URI scheme (<relref target="RFC9110" > > > > section="4.2"/>). For example, clients that support HTTPS RRs and > > > > implement <xref target="RFC6455"/> using the altered opening > > > > handshake > > > > from <xref target="FETCH-WEBSOCKETS"/> > > > > <bcp14>SHOULD</bcp14> use HTTPS RRs for the > > > > <tt>requestURL</tt>. 14. Section 10.3: We had trouble following > > > > "various interpretations of RFCs" in the first sentence… We’ve > > > > replaced this vague statement by a reference to the BIND > > > > documentation for the behavior in question. > > > > Original: > > > > Note that some implementations may not allow A or AAAA records on > > > > names starting with an underscore due to various > > > > interpretations of RFCs. > > > > This could be an operational issue when the TargetName contains > > > > an > > > > Attrleaf label, as well as using a TargetName of "." when the > > > > owner name contains an Attrleaf label. > > > > Current: > > > > Some authoritative DNS servers may not allow A or AAAA records on > > > > names starting with an underscore (e.g., <xref > > > > target="BIND-CHECK-NAMES"/>). > > > > This could create an operational issue when the TargetName > > > > contains an > > > > Attrleaf label, or when using a TargetName of "." if the owner > > > > name contains an Attrleaf label. > > > > 15. Section 11: We do not see the word > > > > "stapling" or "staple" in RFC 6066. Please confirm that this > > > > citation will be clear to readers. > > > > We’ve adjusted this sentence to expand “OCSP” and mention > > > > “Certificate Status Request”, which is the formal name from RFC > > > > 6066. > > > > (We’ve preserved the term “stapling” because it is much more > > > > widely > > > > understood and commonly used than the formal name.) Original: > > > > Server operators implementing this standard > > > > <bcp14>SHOULD</bcp14> also > > > > implement TLS 1.3 <xref target="RFC8446"/> and Online Certificate > > > > Status Protocol (OCSP) Stapling <xref target="RFC6066"/>, both of > > > > which confer substantial performance and > > > > privacy benefits when used in combination with SVCB records. > > > > Current: > > > > Server operators implementing this standard > > > > <bcp14>SHOULD</bcp14> also > > > > implement TLS 1.3 <xref target="RFC8446"/> and Online Certificate > > > > Status Protocol (OCSP) Stapling (i.e., Certificate Status Request > > > > in > > > > <xref target="RFC6066" section="8" sectionFormat="of"/>), both of > > > > which confer substantial performance and privacy benefits when > > > > used in > > > > combination with SVCB records.</t> 16. Section 12: "unintended > > > > access" reads oddly here. If the suggested text is not correct, > > > > should the word "unintended" be removed? > > > > We’ve rephrased this in a way that avoids the word > > > > “unintended” and improves specificity. > > > > Original: > > > > If the attacker can influence the > > > > client's payload (e.g., TLS session ticket contents) and an > > > > internal > > > > service has a sufficiently lax parser, it's possible that the > > > > attacker > > > > could gain unintended access. > > > > Current: > > > > If the attacker can influence the > > > > client's payload (e.g., TLS session ticket contents) and an > > > > internal > > > > service has a sufficiently lax parser, the attacker could gain > > > > access > > > > to the internal service. 17. FYI, we have changed two instances > > > > of > > > > "Service Binding" to "service binding" because it written in > > > > lowercase where used generally in this document. We will ask > > > > IANA… > > > > We’ve changed the description in the IANA instructions to use the > > > > more precise term “SVCB-compatible” instead. (The original IANA > > > > instructions may predate this term.) 18. The following ACTION > > > > text indicates that the > > > > "Service Parameter Keys (SvcParamKeys)" registry should appear on > > > > the "Domain Name System (DNS) Parameters" page. However, the > > > > registry appears on a page under the heading > > > > "DNS Service Bindings (SVCB)" > > > > This disparity may have occurred because IANA reorganized their > > > > website after the original instructions were written. The current > > > > location of the registry correctly reflects the authors’ intent, > > > > and we have updated the draft to describe the new location. > > > > 19. Because the IANA registry does not include a > > > > "Meaning" column, we have updated the text as shown below. Please > > > > let us know if any updates are required. > > > > This change is correct. 20. Appendix A: Because Section 3.3 of > > > > RFC 1035 says "<character-string> is treated as binary > > > > information, and can be up to 256 characters in length > > > > (including the length octet)", we updated this sentence to > > > > clarify the meaning of "same as". If this is incorrect, please > > > > provide text that clarifies the meaning of "same as". > > > > This change is not correct. We have adjusted the text to provide > > > > a clearer distinction between “<character-string>” > > > > (which is binary) and the textual representation used to generate > > > > it. > > > > Original: > > > > DNS zone files are capable of representing arbitrary octet > > > > sequences > > > > in basic ASCII text, using various delimiters and > > > > encodings. The > > > > algorithm for decoding these character strings is defined in > > > > <xref section="5.1" sectionFormat="of" target="RFC1035"/>. > > > > Current: > > > > DNS zone files are capable of representing arbitrary octet > > > > sequences > > > > in basic ASCII text, using various delimiters and > > > > encodings, according > > > > to an algorithm defined in <xref section="5.1" sectionFormat="of" > > > > target="RFC1035"/>. Original: > > > > In this document, this algorithm is referred to as > > > > "character-string decoding". > > > > The algorithm is the same as the guideline for > > > > <tt><character-string></tt> provided in <xref > > > > target="RFC1035" sectionFormat="of" section="3.3"/>, except that > > > > in this document the output length is not limited to 255 octets. > > > > Current: > > > > In this document, this algorithm is referred to as > > > > "character-string > > > > decoding", because it is used to produce a > > > > <tt><character-string></tt> in <xref target="RFC1035" > > > > sectionFormat="of" section="5.1"/>. Note that while the length of > > > > a > > > > <tt><character-string></tt> is limited to 255 octets, the > > > > character-string decoding algorithm can produce output of any > > > > length.</t> 21. Appendix C.4: We changed "the authoritative" at > > > > the end of this sentence to "the authoritative DNS server". > > > > This change is correct. 22. Appendix D.2: Do "target (root > > > > label)" and > > > > "target, root label" mean the same thing? If yes, should they > > > > both be expressed in the same way (i.e., either parentheses or > > > > comma)? Also, should "length: 2 bytes" be > > > > "length 2", per the format of all other "# length" and "; length" > > > > entries? > > > > Yes, these carry the same meaning. We have incorporated these > > > > changes to improve consistency. > > > > 23. The example.comline in Figure 8 extends beyond the 72- > > > > character limit. > > > > 24. Figure 8: The "example.com." line is too long… > > > > We have adjusted this figure as suggested to fit within the 72- > > > > character limit. 25. Figures 14 and 15: Should "mandatory" be > > > > written in the same way in both titles (i.e., either lowercase > > > > and quoted or initial-capitalized and unquoted)? No. In one case, > > > > it refers to an item that must be present; in the other it refers > > > > to the literal 9-character sequence “mandatory”. 26. > > > > "Acknowledgments and Related Proposals" reads oddly, in that the > > > > two ideas seem unrelated. "... proposed solutions ...challenge > > > > proposed" reads oddly as well. May we make a new Section 15 > > > > ("Related Proposals") … > > > > ? > > > > We’ve reformulated this paragraph to make clear that the related > > > > proposals are mentioned by way of acknowledgement and gratitude. > > > > 27. Please review the "Inclusive Language" portion of the online > > > > Style Guide … > > > > We have reviewed this guidance but did not find any changes that > > > > could be made on this basis. > > > > 28. Please let us know if any changes are needed for the > > > > following [capitalization consistency issues] We have attempted > > > > to correct these issues to improve consistency. In the case of > > > > ALPN, we have clarified some uses as “ALPN protocol” or “ALPN > > > > ID”. > > > > ------------ > > > > Additionally, we made several edits in response to a late- > > > > arriving review from the DNS Directorate, as Warren indicated. > > > > These are highlighted below, in no particular order. > > > > # Positive and negative DNSSEC (Section 4.1) > > > > Original: > > > > If the zone is signed, the server SHOULD also include positive or > > > > negative DNSSEC responses for these records in the Additional > > > > section. > > > > Current: > > > > If the zone is signed, the server SHOULD also include DNSSEC > > > > records > > > > authenticating the existence or nonexistence of these records in > > > > the > > > > Additional section. > > > > # Use of “origin” for concepts other than HTTP origins > > > > - In 1.1, “an origin within the DNS” => “a service identified by > > > > a domain name” > > > > - In 3.1, “origin’s SVCB record” => “service’s SVCB record” > > > > - In 7.3, “origin hostname” => “service name” > > > > - In 9.3, “origin endpoint” => “authority endpoint” > > > > - In 12, “origin” => “authoritative server” > > > > # Use of “delegation” outside the sense of DNS zone delegation > > > > - In 1, “delegating the origin” => “aliasing the origin” > > > > - In 1.1, “delegation of operational authority for an origin > > > > within > > > > the DNS to an alternate name.” => “extending operational > > > > authority for > > > > a service identified by a domain name to other instances with > > > > alternate names.” (overlap with previous set) > > > > - In 1.1, “apex delegation” => “apex aliasing” > > > > - In 3.2, “It allows the service to delegate the apex domain.” => > > > > “It allows a service on an apex domain to use aliasing.” > > > > - In Figure 1 (caption), “Is Delegated to” => “Is Available At” > > > > # Inconsistency of terms for list and sorting in Section 3 > > > > - “enumerating the priority-ordered endpoints” => > > > > “enumerating and ordering the available endpoints” > > > > - Addition of “Sort the records by ascending SvcPriority.” to > > > > step 4. > > > > - “known endpoints” => “available endpoints” > > > > - “priority list” => “list of endpoints” > > > > - “the resolved list” => “this list” > > > > # Vague performance statements > > > > In 2.4.2, removed “which would likely improve performance” > > > > # No such thing as empty RRset > > > > Original: > > > > If the SVCB RRset contains no compatible RRs, the client will > > > > generally act as if the RRset is empty. > > > > Current: > > > > Incompatible RRs are ignored (see step 5 of the procedure defined > > > > in <xref target="client-behavior"/>). > > > > ------------ > > > > Finally, with regard to the changes from our previous e- mail: > > > > The attached file incorporates your proposed changes. We have > > > > made one adjustment, where <tt> was already being used around a > > > > hostname which is now quoted. The > > > > combination is probably not necessary; for consistency, we can > > > > align on quotes. > > > > Original: > > > > When using the generic SVCB RR type with aliasing, zone owners > > > > <bcp14>SHOULD</bcp14> choose alias target names that indicate the > > > > scheme in use (e.g., <tt>"foosvc.example.net"</tt> for > > > > <tt>"foo://"</tt> schemes). This will help to avoid confusion > > > > when > > > > another scheme needs to be added to the configuration. When > > > > multiple > > > > port numbers are in use, it may be helpful to repeat the prefix > > > > labels in the alias target name (e.g., > > > > <tt>"_1234._foo.svc.example.net"</tt>). Current: > > > > When using the generic SVCB RR type with aliasing, zone owners > > > > <bcp14>SHOULD</bcp14> choose alias target names that indicate the > > > > scheme in use (e.g., "foosvc.example.net" for "foo" schemes). > > > > This > > > > will help to avoid confusion when another scheme needs to be > > > > added to > > > > the configuration. When multiple port numbers are in use, it may > > > > be > > > > helpful to repeat the prefix labels in the alias target name > > > > (e.g., "_1234._foo.svc.example.net"). We have also removed the > > > > “://”, which is not properly part of the scheme. -----Original > > > > Message----- > > > > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Friday, > > > > September 22, 2023 2:39 PM > > > > To: Mike Bishop > > > > <mbishop@evequefou.be>;ietf@bemasc.net;erik+ietf@nygren.org > > > > Cc: rfc-editor@rfc-editor.org;dnsop-ads@ietf.org;dnsop- > > > > chairs@ietf.org;tjw.ietf@gmail.com; > > > > auth48archive@rfc-editor.org > > > > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop- svcb- > > > > https-12> > > > > for your review Hi, Mike and coauthors. > > > > Mike, apologies for our confusion with the emails > > > > yesterday. We have updated this document per your notes below. > > > > Please see our "[rfced]" notes inline. Also, apologies for an > > > > issue regarding an update to Section 14.4. The updated section is > > > > now correct. We also removed a duplicate question regarding > > > > Figure 8. > > > > The latest files are posted here. Please refresh your browser to > > > > view the latest updates and the updated list of questions: > > > > https://www.rfc-editor.org/authors/rfc9460.txt > > > > https://www.rfc-editor.org/authors/rfc9460.pdf > > > > https://www.rfc-editor.org/authors/rfc9460.html > > > > https://www.rfc-editor.org/authors/rfc9460.xml > > > > https://www.rfc-editor.org/authors/rfc9460- > > > > diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > auth48diff.html > > > > https://www.rfc-editor.org/authors/rfc9460-alt- > > > > diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > xmldiff1.htmlhttps://www.rfc-editor.org/authors/rfc9460- > > > > xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- > > > > diff.htmlThank you, and again, apologies for our confusion. RFC > > > > Editor/lb > > > > On Sep 20, 2023, at 1:33 PM, Mike Bishop > > > > <mbishop@evequefou.be> wrote: > > > > A couple points from the copy-edits I wanted to discuss as we go > > > > through these…. > > > > Under SVC Query Names, I see this change: > > > > Original: When querying the SVCB RR, a service is translated into > > > > a QNAME by > > > > prepending the service name with a label indicating the scheme, > > > > prefixed with an underscore, resulting in a domain name like > > > > "_examplescheme.api.example.com.". > > > > Current: When querying the SVCB RR, a service is translated into > > > > a QNAME by > > > > prepending the service name with a label indicating the scheme, > > > > prefixed with an underscore, resulting in a domain name like > > > > "_examplescheme.api.example.com." > > > > In this instance, however, the literal domain name ends with a > > > > period. Given the general rule in American English that the > > > > period goes inside the quotation marks and not outside, the > > > > absence of the explicit exterior period might cause some readers > > > > to apply that rule and not expect the actual domain name to > > > > contain the trailing dot; hence the separate period in the > > > > original. > > > > Could we revert this change, or is there a different way we could > > > > word this to avoid any confusion? > > > > [rfced] Reverted. Thank you for the explanation. Under AliasMode, > > > > quotes were added to offset > > > > “https://example.com ”, but similar quotes were not added around > > > > “foo://example.com:8080”. Should all URIs be quoted, if this one > > > > is? [rfced] We added quotes to URIs listed in text. Please review > > > > and let us know if any of the new quotes are incorrect (e.g., we > > > > added quotes for 'owner of > > > > "example.com"' because we found 'the operator of > > > > "https://example.com "', but is this update correct?). Regarding > > > > the hyphenation of “SVCB-optional” and “SVCB- reliant”: Original: > > > > A client is called "SVCB-optional" if it can connect without the > > > > use > > > > of ServiceMode records, and "SVCB-reliant" otherwise. Current: A > > > > client is called "SVCB optional" if it can connect without the > > > > use > > > > of ServiceMode records; otherwise, it is called "SVCB reliant". > > > > These terms are used primarily as adjectives before a noun (and > > > > therefore hyphenated) and in a few instances with a verb in > > > > between. It seems unclear not to > > > > hyphenate the definition of the terms when that’s > > > > primarily how they’re used, for ease of searching. For > > > > uniformity, could we hyphenate these terms throughout? If I > > > > understand the rule correctly, a compound adjective is > > > > *generally* not hyphenated when not before a noun, but some are. > > > > (The same applies to “SVCB-compatible” later.) [rfced] We > > > > restored the hyphens. > > > > Updated list of questions: > > > > 1) <!-- [rfced] We expanded "RR" in the document title. Please > > > > let us know any objections. > > > > Original: > > > > Service binding and parameter specification via the DNS > > > > (DNS SVCB and > > > > HTTPS RRs) > > > > Currently: > > > > Service Binding and Parameter Specification via the DNS > > > > (DNS SVCB and > > > > HTTPS Resource Records (RRs)) --> > > > > 2) <!-- [rfced] Please insert any keywords (beyond those that > > > > appear > > > > in the > > > > title) for use on <https://www.rfc-editor.org/search >. --> > > > > 3) <!-- [rfced] Datatracker "idnits" output for the original > > > > approved document included the following warning. Please let us > > > > know if any changes are needed as related to this warning: > > > > == There are 2 instances of lines with non-RFC2606- compliant > > > > FQDNs in the > > > > document. --> > > > > 4) <!-- [rfced] Section 1.1: We changed this section title, as it > > > > did not match the contents of the section. If this update is > > > > incorrect, perhaps some text is missing? If so, please clarify > > > > "goal" vs. > > > > "goals". > > > > Original (excerpts from this section are included for context): > > > > 1.1. Goals of the SVCB RR > > > > The goal of the SVCB RR is to allow clients to resolve a single > > > > additional DNS RR in a way that: > > > > ... > > > > Additional goals specific to HTTPS RRs and the HTTP use- cases > > > > include: > > > > Currently: > > > > 1.1. Goals --> > > > > 5) <!-- [rfced] Please review the "type" attribute of each > > > > sourcecode element in the XML file to ensure correctness. If the > > > > current list of preferred values for "type" > > > > (https://www.rfc-editor.org/materials/sourcecode-types.txt > > > > ) does not contain an applicable type, please let us know. Also, > > > > it is acceptable to leave the "type" attribute not set. > > > > In addition, review each artwork element. Specifically, should > > > > any artwork element be tagged as sourcecode (e.g., > > > > "dns-rr", "pseudocode", or "test-vectors" for some or all of the > > > > figures in the appendices)? --> > > > > 6) <!-- [rfced] Section 2.4.2: As it appears that > > > > "multiple" means "multiple RRs" (as opposed to "multiple > > > > RRSets"), we updated this sentence accordingly. If this is > > > > incorrect, please provide clarifying text. > > > > Original (the previous sentence is included for context): In > > > > AliasMode, the SVCB record aliases a service to a TargetName. > > > > SVCB RRSets SHOULD only have a single resource record in > > > > AliasMode. > > > > If multiple are present, clients or recursive resolvers SHOULD > > > > pick one at random. > > > > Currently: > > > > If multiple > > > > RRs are present, clients or recursive resolvers SHOULD pick one > > > > at random. --> > > > > 7) <!-- [rfced] Section 4.2: Is resolution of unknown RR types > > > > the only type of normal response construction, or should "i.e." > > > > ("that is") be "e.g." ("for example") here? Original: > > > > Whether the recursive resolver is aware of SVCB or not, the > > > > normal > > > > response construction process (i.e. unknown RR type resolution > > > > under > > > > [RFC3597]) generates the Answer section of the response. > > > > --> > > > > 8) <!-- [rfced] Section 4.3: Does "even if the contents are > > > > invalid" > > > > refer to the "MUST" clause, the "MAY" clause, or both? Original: > > > > Recursive resolvers MUST be able to convey SVCB records with > > > > unrecognized SvcParamKeys, and MAY treat the entire SvcParams > > > > portion of the record as opaque, even if the contents are > > > > invalid. > > > > (A) Perhaps (both): > > > > Recursive resolvers MUST be able to convey SVCB records with > > > > unrecognized SvcParamKeys and MAY treat the entire SvcParams > > > > portion of the record as opaque, even if the contents are > > > > invalid. > > > > (B) Or possibly (only the "MAY" clause): Recursive resolvers MUST > > > > be able to convey SVCB records with unrecognized SvcParamKeys, > > > > and the resolvers MAY treat the entire SvcParams portion of the > > > > record as opaque even if the contents are invalid. > > > > (C) Or to be specific (instead of rely only on the comma): > > > > Recursive resolvers MUST be able to convey SVCB records with > > > > unrecognized SvcParamKeys, and the resolvers MAY treat the entire > > > > SvcParams portion of the record as opaque even if the contents > > > > (of that portion) are invalid. --> > > > > 9) <!-- [rfced] Section 7.2: Should "this SvcParam" be > > > > "this > > > > SvcParamValue" here? We ask because we see two instances of > > > > "SvcParamValue MUST NOT contain escape sequences" later in this > > > > document. > > > > Original: > > > > To enable simpler parsing, this SvcParam MUST NOT contain escape > > > > sequences. --> > > > > 10) <!-- [rfced] Section 9.1: Please clarify the meaning of > > > > "Following of". > > > > Original: > > > > Following of HTTPS AliasMode RRs and CNAME aliases is unchanged > > > > from > > > > SVCB. --> > > > > 11) <!--[rfced] Should the instances of "9443" be "8443" here? > > > > Original: > > > > Alt-Svc: h2="alt.example:443", > > > > h2="alt2.example:443", h3=":8443" The > > > > client would retrieve the following HTTPS records: alt.example. > > > > IN HTTPS 1 . alpn=h2,h3 foo=... > > > > alt2.example. IN HTTPS 1 > > > > alt2b.example. alpn=h3 foo=... > > > > _8443._https.example.com. IN HTTPS > > > > 1 alt3.example. ( > > > > port=9443 alpn=h2,h3 foo=... ) > > > > [...] > > > > * > > > > HTTP/3 to alt3.example:9443 --> > > > > 12) <!-- [rfced] Section 9.4 and Table 1: Does "ECH" refer to > > > > citations for draft-ietf-tls-esni and not to "Encrypted > > > > ClientHello" > > > > in general, or does it refer to some (unknown) future > > > > specification > > > > related to ECH (in which case the text should be > > > > clarified)? > > > > Please note that we could not find any indication in draft-ietf- > > > > tls-esni that the parameter in question will be reserved > > > > for it. > > > > Original: > > > > Clients MUST NOT use an HTTPS RR response unless the client > > > > supports > > > > TLS Server Name Indication (SNI) and indicates the origin name in > > > > the > > > > TLS ClientHello (which might be encrypted via a future > > > > specification > > > > such as ECH). > > > > ... > > > > | 5 | ech | RESERVED |N/A > > > > |IETF | > > > > | | | (will be | | > > > > | > > > > | | | used for | | > > > > | > > > > | | | ECH) | | > > > > | --> > > > > 13) <!-- [rfced] Section 9.6: > > > > Should 'HTTP URL' be '"http" URL'? We ask because we do not see > > > > 'HTTP URL' used anywhere else in this document or in this cluster > > > > of > > > > documents (https://www.rfc- > > > > editor.org/cluster_info.php?cid=C461 ). > > > > Also, we could not find any instances of "requestURL" in > > > > [WebSocket], > > > > any other published RFC, or [FETCH]. However, we see > > > > "Request-URI" > > > > in [WebSocket]. Will the use of "requestURL" be clear to readers? > > > > Original: > > > > All HTTP connections to named origins are eligible to use HTTPS > > > > RRs, > > > > even when HTTP is used as part of another protocol or without an > > > > explicit HTTP URL. For example, clients that support HTTPS RRs > > > > and > > > > implement the altered WebSocket [WebSocket] opening handshake > > > > from the > > > > W3C Fetch specification [FETCH] SHOULD use HTTPS RRs for the > > > > requestURL. --> > > > > 14) <!-- [rfced] Section 10.3: We had trouble following > > > > "various > > > > interpretations of RFCs" in the first sentence, as it appears to > > > > indicate that the RFCs themselves are being interpreted. Also, > > > > the > > > > second sentence does not parse. Would the "Perhaps" text below be > > > > helpful? If not, please provide clarifying text. > > > > Original ("an TargetName" has been fixed): Note that some > > > > implementations may not allow A or AAAA records on > > > > names starting with an underscore due to various > > > > interpretations of > > > > RFCs. This could be an operational issue when the TargetName > > > > contains > > > > an attrleaf label, as well as using an TargetName of "." when the > > > > owner name contains an attrleaf label. > > > > Perhaps: > > > > Note that some implementations may not allow A or AAAA records on > > > > names that start with an underscore, due to various > > > > interpretations in > > > > other RFCs. This could be an operational issue when the > > > > TargetName > > > > contains an Attrleaf label, as well as when a TargetName of "." > > > > is > > > > used when the owner name contains an Attrleaf label. --> 15) <!-- > > > > [rfced] Section 11: We do not see the word > > > > "stapling" or > > > > "staple" in RFC 6066. Please confirm that this citation will be > > > > clear > > > > to readers. > > > > Original: > > > > Server operators implementing this standard SHOULD also implement > > > > TLS > > > > 1.3 [RFC8446] and OCSP Stapling [RFC6066], both of which confer > > > > substantial performance and privacy benefits when used in > > > > combination > > > > with SVCB records. --> > > > > 16) <!-- [rfced] Section 12: "unintended access" reads oddly > > > > here. > > > > If the suggested text is not correct, should the word > > > > "unintended" > > > > be removed? Please provide alternative text if you'd like to > > > > rephrase. > > > > Original: > > > > If the attacker can influence the client's payload (e.g. TLS > > > > session ticket contents), and an internal service has a > > > > sufficiently lax parser, it's possible that the attacker could > > > > gain > > > > unintended access. > > > > Suggested: > > > > If the attacker can influence the client's payload (e.g., TLS > > > > session > > > > ticket contents) and an internal service has a > > > > sufficiently lax > > > > parser, it's possible that, as an unintended consequence, the > > > > attacker > > > > could gain access. --> > > > > 17) <!-- [rfced] FYI, we have changed two instances of > > > > "Service Binding" > > > > to "service binding" because it written in lowercase where used > > > > generally in this document. We will ask IANA to update > > > > <https://www.iana.org/assignments/dns-parameters/ > accordingly, > > > > unless you let us know you prefer otherwise. Original: > > > > * Meaning: General Purpose Service Binding Current: Meaning: > > > > General-purpose service binding > > > > Original: > > > > * Meaning: Service Binding type for use with HTTP Current: > > > > Meaning: Service binding type for use with HTTP > > > > --> > > > > 18) <!-- [rfced] The following ACTION text indicates that the > > > > "Service Parameter Keys (SvcParamKeys)" registry should appear on > > > > the > > > > "Domain Name System (DNS) Parameters" page. However, the registry > > > > appears on a page under the heading "DNS Service Bindings > > > > (SVCB)" > > > > (see https://www.iana.org/assignments/dns-svcb/ ). Please review > > > > and > > > > let us know if the location of the "DNS Service Bindings > > > > (SVCB)" > > > > registry is correct. > > > > Original: > > > > ACTION: create this registry, on a new page entitled "DNS Service > > > > Bindings (SVCB)" under the "Domain Name System (DNS) Parameters" > > > > category. --> > > > > 19) <!-- [rfced] Section 14.4: Because the "Underscored and > > > > Globally Scoped DNS Node Names" IANA registry does not include a > > > > "Meaning" > > > > column, we have updated the table as shown below. Please let us > > > > know > > > > if any other updates are required. > > > > Original (to avoid the issue of double dashes and XML comments, > > > > the > > > > bottom line of the table is not included): > > > > Per [Attrleaf], please add the following entry to the DNS > > > > Underscore > > > > Global Scoped Entry Registry: > > > > +=========+============+=================+=================+ > > > > | RR TYPE | _NODE NAME | Meaning | Reference > > > > | > > > > +=========+============+=================+=================+ > > > > | HTTPS | _https | HTTPS SVCB info | (This > > > > document) | > > > > Table 2 > > > > Currently: > > > > Per [Attrleaf], the following entry has been added to the DNS > > > > "Underscored and Globally Scoped DNS Node Names" registry: > > > > +=========+============+===========+ > > > > | RR Type | _NODE NAME | Reference | > > > > +=========+============+===========+ > > > > | HTTPS | _https | RFC 9460 | > > > > Table 2 --> > > > > 20) <!-- [rfced] Appendix A: Because Section 3.3 of RFC 1035 says > > > > "<character-string> is treated as binary information, and can be > > > > up to > > > > 256 characters in length (including the length octet)", we > > > > updated > > > > this sentence to clarify the meaning of "same as". If this is > > > > incorrect, please provide text that clarifies the meaning > > > > of "same as". > > > > Original: > > > > The algorithm is the same as used by > > > > <character-string> in RFC 1035, although the output length in > > > > this > > > > document is not limited to 255 octets. > > > > Currently: > > > > The algorithm is the same as the > > > > guideline for <character-string> in [RFC1035], except that in > > > > this > > > > document the output length is not limited to 255 octets. > > > > --> > > > > 21) <!-- [rfced] Appendix C.4: We changed "the authoritative" at > > > > the end of this sentence to "the authoritative DNS server". If > > > > this > > > > is incorrect, please clarify the meaning of "the authoritative". > > > > Original: > > > > Recursive resolvers that implement the specification would, upon > > > > receipt of a ServiceMode query, emit both a ServiceMode and an > > > > AliasMode query to the authoritative. > > > > Currently: > > > > Recursive resolvers that implement the specification would, upon > > > > receipt of a ServiceMode query, emit both a ServiceMode query and > > > > an > > > > AliasMode query to the authoritative DNS server. --> 22) <!-- > > > > [rfced] Appendix D.2: Do "target (root label)" and > > > > "target, root label" mean the same thing? If yes, should they > > > > both be > > > > expressed in the same way (i.e., either parentheses or comma)? > > > > Also, should "length: 2 bytes" be "length 2", per the format of > > > > all > > > > other "# length" and "; length" entries? Original: > > > > 00 ; target (root label) > > > > ... > > > > \x00 # target, root label > > > > ... > > > > \x00\x02 # length: 2 bytes > > > > ... > > > > \x00\x05 # length 5 > > > > ... > > > > \x00\x09 # length 9 > > > > ... > > > > \x00\x20 # length 32 > > > > ... > > > > \x00\x10 # length 16 --> > > > > 23) <!-- [rfced] Figure 8: The "example.com." line is too long > > > > and > > > > yields the following warning: > > > > Warning: Too long line found (L2319), 4 characters longer than 72 > > > > characters: > > > > example.com. SVCB 1example.com. > > > > ipv6hint="2001:db8:122:344::192.0.2.33" > > > > We see a similar type of line at the top of Figure 7, although > > > > that > > > > line uses parentheses before and after the line break around > > > > "ipv6hint". Would it be syntactically correct to format this line > > > > (i.e., with parentheses and line breaks) per Figure 7? Original: > > > > example.com. SVCB 1example.com. > > > > ipv6hint="2001:db8:122:344::192.0.2.33" > > > > Possibly: > > > > example.com. SVCB 1example.com. ( > > > > ipv6hint="2001:db8:122:344::192.0.2.33" > > > > ) --> > > > > 24) <!-- [rfced] Figures 14 and 15: Should "mandatory" be written > > > > in the same way in both titles (i.e., either lowercase and quoted > > > > or > > > > initial-capitalized and unquoted)? > > > > Original: > > > > Figure 14: A mandatory SvcParam is missing ... > > > > Figure 15: The "mandatory" S
- [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-dnsop… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Warren Kumari
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Tim Wicinski
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- [auth48] [IANA] Re: AUTH48: RFC-to-be 9460 <draft… Lynne Bartholomew
- [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Erik Nygren
- [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUT… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Warren Kumari
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Mike Bishop
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Erik Nygren
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- [auth48] * [IANA] **[AD] Re: AUTH48: RFC-to-be 94… Lynne Bartholomew
- Re: [auth48] * [IANA] **[AD] Re: AUTH48: RFC-to-b… Ben Schwartz
- [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Lynne Bartholomew
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Rob Wilton (rwilton)
- [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUT… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Warren Kumari
- Re: [auth48] *[AD] Re: AUTH48: RFC-to-be 9460 <dr… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop