Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review
Warren Kumari <warren@kumari.net> Sat, 21 October 2023 19:48 UTC
Return-Path: <warren@kumari.net>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 233F8C14CE55 for <auth48archive@ietfa.amsl.com>; Sat, 21 Oct 2023 12:48:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jBtoTGylPKho for <auth48archive@ietfa.amsl.com>; Sat, 21 Oct 2023 12:48:46 -0700 (PDT)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0104C14CE2F for <auth48archive@rfc-editor.org>; Sat, 21 Oct 2023 12:48:46 -0700 (PDT)
Received: by mail-qt1-x82b.google.com with SMTP id d75a77b69052e-41cc0e9d92aso12845391cf.3 for <auth48archive@rfc-editor.org>; Sat, 21 Oct 2023 12:48:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; t=1697917725; x=1698522525; darn=rfc-editor.org; h=cc:to:subject:message-id:date:references:in-reply-to:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=VWQAQhkQ/BMkk3Y6iP96P2gNdyfYXLGAfriySA1OPE8=; b=gLaV3/gKxz1p985IezV1J8+shKnaY019IrVMt6DhAJwDibHM5hb7Fl5VSatbtqX97x Z5iIL3KqE4GDLAZ4gnfOtXkQbJIZ/aGxvHWTRALKsOuSzeuB9bNaeZ7DNbC5JHQok2TM OOhQATIyh766t0pc02ejlvxvZoWQVa6QgH9KY9PEY5N/oieRaBNiXxQeSJ4oPDOTqL+a SVGXA0aIt+jG+BtpdPFGJ2oWiTeAJOqvsUliDEX1MMyw9f93VUYD7uTgjrSIF1rfS3Rc HoNpLw+fp6oGoGYIyfo+qts7lT06MJb76WyPNIV5TydrMAhIaFyzZJNABDQjmEvD97kN kMNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697917725; x=1698522525; h=cc:to:subject:message-id:date:references:in-reply-to:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VWQAQhkQ/BMkk3Y6iP96P2gNdyfYXLGAfriySA1OPE8=; b=NK67NPUfzO4T7TPqDEwi5pPzzKhtMhgQV++YTKsBeyOacZ28K/wmOY7Wo4n1yGpUYs 1lKQ5ZougIoTmDv5fB1netQLQUs5H1b3qoZNE3RS1ncr3t/cvdOK+fbZsv4wXuzJb/EL bVLG/HlvA7jXw0pTZjzfRRvJgQ9DMSIlfJvYNXW190scJIKpP6CNvT1deNTAX9pmt9+r pNqtWAXY9X2s6mDSKs2JK6zQZwC7/11jV23LF6KT2jMp39s7V9KdDal9RCRGguzffnIg d8N4ryZswnoTBXnJJZFifqFVCedfQzQNO3Kuu0Dj22tf088U7nKIgkSdm3g3TcVKPNdc DmIw==
X-Gm-Message-State: AOJu0Yxf5Dt99rHwrrdLjZb8b1/vjHgGZCPxGnK7t6Y7stVx9W6nrjmT ncp0CZxCwwQzp90pGg80pwzNjNSEMDirAqmVcmkbbQ==
X-Google-Smtp-Source: AGHT+IHgSVsjuAH4/K1wr/30UDVs48VLh4NgmBWC9zHlKMA+VOvjIsAiOtB35AI9O1F2Kfz7Elsifk16KsnvIwAEsmY=
X-Received: by 2002:ac8:5f89:0:b0:41c:de9e:d1a8 with SMTP id j9-20020ac85f89000000b0041cde9ed1a8mr5002207qta.52.1697917724376; Sat, 21 Oct 2023 12:48:44 -0700 (PDT)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Sat, 21 Oct 2023 12:48:43 -0700
Mime-Version: 1.0
X-Superhuman-ID: lo0gd0a6.215a4eec-65df-43b8-8585-ddfda4b917fb
From: Warren Kumari <warren@kumari.net>
X-Mailer: Superhuman Desktop (2023-10-20T19:06:13Z)
X-Superhuman-Draft-ID: draft0091f7ca47367537
In-Reply-To: <308C5CF5-0BD2-4DFF-A574-873D0FC77B1D@amsl.com>
References: <RT-Ticket-1284364@icann.org> <20230909024843.23314E5EA7@rfcpa.amsl.com> <PH0PR22MB3102689F598B65A0549D2027DAF9A@PH0PR22MB3102.namprd22.prod.outlook.com> <E9C199B0-4A37-4D3E-862B-70C7ED633E9B@amsl.com> <PH0PR22MB3102283BB824AF4DB536E323DAC3A@PH0PR22MB3102.namprd22.prod.outlook.com> <PH0PR22MB3102698FDBC0D78EF2D8F89BDAD6A@PH0PR22MB3102.namprd22.prod.outlook.com> <A51365AB-9409-4C57-AE3C-2B8C060C59DB@amsl.com> <BN8PR15MB3281989B39E4F9A6958287B9B3D5A@BN8PR15MB3281.namprd15.prod.outlook.com> <B7B4736A-77C9-4F42-AA38-C19D9C0747CE@amsl.com> <42D5059B-1990-49BF-AFE8-714961EB043C@amsl.com> <rt-5.0.3-801080-1697760108-1453.1284364-9-0@icann.org> <CAKC-DJgBEXZfx2pBS2x75Mpx3oc-9nLY34b0dd6U+RCaX+qD3g@mail.gmail.com> <308C5CF5-0BD2-4DFF-A574-873D0FC77B1D@amsl.com>
Date: Sat, 21 Oct 2023 12:48:43 -0700
Message-ID: <CAHw9_iKt-+az=U-+roEs59B60+U3igxmY_m1y2bUeox-Ysv-Lg@mail.gmail.com>
To: Lynne Bartholomew <lbartholomew@amsl.com>
Cc: iana-matrix-comment@iana.org, Erik Nygren <nygren@gmail.com>, dnsop-ads@ietf.org, Rob Wilton <rwilton@cisco.com>, Tim Wicinski <tjw.ietf@gmail.com>, rfc-editor@rfc-editor.org, Mike Bishop <mbishop@evequefou.be>, ietf@bemasc.net, dnsop-chairs <dnsop-chairs@ietf.org>, Ben Schwartz <bemasc@meta.com>, auth48archive@rfc-editor.org
Content-Type: multipart/alternative; boundary="000000000000d1da8006083f4679"
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/EgjKNL6EDNQs7jpTmX4bRbwW_YY>
Subject: Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Oct 2023 19:48:53 -0000
On Fri, Oct 20, 2023 at 11:59 PM, Lynne Bartholomew <lbartholomew@amsl.com> wrote: > Hi, Amanda, Erik, and *AD (Warren or Rob). > > Amanda, thank you for making the updates! All looks good (but we're asking > the AD about the updated "ech" entry). > > Erik, thank you for your suggestion. > > * Warren or Rob, please see Erik's suggestion re. a reference for the > "ech" entry, and let us know if that suggested update in this document and > on <https://www.iana.org/assignments/dns-svcb> would be acceptable. > Please see <https://www.rfc-editor.org/authors/rfc9460.html#table-1> and > IANA's note below. > Erm, I think I got lost somewhere in the (many) levels of quoting… Doesn't that mean that the reference would be to a (currently in progress) draft? Is this OK? What if the draft significantly changes? W > Thanks again! > > RFC Editor/lb > > On Oct 19, 2023, at 5:09 PM, Erik Nygren <nygren@gmail.com> wrote: > > Another option for the reference for "ech" would be to > "draft-ietf-tls-svcb-ech-00" which is where that portion of the format > specification has moved to and where the TLS WG is working on it. > > Thanks, Erik > > On Thu, Oct 19, 2023 at 8:01 PM Amanda Baber via RT <iana-matrix-comment@ > iana.org> wrote: Hi, > > We've completed these changes, but need to make a note about the second > one: > > On Wed Oct 18 19:43:35 2023, lbartholomew@amsl.com wrote: > > Dear IANA, > > We are preparing this document for publication. > > Please make the following updates to the "Resource Record (RR) TYPEs" > registry on > <https://www.iana.org/assignments/dns-parameters/>: > > OLD: > General Purpose Service Binding > Service Binding type for use with HTTP > > NEW: > General-purpose service binding > SVCB-compatible type for use with HTTP > > This is complete: > > https://www.iana.org/assignments/dns-parameters > > = = = = = > > Please make the following update to the "Service Parameter Keys > (SvcParamKeys)" registry on > <https://www.iana.org/assignments/dns-svcb/>: > > OLD (column name): > Format Reference > > NEW: > Reference > > The Service Parameter Keys (SvcParamKeys) registry originally had the > "Format Reference" field populated by the document and a "Reference" field > added by IANA. Aside from the entry for "ech", which was filled in with > "N/A", the former contained either a more detailed version of IANA's > reference or the same reference. > > We've removed IANA's "Reference" field and changed the name of the "Format > Reference" field to "Reference," but we've also replaced "N/A" with > "[RFC-ietf-dnsop-svcb-https-12]" for "ech", so as to avoid leaving that > entry unreferenced: > > https://www.iana.org/assignments/dns-svcb > > thanks, > Amanda > > Thank you! > > RFC Editor/lb > > On Oct 18, 2023, at 12:31 PM, Lynne Bartholomew > <lbartholomew@amsl.com> wrote: > > Hi, Ben. Great; thanks! > > RFC Editor/lb > > On Oct 18, 2023, at 12:26 PM, Ben Schwartz <bemasc@meta.com> wrote: > > Correct. > > On Oct 18, 2023, at 11:26 AM, Lynne Bartholomew > <lbartholomew@amsl.com> wrote: > > Hi, Ben. > > Just to confirm -- 'replace the "Reference" column that IANA added' means > 'change IANA's "Format Reference" column heading to > "Reference"; correct? > > Thank you! > > RFC Editor/lb > > On Oct 18, 2023, at 11:17 AM, Ben Schwartz <bemasc@meta.com> wrote: > > That's correct. This will replace the "Reference" column that IANA added > for compliance with their usual processes. > > --Ben SchwartzFrom: Lynne Bartholomew <lbartholomew@amsl.com> Sent: > Wednesday, October 18, 2023 1:34 PM > To: Mike Bishop <mbishop@evequefou.be> > Cc: Erik Nygren <nygren@gmail.com>; Ben Schwartz > <bemasc@meta.com>; ietf@bemasc.net <ietf@bemasc.net>; rfc- editor@ > rfc-editor.org <rfc-editor@rfc-editor.org>; dnsop- ads@ietf.org < > dnsop-ads@ietf.org>; dnsop-chairs@ietf.org <dnsop- chairs@ietf.org>; tjw. > ietf@gmail.com <tjw.ietf@gmail.com>; auth48archive@rfc-editor.org < > auth48archive@rfc-editor.org> Subject: Re: AUTH48: RFC-to-be 9460 > <draft-ietf-dnsop-svcb-https- 12> for your review > !------------------------------------------------------------------- > | > This Message Is From an External Sender > > |------------------------------------------------------------------- > ! > > Hi, Mike. So noted: > > https://www.rfc-editor.org/auth48/rfc9460 > > Before we ask IANA to make updates per changes made to this document, we > first want to confirm that, per AUTH48 XML updates that you sent us on 26 > September, we also need to ask for the following change on <https://www. > iana.org/assignments/dns-svcb/ >: > > OLD (column name): > Format Reference > > NEW: > Reference > > Please let us know about the above. We will wait to hear from you before > proceeding. > > Thank you! > > RFC Editor/lb > > On Oct 17, 2023, at 12:52 PM, Mike Bishop <mbishop@evequefou.be> wrote: > > Approved -- thanks to everyone for their work on this. > > -----Original Message----- > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Monday, October 16, > 2023 11:30 AM > To: Erik Nygren <nygren@gmail.com> > Cc: Ben Schwartz <bemasc@meta.com>; Mike Bishop > <mbishop@evequefou.be>; ietf@bemasc.net; rfc-editor@rfc- editor.org; > dnsop-ads@ietf.org; dnsop-chairs@ietf.org; tjw.ietf@gmail.com; > auth48archive@rfc-editor.org > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https- 12> for > your review > > Hi, Erik. Thank you for confirming your approval! > > RFC Editor/lb > > On Oct 15, 2023, at 6:45 AM, Erik Nygren <nygren@gmail.com> wrote: > > I just looked at the latest and it looks good to me. > > Thanks! Erik > > On Fri, Oct 13, 2023 at 5:53 PM Lynne Bartholomew > <lbartholomew@amsl.com> wrote: > Hi, Erik, Ben, and Mike. > > Ben and Mike, we have made further updates to this document per your notes > below. > > The latest files are posted here (please refresh your browser): > > https://www.rfc-editor.org/authors/rfc9460.txt > https://www.rfc-editor.org/authors/rfc9460.pdf > https://www.rfc-editor.org/authors/rfc9460.html > https://www.rfc-editor.org/authors/rfc9460.xml > https://www.rfc-editor.org/authors/rfc9460-diff.html https://www. > rfc-editor.org/authors/rfc9460-rfcdiff.html https://www.rfc-editor.org/ > authors/rfc9460-auth48diff.html https://www.rfc-editor.org/authors/ > rfc9460-lastdiff.html https://www.rfc-editor.org/authors/ > rfc9460-lastrfcdiff.html > > https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html https://www. > rfc-editor.org/authors/rfc9460-xmldiff2.html https://www.rfc-editor.org/ > authors/rfc9460-alt-diff.html > > Erik and Ben, we have noted your approvals on the AUTH48 status page. > Please note, however, that if you object to any subsequent updates to this > document you will let us know: > > https://www.rfc-editor.org/auth48/rfc9460 > > Thank you! > > RFC Editor/lb > > On Oct 12, 2023, at 2:05 PM, Mike Bishop <mbishop@evequefou.be> wrote: > > I’ve finished my final read-through. These are minor issues, and > everything else looks fine. > > I caught a few uses of the first-person through the document. I suggest: > > • Section 1.3: “Our terminology…” => “Terminology in this document…” > > • Section 2.3: “We term this behavior "Port Prefix Naming" and use it in > the examples throughout this document.” => “This document terms this > behavior "Port Prefix Naming" and uses it in the examples throughout.” > > • Appendix A: “Here, we summarize…” => “The following summarizes…” > > • Appendix C: “…by providing an extensible solution that solves multiple > problems we will overcome this inertia…” => “…an extensible solution that > solves multiple problems will overcome this inertia…” > > There is a nested parenthetical in 2.3. I suggest the following: > > Current: > (Parentheses are used to ignore a line break in DNS zone-file presentation > format ([RFC1035], Section 5.1).) > > Proposed: > (Parentheses are used to ignore a line break in DNS zone-file presentation > format, per Section 5.1 of [RFC1035].) > > On Oct 11, 2023, at 10:51 AM, Ben Schwartz <bemasc@meta.com> wrote: > > The caption of Figure 10 is 'An alpn Value with ...'. I believe "alpn" > should be quoted for consistency, resulting in > 'An "alpn" Value with ...". > > Apart from that suggestion, I approve this version for publication. > > --Ben Schwartz > > On Oct 11, 2023, at 10:34 AM, Erik Nygren <nygren@gmail.com> wrote: > > Approved from my perspective! (Assuming no objections from Mike or Ben.) > > Best, Erik > > On Wed, Oct 11, 2023 at 12:11 PM Lynne Bartholomew > <lbartholomew@amsl.com> wrote: > Hi, Erik. > > We have updated this document per your note below. > > The latest files are posted here (please refresh your browser): > > https://www.rfc-editor.org/authors/rfc9460.txt > https://www.rfc-editor.org/authors/rfc9460.pdf > https://www.rfc-editor.org/authors/rfc9460.html > https://www.rfc-editor.org/authors/rfc9460.xml > https://www.rfc-editor.org/authors/rfc9460-diff.html https://www. > rfc-editor.org/authors/rfc9460-rfcdiff.html https://www.rfc-editor.org/ > authors/rfc9460-auth48diff.html https://www.rfc-editor.org/authors/ > rfc9460-lastdiff.html https://www.rfc-editor.org/authors/ > rfc9460-lastrfcdiff.html > > https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html https://www. > rfc-editor.org/authors/rfc9460-xmldiff2.html https://www.rfc-editor.org/ > authors/rfc9460-alt-diff.html > > We will wait to hear from your coauthors regarding any subsequent changes > before noting anyone's approval. > > Thank you! > > RFC Editor/lb > > On Oct 10, 2023, at 2:13 PM, Erik Nygren <nygren@gmail.com> wrote: > > I took a final reading pass through and the only thing that jumped out > would be to change this: > > - "," and "\" characters instead of implementing the > <tt>value-list</tt> escaping > + "," and "\" characters in ALPN IDs instead of implementing the > <tt>value-list</tt> escaping > > The current text is ambiguous as to whether those characters are > prohibited in ALPN IDs or prohibited in value-list. It is clear that the > intent is for them to only be prohibited in ALPN IDs so that value-list can > contain commas, but inserting the "in ALPN IDs" would reduce risk of > misreading. > Everything else looks good. > > I believe Mike and Ben are making similar read-throughs. > > Thanks, Erik > > On Fri, Oct 6, 2023 at 4:30 PM Mike Bishop > <mbishop@evequefou.be> wrote: > Ben proposed this text on GitHub: > > In this document, this algorithm is referred to as "character- string > decoding", because > <xref target="RFC1035" sectionFormat="of" section="5.1"/> uses this > algorithm to produce a <tt><character-string></tt>. > > (And a corresponding "the allowed input" => "some allowed inputs".) > > The attached XML incorporates this proposal, if that works for everyone. > > -----Original Message----- > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Thursday, October > 5, 2023 12:32 PM > To: Erik Nygren <erik+ietf@nygren.org>; Ben Schwartz > <bemasc@meta.com> > Cc: Mike Bishop <mbishop@evequefou.be>; ietf@bemasc.net; rfc- editor@ > rfc-editor.org; dnsop-ads@ietf.org; dnsop- > chairs@ietf.org; tjw.ietf@gmail.com; auth48archive@rfc- editor.org > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- https-12> for > your review > > Hi, Erik and Ben. > > Erik, thank you for the suggestion. Ben, is Erik's suggestion acceptable, > and may we update accordingly? > > Thank you! > > RFC Editor/lb > > On Oct 5, 2023, at 6:12 AM, Erik Nygren > <erik+ietf@nygren.org> wrote: > > What about "described in" (instead of just "in" or "per") ? So: > > -it is used to produce a <tt><character-string></tt> in > +it is used to produce the <tt><character-string></tt> described in > > ? > > On Wed, Oct 4, 2023 at 11:58 AM Ben Schwartz > <bemasc@meta.com> wrote: > Re: "We made the additional update (changed "in" to "per") per your note > for 1) below." > > I think we need to give that section another look. I believe that "per" > may not be correct here. > > --Ben Schwartz > > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Tuesday, October 3, > 2023 12:29 PM > To: Mike Bishop <mbishop@evequefou.be> > Cc: ietf@bemasc.net <ietf@bemasc.net>; erik+ietf@nygren.org > <erik+ietf@nygren.org>; rfc-editor@rfc-editor.org <rfc- editor@rfc-editor. > org>; dnsop-ads@ietf.org <dnsop- ads@ietf.org>; dnsop-chairs@ietf.org < > dnsop-chairs@ietf.org>; tjw.ietf@gmail.com<tjw.ietf@gmail.com>; > auth48archive@rfc- editor.org <auth48archive@rfc-editor.org> > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- https-12> for > your review > !------------------------------------------------------------------- > | > This Message Is From an External Sender > > |------------------------------------------------------------------- > ! > > Hi, Mike. > > Thank you for the latest updated XML file! > > We made the additional update (changed "in" to "per") per your note for 1) > below. > > FYI that the new line breaks in the list in Section 1.2 constitute a bug ( > https://github.com/ietf- > tools/xml2rfc/issues/1045). We hope that this issue will be resolved soon. > > The latest files are posted here (please refresh your browser): > > https://www.rfc-editor.org/authors/rfc9460.txt > https://www.rfc-editor.org/authors/rfc9460.pdf > https://www.rfc-editor.org/authors/rfc9460.html > https://www.rfc-editor.org/authors/rfc9460.xml > https://www.rfc-editor.org/authors/rfc9460-diff.html https://www. > rfc-editor.org/authors/rfc9460-rfcdiff.html https://www.rfc-editor.org/ > authors/rfc9460-auth48diff.html https://www.rfc-editor.org/authors/ > rfc9460-lastdiff.html https://www.rfc-editor.org/authors/ > rfc9460-lastrfcdiff.html > > https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html https://www. > rfc-editor.org/authors/rfc9460-xmldiff2.html https://www.rfc-editor.org/ > authors/rfc9460-alt-diff.html > > Thanks again! > > RFC Editor/lb > > On Sep 29, 2023, at 11:52 AM, Mike Bishop > <mbishop@evequefou.be> wrote: > > 1) This is fine. > > 2) All reasonable, but we'd prefer to avoid nested parentheses. In the > attached, we've changed this to > "supported protocols" in 3.2 and moved the expansion back to > 7.1. > > We also noted in reviewing the change to the title of Figure 1 that this > URL was not quoted, so we've added those. > > -----Original Message----- > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Thursday, September > 28, 2023 11:48 AM > To: Mike Bishop <mbishop@evequefou.be> > Cc: ietf@bemasc.net; erik+ietf@nygren.org; rfc-editor@rfc- editor.org; > dnsop-ads@ietf.org; dnsop-chairs@ietf.org; tjw.ietf@gmail.com; > auth48archive@rfc-editor.org > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- https-12> for > your review > > Hi, Mike. > > Thank you very much for the updated XML file! > > Thanks also for the detailed list of updates after your > "late-arriving review from the DNS Directorate" note; your note informed > us that we would not need to ask for AD approval for any of those updates; > very helpful and much appreciated! > > A couple follow-up items for you: > > 1) "used to produce a <character-string> in Section 5.1 of > [RFC1035]" reads a bit oddly. May we change it to "used to produce a > <character-string> per Section 5.1 of [RFC1035]"? > > 2) Please note that per our style guidelines we made the following updates > to your copy: > > * Moved the expansion of "ALPN" from Section 7.1 to Section > 3.2. > * Changed "Section 2.4.2 and Section 3" to "Sections 2.4.2 and 3" in > Section 9.1. > * Changed "At" to "at" in the title of Figure 1. > > The latest files are posted here: > > https://www.rfc-editor.org/authors/rfc9460.txt > https://www.rfc-editor.org/authors/rfc9460.pdf > https://www.rfc-editor.org/authors/rfc9460.html > https://www.rfc-editor.org/authors/rfc9460.xml > https://www.rfc-editor.org/authors/rfc9460-diff.html https://www. > rfc-editor.org/authors/rfc9460-rfcdiff.html https://www.rfc-editor.org/ > authors/rfc9460-auth48diff.html https://www.rfc-editor.org/authors/ > rfc9460-lastdiff.html https://www.rfc-editor.org/authors/ > rfc9460-lastrfcdiff.html > > https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html https://www. > rfc-editor.org/authors/rfc9460-xmldiff2.html https://www.rfc-editor.org/ > authors/rfc9460-alt-diff.html > > Again, many thanks for your help with this document! > > RFC Editor/lb > > On Sep 26, 2023, at 11:40 AM, Mike Bishop > <mbishop@evequefou.be> wrote: > > Hi, Lynne - > Please see attached an updated XML from our side, with the following > changes in response to your questions. > > • We expanded "RR" in the document title. Please let us know any > objections. > We have adjusted the title to expand the initialism while avoiding nested > parentheses. > Original: > Service Binding and Parameter Specification via the DNS > (DNS SVCB and > HTTPS Resource Records (RRs)) > Current: > Service Binding and Parameter Specification via the DNS > (SVCB and > HTTPS Resource Records) > > 2. Please insert any keywords… > We have added various relevant keywords. > > 3. Datatracker "idnits" output for the original approved document included > the following warning … There are 2 instances of lines with > non-RFC2606-compliant FQDNs > These instances are false positives. > > 4. Section 1.1: We changed this section title, as it did not match the > contents of the section. If this update is incorrect, perhaps some text is > missing? If so, please clarify "goal" vs. "goals". We have accepted the new > section title, and also corrected an obsolete reference to statements that > were previously > “mentioned above” but now appear later in the document. Original: > (As mentioned above, this all > applies equally to the HTTPS RR, which shares the same encoding, > format, and high-level semantics.) > Current: > (As discussed in <xref target="svcb-compatible"/>, this all applies > equally to the HTTPS RR, which shares the same encoding, format, and > high-level semantics.) > > 5. Please review the "type" attribute of each sourcecode element… > We have added types and converted “artwork” tags to > “sourcecode” as appropriate. > > 6. Section 2.4.2: As it appears that > "multiple" means "multiple RRs" (as opposed to "multiple RRSets"), we > updated this sentence accordingly. If this is incorrect, please provide > clarifying text. > We have adjusted this to “multiple AliasMode RRs”. > > 7. Section 4.2: Is resolution of unknown RR types the only type of normal > response construction, or should "i.e." ("that is") be "e.g." ("for > example") here? Yes. For clarity, we’ve removed this use of “i.e.” > entirely. > > 8. Section 4.3: Does "even if the contents are invalid" refer to the > "MUST" clause, the "MAY" clause, or both? > It refers to the “MAY” clause. To improve clarity, we’ve restructured this > sentence and the following one. > Original: > Recursive resolvers <bcp14>MUST</bcp14> be able to convey SVCB records > with unrecognized SvcParamKeys, and <bcp14>MAY</bcp14> treat the > entire SvcParams portion of the record as opaque, even if the contents > are invalid. Alternatively, recursive resolvers > <bcp14>MAY</bcp14> > report an error such as SERVFAIL to avoid returning a SvcParamValue that > is invalid according to the SvcParam's specification. > Current: > Recursive resolvers <bcp14>MUST</bcp14> be able to convey SVCB records > with unrecognized SvcParamKeys. Resolvers > <bcp14>MAY</bcp14> > accomplish this by treating the entire SvcParams portion of the record > as opaque, even if the contents are invalid. If a recognized > SvcParamKey is followed by a value that is invalid according to the > SvcParam's specification, a recursive resolver > <bcp14>MAY</bcp14> > report an error such as SERVFAIL instead of returning the record. > > 9. Section 7.2: Should "this SvcParam" be > "this SvcParamValue" here? > Yes. (Corrected.) > > 10. Section 9.1: Please clarify the meaning of > "Following of". > We’ve clarified by reformulating this sentence and including references to > the relevant sections where the behavior is defined. > Original: > Following of HTTPS AliasMode RRs and CNAME aliases is unchanged from SVCB. > Current: > The procedure for following HTTPS AliasMode RRs > and CNAME aliases is unchanged from SVCB (as described in > <xref target="alias-mode"/> and <xref target="client- behavior"/>). > > 11. Should the instances of "9443" be "8443" here? > No, this distinction is intentional. > > 12. Section 9.4 and Table 1: Does "ECH" refer to citations for > draft-ietf-tls-esni and not to "Encrypted ClientHello" in general, or does > it refer to some (unknown) future specification related to ECH (in which > case the text should be clarified)? > For clarity, we’ve replaced “ECH” here with that reference, and expanded > the acronym where it appears in the IANA instructions. The assignment is > currently captured in draft-sbn-tls-svcb-ech-00, which was extracted from > this document. The TLS WG has adopted that document, and will need to > decide whether to fold it into draft-ietf-tls-esni or advance it > separately. > > 13. Section 9.6: Should 'HTTP URL' be '"http" URL'? … Also, we could not > find any instances of > "requestURL" in [WebSocket], any other published RFC, or > [FETCH]. > We’ve replaced ‘HTTP URL” with the formal term defined in RFC 9110: > “HTTP-related URI scheme”. > Since we wrote this text, WHATWG has moved the definition of “requestURL” > to a new document. We’ve fixed the problem by adding that reference here. > Original: > All HTTP connections to named origins are eligible to use HTTPS RRs, > even when HTTP is used as part of another protocol or without an > explicit HTTP URL. For example, clients that support HTTPS RRs and > implement the altered WebSocket <xref target="RFC6455"/> opening > handshake from the W3C Fetch specification <xref target="FETCH"/> > <bcp14>SHOULD</bcp14> use HTTPS RRs for the > <tt>requestURL</tt>. > Current: > All HTTP connections to named origins are eligible to use HTTPS RRs, > even when HTTP is used as part of another protocol or without an > explicit HTTP-related URI scheme (<relref target="RFC9110" > section="4.2"/>). For example, clients that support HTTPS RRs and > implement <xref target="RFC6455"/> using the altered opening handshake > from <xref target="FETCH-WEBSOCKETS"/> > <bcp14>SHOULD</bcp14> use HTTPS RRs for the > <tt>requestURL</tt>. > > 14. Section 10.3: We had trouble following > "various interpretations of RFCs" in the first sentence… We’ve replaced > this vague statement by a reference to the BIND documentation for the > behavior in question. > Original: > Note that some implementations may not allow A or AAAA records on > names starting with an underscore due to various > interpretations of RFCs. > This could be an operational issue when the TargetName contains an > Attrleaf label, as well as using a TargetName of "." when the owner name > contains an Attrleaf label. > Current: > Some authoritative DNS servers may not allow A or AAAA records on > names starting with an underscore (e.g., <xref > target="BIND-CHECK-NAMES"/>). > This could create an operational issue when the TargetName contains an > Attrleaf label, or when using a TargetName of "." if the owner name > contains an Attrleaf label. > > 15. Section 11: We do not see the word > "stapling" or "staple" in RFC 6066. Please confirm that this citation will > be clear to readers. > We’ve adjusted this sentence to expand “OCSP” and mention > “Certificate Status Request”, which is the formal name from RFC 6066. > (We’ve preserved the term “stapling” because it is much more widely > understood and commonly used than the formal name.) Original: > Server operators implementing this standard > <bcp14>SHOULD</bcp14> also > implement TLS 1.3 <xref target="RFC8446"/> and Online Certificate Status > Protocol (OCSP) Stapling <xref target="RFC6066"/>, both of which confer > substantial performance and > privacy benefits when used in combination with SVCB records. > Current: > Server operators implementing this standard > <bcp14>SHOULD</bcp14> also > implement TLS 1.3 <xref target="RFC8446"/> and Online Certificate > Status Protocol (OCSP) Stapling (i.e., Certificate Status Request in > <xref target="RFC6066" section="8" sectionFormat="of"/>), both of > which confer substantial performance and privacy benefits when used in > combination with SVCB records.</t> > > 16. Section 12: "unintended access" reads oddly here. If the suggested > text is not correct, should the word "unintended" be removed? > We’ve rephrased this in a way that avoids the word > “unintended” and improves specificity. > Original: > If the attacker can influence the > client's payload (e.g., TLS session ticket contents) and an internal > service has a sufficiently lax parser, it's possible that the attacker > could gain unintended access. > Current: > If the attacker can influence the > client's payload (e.g., TLS session ticket contents) and an internal > service has a sufficiently lax parser, the attacker could gain access > to the internal service. > > 17. FYI, we have changed two instances of > "Service Binding" to "service binding" because it written in lowercase > where used generally in this document. We will ask IANA… > We’ve changed the description in the IANA instructions to use the > more precise term “SVCB-compatible” instead. (The original IANA > instructions may predate this term.) > > 18. The following ACTION text indicates that the > "Service Parameter Keys (SvcParamKeys)" registry should appear on the > "Domain Name System (DNS) Parameters" page. However, the registry appears > on a page under the heading > "DNS Service Bindings (SVCB)" > This disparity may have occurred because IANA reorganized their website > after the original instructions were written. The current location of the > registry correctly reflects the authors’ intent, and we have updated the > draft to describe the new location. > > 19. Because the IANA registry does not include a > "Meaning" column, we have updated the text as shown below. Please let us > know if any updates are required. > This change is correct. > > 20. Appendix A: Because Section 3.3 of RFC 1035 says "<character-string> > is treated as binary information, and can be up to 256 characters in length > (including the length octet)", we updated this sentence to clarify the > meaning of "same as". If this is incorrect, please provide text that > clarifies the meaning of "same as". > This change is not correct. We have adjusted the text to provide a clearer > distinction between “<character-string>” > (which is binary) and the textual representation used to generate it. > Original: > DNS zone files are capable of representing arbitrary octet sequences > in basic ASCII text, using various delimiters and > encodings. The > algorithm for decoding these character strings is defined in <xref > section="5.1" sectionFormat="of" target="RFC1035"/>. > Current: > DNS zone files are capable of representing arbitrary octet sequences > in basic ASCII text, using various delimiters and > encodings, according > to an algorithm defined in <xref section="5.1" sectionFormat="of" > target="RFC1035"/>. Original: > In this document, this algorithm is referred to as > "character-string decoding". > The algorithm is the same as the guideline for > <tt><character-string></tt> provided in <xref target="RFC1035" > sectionFormat="of" section="3.3"/>, except that in this document the output > length is not limited to 255 octets. > Current: > In this document, this algorithm is referred to as > "character-string > decoding", because it is used to produce a > <tt><character-string></tt> in <xref target="RFC1035" > sectionFormat="of" section="5.1"/>. Note that while the length of a > <tt><character-string></tt> is limited to 255 octets, the > character-string decoding algorithm can produce output of any > length.</t> > > 21. Appendix C.4: We changed "the authoritative" at the end of this > sentence to "the authoritative DNS server". > This change is correct. > > 22. Appendix D.2: Do "target (root label)" and > "target, root label" mean the same thing? If yes, should they both be > expressed in the same way (i.e., either parentheses or comma)? Also, should > "length: 2 bytes" be > "length 2", per the format of all other "# length" and "; length" entries? > Yes, these carry the same meaning. We have incorporated these changes to > improve consistency. > > 23. The example.com line in Figure 8 extends beyond the 72-character > limit. > 24. Figure 8: The "example.com." line is too long… > We have adjusted this figure as suggested to fit within the 72-character > limit. > > 25. Figures 14 and 15: Should "mandatory" be written in the same way in > both titles (i.e., either lowercase and quoted or initial-capitalized and > unquoted)? No. In one case, it refers to an item that must be present; in > the other it refers to the literal 9-character sequence “mandatory”. > > 26. "Acknowledgments and Related Proposals" reads oddly, in that the two > ideas seem unrelated. "... proposed solutions ...challenge proposed" reads > oddly as well. May we make a new Section 15 ("Related Proposals") … > ? > We’ve reformulated this paragraph to make clear that the related proposals > are mentioned by way of acknowledgement and gratitude. > > 27. Please review the "Inclusive Language" portion of the online Style > Guide … > We have reviewed this guidance but did not find any changes that could be > made on this basis. > > 28. Please let us know if any changes are needed for the following > [capitalization consistency issues] We have attempted to correct these > issues to improve consistency. In the case of ALPN, we have clarified some > uses as “ALPN protocol” or “ALPN ID”. > ------------ > Additionally, we made several edits in response to a late- arriving review > from the DNS Directorate, as Warren indicated. These are highlighted below, > in no particular order. > # Positive and negative DNSSEC (Section 4.1) > Original: > If the zone is signed, the server SHOULD also include positive or > negative DNSSEC responses for these records in the Additional section. > Current: > If the zone is signed, the server SHOULD also include DNSSEC records > authenticating the existence or nonexistence of these records in the > Additional section. > # Use of “origin” for concepts other than HTTP origins > - In 1.1, “an origin within the DNS” => “a service identified by a domain > name” > - In 3.1, “origin’s SVCB record” => “service’s SVCB record” > - In 7.3, “origin hostname” => “service name” > - In 9.3, “origin endpoint” => “authority endpoint” > - In 12, “origin” => “authoritative server” > # Use of “delegation” outside the sense of DNS zone delegation > - In 1, “delegating the origin” => “aliasing the origin” > - In 1.1, “delegation of operational authority for an origin within > the DNS to an alternate name.” => “extending operational authority for > a service identified by a domain name to other instances with > alternate names.” (overlap with previous set) > - In 1.1, “apex delegation” => “apex aliasing” > - In 3.2, “It allows the service to delegate the apex domain.” => “It > allows a service on an apex domain to use aliasing.” > - In Figure 1 (caption), “Is Delegated to” => “Is Available At” > # Inconsistency of terms for list and sorting in Section 3 > - “enumerating the priority-ordered endpoints” => > “enumerating and ordering the available endpoints” > - Addition of “Sort the records by ascending SvcPriority.” to step 4. > - “known endpoints” => “available endpoints” > - “priority list” => “list of endpoints” > - “the resolved list” => “this list” > # Vague performance statements > In 2.4.2, removed “which would likely improve performance” > # No such thing as empty RRset > Original: > If the SVCB RRset contains no compatible RRs, the client will generally > act as if the RRset is empty. > Current: > Incompatible RRs are ignored (see step 5 of the procedure defined in <xref > target="client-behavior"/>). > ------------ > Finally, with regard to the changes from our previous e- mail: The > attached file incorporates your proposed changes. We have made one > adjustment, where <tt> was already being used around a hostname which is > now quoted. The > combination is probably not necessary; for consistency, we can align on > quotes. > Original: > When using the generic SVCB RR type with aliasing, zone owners > <bcp14>SHOULD</bcp14> choose alias target names that indicate the > scheme in use (e.g., <tt>"foosvc.example.net"</tt> for > <tt>"foo://"</tt> schemes). This will help to avoid confusion when > another scheme needs to be added to the configuration. When multiple > port numbers are in use, it may be helpful to repeat the prefix labels in > the alias target name (e.g., > <tt>"_1234._foo.svc.example.net"</tt>). Current: > When using the generic SVCB RR type with aliasing, zone owners > <bcp14>SHOULD</bcp14> choose alias target names that indicate the > scheme in use (e.g., "foosvc.example.net" for "foo" schemes). This > will help to avoid confusion when another scheme needs to be added to > the configuration. When multiple port numbers are in use, it may be > helpful to repeat the prefix labels in the alias target name (e.g., " > _1234._foo.svc.example.net"). We have also removed the “://”, which is > not properly part of the scheme. > > -----Original Message----- > From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Friday, September > 22, 2023 2:39 PM > To: Mike Bishop <mbishop@evequefou.be>; ietf@bemasc.net; erik+ietf@nygren. > org > Cc: rfc-editor@rfc-editor.org; dnsop-ads@ietf.org; dnsop-chairs@ietf.org; > tjw.ietf@gmail.com; > auth48archive@rfc-editor.org > Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop- svcb-https-12> > for your review Hi, Mike and coauthors. > Mike, apologies for our confusion with the emails > yesterday. We have updated this document per your notes below. Please see > our "[rfced]" notes inline. Also, apologies for an issue regarding an > update to Section 14.4. The updated section is now correct. We also removed > a duplicate question regarding Figure 8. > The latest files are posted here. Please refresh your browser to view the > latest updates and the updated list of questions: > https://www.rfc-editor.org/authors/rfc9460.txt > https://www.rfc-editor.org/authors/rfc9460.pdf > https://www.rfc-editor.org/authors/rfc9460.html > https://www.rfc-editor.org/authors/rfc9460.xml > https://www.rfc-editor.org/authors/rfc9460-diff.html https://www. > rfc-editor.org/authors/rfc9460-rfcdiff.html https://www.rfc-editor.org/ > authors/rfc9460- > auth48diff.html > https://www.rfc-editor.org/authors/rfc9460-alt-diff.html https://www. > rfc-editor.org/authors/rfc9460-xmldiff1.html https://www.rfc-editor.org/ > authors/rfc9460-xmldiff2.html https://www.rfc-editor.org/authors/ > rfc9460-alt-diff.html Thank you, and again, apologies for our confusion. > RFC Editor/lb > > On Sep 20, 2023, at 1:33 PM, Mike Bishop > <mbishop@evequefou.be> wrote: > > A couple points from the copy-edits I wanted to discuss as we go through > these…. > Under SVC Query Names, I see this change: > Original: > > When querying the SVCB RR, a service is translated into a QNAME by > prepending the service name with a label indicating the scheme, > prefixed with an underscore, resulting in a domain name like " > _examplescheme.api.example.com.". > > Current: > > When querying the SVCB RR, a service is translated into a QNAME by > prepending the service name with a label indicating the scheme, > prefixed with an underscore, resulting in a domain name like " > _examplescheme.api.example.com." > > In this instance, however, the literal domain name ends with a period. > Given the general rule in American English that the period goes inside the > quotation marks and not outside, the absence of the explicit exterior > period might cause some readers to apply that rule and not expect the > actual domain name to contain the trailing dot; hence the separate period > in the original. > Could we revert this change, or is there a different way we could word > this to avoid any confusion? > > [rfced] Reverted. Thank you for the explanation. > > Under AliasMode, quotes were added to offset > “https://example.com ”, but similar quotes were not added around > “foo://example.com:8080”. Should all URIs be quoted, if this one is? > > [rfced] We added quotes to URIs listed in text. Please review and let us > know if any of the new quotes are incorrect (e.g., we added quotes for > 'owner of > "example.com"' because we found 'the operator of > "https://example.com "', but is this update correct?). Regarding the > hyphenation of “SVCB-optional” and “SVCB- reliant”: > > Original: > > A client is called "SVCB-optional" if it can connect without the use > of ServiceMode records, and "SVCB-reliant" otherwise. > > Current: > > A client is called "SVCB optional" if it can connect without the use > of ServiceMode records; otherwise, it is called "SVCB reliant". > > These terms are used primarily as adjectives before a noun (and therefore > hyphenated) and in a few instances with a verb in between. It seems unclear > not to > hyphenate the definition of the terms when that’s > primarily how they’re used, for ease of searching. For uniformity, could > we hyphenate these terms throughout? If I understand the rule correctly, a > compound adjective is *generally* not hyphenated when not before a noun, > but some are. > (The same applies to “SVCB-compatible” later.) > > [rfced] We restored the hyphens. > Updated list of questions: > 1) <!-- [rfced] We expanded "RR" in the document title. Please let us know > any objections. > Original: > Service binding and parameter specification via the DNS > (DNS SVCB and > HTTPS RRs) > Currently: > Service Binding and Parameter Specification via the DNS > (DNS SVCB and > HTTPS Resource Records (RRs)) --> > 2) <!-- [rfced] Please insert any keywords (beyond those that appear > in the > title) for use on <https://www.rfc-editor.org/search >. --> > 3) <!-- [rfced] Datatracker "idnits" output for the original approved > document included the following warning. Please let us know if any changes > are needed as related to this warning: > == There are 2 instances of lines with non-RFC2606- compliant FQDNs in the > document. --> > 4) <!-- [rfced] Section 1.1: We changed this section title, as it did not > match the contents of the section. If this update is incorrect, perhaps > some text is missing? If so, please clarify "goal" vs. > "goals". > Original (excerpts from this section are included for context): > 1.1. Goals of the SVCB RR > The goal of the SVCB RR is to allow clients to resolve a single > additional DNS RR in a way that: > ... > Additional goals specific to HTTPS RRs and the HTTP use- cases > include: > Currently: > 1.1. Goals --> > 5) <!-- [rfced] Please review the "type" attribute of each sourcecode > element in the XML file to ensure correctness. If the current list of > preferred values for "type" > (https://www.rfc-editor.org/materials/sourcecode-types.txt > ) does not contain an applicable type, please let us know. Also, it is > acceptable to leave the "type" attribute not set. > In addition, review each artwork element. Specifically, should any artwork > element be tagged as sourcecode (e.g., > "dns-rr", "pseudocode", or "test-vectors" for some or all of the figures > in the appendices)? --> > 6) <!-- [rfced] Section 2.4.2: As it appears that > "multiple" means "multiple RRs" (as opposed to "multiple RRSets"), we > updated this sentence accordingly. If this is incorrect, please provide > clarifying text. > Original (the previous sentence is included for context): In AliasMode, > the SVCB record aliases a service to a TargetName. > SVCB RRSets SHOULD only have a single resource record in AliasMode. > If multiple are present, clients or recursive resolvers SHOULD pick one at > random. > Currently: > If multiple > RRs are present, clients or recursive resolvers SHOULD pick one at random. > --> > 7) <!-- [rfced] Section 4.2: Is resolution of unknown RR types the only > type of normal response construction, or should "i.e." ("that is") be > "e.g." ("for example") here? Original: > Whether the recursive resolver is aware of SVCB or not, the normal > response construction process (i.e. unknown RR type resolution under > [RFC3597]) generates the Answer section of the response. > --> > 8) <!-- [rfced] Section 4.3: Does "even if the contents are invalid" > refer to the "MUST" clause, the "MAY" clause, or both? Original: > Recursive resolvers MUST be able to convey SVCB records with unrecognized > SvcParamKeys, and MAY treat the entire SvcParams portion of the record as > opaque, even if the contents are invalid. > (A) Perhaps (both): > Recursive resolvers MUST be able to convey SVCB records with unrecognized > SvcParamKeys and MAY treat the entire SvcParams portion of the record as > opaque, even if the contents are invalid. > (B) Or possibly (only the "MAY" clause): Recursive resolvers MUST be able > to convey SVCB records with unrecognized SvcParamKeys, and the resolvers > MAY treat the entire SvcParams portion of the record as opaque even if the > contents are invalid. > (C) Or to be specific (instead of rely only on the comma): Recursive > resolvers MUST be able to convey SVCB records with > unrecognized SvcParamKeys, and the resolvers MAY treat the entire > SvcParams portion of the record as opaque even if the contents > (of that portion) are invalid. --> > 9) <!-- [rfced] Section 7.2: Should "this SvcParam" be > "this > SvcParamValue" here? We ask because we see two instances of > "SvcParamValue MUST NOT contain escape sequences" later in this > document. > Original: > To enable simpler parsing, this SvcParam MUST NOT contain escape > sequences. --> > 10) <!-- [rfced] Section 9.1: Please clarify the meaning of > "Following of". > Original: > Following of HTTPS AliasMode RRs and CNAME aliases is unchanged from > SVCB. --> > 11) <!--[rfced] Should the instances of "9443" be "8443" here? > Original: > Alt-Svc: h2="alt.example:443", > h2="alt2.example:443", h3=":8443" The > client would retrieve the following HTTPS records: alt.example. > IN HTTPS 1 . alpn=h2,h3 foo=... > alt2.example. IN HTTPS 1 > alt2b.example. alpn=h3 foo=... > _8443._https.example.com. IN HTTPS > 1 alt3.example. ( > port=9443 alpn=h2,h3 foo=... ) > [...] > * > HTTP/3 to alt3.example:9443 --> > 12) <!-- [rfced] Section 9.4 and Table 1: Does "ECH" refer to > citations for draft-ietf-tls-esni and not to "Encrypted ClientHello" > in general, or does it refer to some (unknown) future specification > related to ECH (in which case the text should be > clarified)? > Please note that we could not find any indication in draft-ietf-tls-esni > that the parameter in question will be reserved > for it. > Original: > Clients MUST NOT use an HTTPS RR response unless the client supports > TLS Server Name Indication (SNI) and indicates the origin name in the > TLS ClientHello (which might be encrypted via a future specification > such as ECH). > ... > | 5 | ech | RESERVED |N/A > |IETF | > | | | (will be | | > | > | | | used for | | > | > | | | ECH) | | > | --> > 13) <!-- [rfced] Section 9.6: > Should 'HTTP URL' be '"http" URL'? We ask because we do not see > 'HTTP URL' used anywhere else in this document or in this cluster of > documents (https://www.rfc- > editor.org/cluster_info.php?cid=C461 ). > Also, we could not find any instances of "requestURL" in > [WebSocket], > any other published RFC, or [FETCH]. However, we see > "Request-URI" > in [WebSocket]. Will the use of "requestURL" be clear to readers? > Original: > All HTTP connections to named origins are eligible to use HTTPS RRs, > even when HTTP is used as part of another protocol or without an > explicit HTTP URL. For example, clients that support HTTPS RRs and > implement the altered WebSocket [WebSocket] opening handshake from the > W3C Fetch specification [FETCH] SHOULD use HTTPS RRs for the > requestURL. --> > 14) <!-- [rfced] Section 10.3: We had trouble following > "various > interpretations of RFCs" in the first sentence, as it appears to > indicate that the RFCs themselves are being interpreted. Also, the > second sentence does not parse. Would the "Perhaps" text below be > helpful? If not, please provide clarifying text. > Original ("an TargetName" has been fixed): Note that some implementations > may not allow A or AAAA records on > names starting with an underscore due to various > interpretations of > RFCs. This could be an operational issue when the TargetName contains > an attrleaf label, as well as using an TargetName of "." when the owner > name contains an attrleaf label. > Perhaps: > Note that some implementations may not allow A or AAAA records on > names that start with an underscore, due to various interpretations in > other RFCs. This could be an operational issue when the TargetName > contains an Attrleaf label, as well as when a TargetName of "." is > used when the owner name contains an Attrleaf label. --> 15) <!-- [rfced] > Section 11: We do not see the word > "stapling" or > "staple" in RFC 6066. Please confirm that this citation will be clear > to readers. > Original: > Server operators implementing this standard SHOULD also implement TLS > 1.3 [RFC8446] and OCSP Stapling [RFC6066], both of which confer > substantial performance and privacy benefits when used in combination > with SVCB records. --> > 16) <!-- [rfced] Section 12: "unintended access" reads oddly here. > If the suggested text is not correct, should the word > "unintended" > be removed? Please provide alternative text if you'd like to > rephrase. > Original: > If the attacker can influence the client's payload (e.g. TLS session > ticket contents), and an internal service has a > sufficiently lax parser, it's possible that the attacker could gain > unintended access. > Suggested: > If the attacker can influence the client's payload (e.g., TLS session > ticket contents) and an internal service has a > sufficiently lax > parser, it's possible that, as an unintended consequence, the attacker > could gain access. --> > 17) <!-- [rfced] FYI, we have changed two instances of > "Service Binding" > to "service binding" because it written in lowercase where used > generally in this document. We will ask IANA to update > <https://www.iana.org/assignments/dns-parameters/ > accordingly, unless > you let us know you prefer otherwise. Original: > * Meaning: General Purpose Service Binding Current: Meaning: > General-purpose service binding > Original: > * Meaning: Service Binding type for use with HTTP Current: > Meaning: Service binding type for use with HTTP > --> > 18) <!-- [rfced] The following ACTION text indicates that the > "Service Parameter Keys (SvcParamKeys)" registry should appear on the > "Domain Name System (DNS) Parameters" page. However, the registry > appears on a page under the heading "DNS Service Bindings > (SVCB)" > (see https://www.iana.org/assignments/dns-svcb/ ). Please review and > let us know if the location of the "DNS Service Bindings > (SVCB)" > registry is correct. > Original: > ACTION: create this registry, on a new page entitled "DNS Service > Bindings (SVCB)" under the "Domain Name System (DNS) Parameters" > category. --> > 19) <!-- [rfced] Section 14.4: Because the "Underscored and > Globally Scoped DNS Node Names" IANA registry does not include a "Meaning" > column, we have updated the table as shown below. Please let us know > if any other updates are required. > Original (to avoid the issue of double dashes and XML comments, the > bottom line of the table is not included): > Per [Attrleaf], please add the following entry to the DNS Underscore > Global Scoped Entry Registry: > +=========+============+=================+=================+ > | RR TYPE | _NODE NAME | Meaning | Reference > | > +=========+============+=================+=================+ > | HTTPS | _https | HTTPS SVCB info | (This > document) | > Table 2 > Currently: > Per [Attrleaf], the following entry has been added to the DNS > "Underscored and Globally Scoped DNS Node Names" registry: > +=========+============+===========+ > | RR Type | _NODE NAME | Reference | > +=========+============+===========+ > | HTTPS | _https | RFC 9460 | > Table 2 --> > 20) <!-- [rfced] Appendix A: Because Section 3.3 of RFC 1035 says > "<character-string> is treated as binary information, and can be up to > 256 characters in length (including the length octet)", we updated > this sentence to clarify the meaning of "same as". If this is incorrect, > please provide text that clarifies the meaning > of "same as". > Original: > The algorithm is the same as used by > <character-string> in RFC 1035, although the output length in this > document is not limited to 255 octets. > Currently: > The algorithm is the same as the > guideline for <character-string> in [RFC1035], except that in this > document the output length is not limited to 255 octets. > --> > 21) <!-- [rfced] Appendix C.4: We changed "the authoritative" at > the end of this sentence to "the authoritative DNS server". If this > is incorrect, please clarify the meaning of "the authoritative". > Original: > Recursive resolvers that implement the specification would, upon > receipt of a ServiceMode query, emit both a ServiceMode and an > AliasMode query to the authoritative. > Currently: > Recursive resolvers that implement the specification would, upon > receipt of a ServiceMode query, emit both a ServiceMode query and an > AliasMode query to the authoritative DNS server. --> 22) <!-- [rfced] > Appendix D.2: Do "target (root label)" and > "target, root label" mean the same thing? If yes, should they both be > expressed in the same way (i.e., either parentheses or comma)? > Also, should "length: 2 bytes" be "length 2", per the format of all > other "# length" and "; length" entries? Original: > 00 ; target (root label) > ... > \x00 # target, root label > ... > \x00\x02 # length: 2 bytes > ... > \x00\x05 # length 5 > ... > \x00\x09 # length 9 > ... > \x00\x20 # length 32 > ... > \x00\x10 # length 16 --> > 23) <!-- [rfced] Figure 8: The "example.com." line is too long and > yields the following warning: > Warning: Too long line found (L2319), 4 characters longer than 72 > characters: > example.com. SVCB 1 example.com. > ipv6hint="2001:db8:122:344::192.0.2.33" > We see a similar type of line at the top of Figure 7, although that > line uses parentheses before and after the line break around > "ipv6hint". Would it be syntactically correct to format this line > (i.e., with parentheses and line breaks) per Figure 7? Original: > example.com. SVCB 1 example.com. > ipv6hint="2001:db8:122:344::192.0.2.33" > Possibly: > example.com. SVCB 1 example.com. ( > ipv6hint="2001:db8:122:344::192.0.2.33" > ) --> > 24) <!-- [rfced] Figures 14 and 15: Should "mandatory" be written > in the same way in both titles (i.e., either lowercase and quoted or > initial-capitalized and unquoted)? > Original: > Figure 14: A mandatory SvcParam is missing ... > Figure 15: The "mandatory" SvcParamKey must not be included in > the mandatory list --> > 25) <!-- [rfced] "Acknowledgments and Related Proposals" reads > oddly, in that the two ideas seem unrelated. "... proposed solutions ... > challenge proposed" reads oddly as well. > May we make a new Section 15 ("Related Proposals") and rephrase some > text as suggested below? > Original: > 15. Acknowledgments and Related Proposals There have been a wide > range of proposed solutions over the years to the "CNAME at the Zone > Apex" challenge proposed. These include > [I-D.bellis-dnsop-http-record], [I-D.ietf-dnsop-aname], and others. > Thank you to Ian Swett, Ralf Weber, Jon Reed, Martin Thomson, Lucas > Pardue, Ilari Liusvaara, Tim Wicinski, Tommy Pauly, Chris Wood, David > Benjamin, Mark Andrews, Emily Stark, Eric Orth, Kyle Rose, Craig > Taylor, Dan McArdle, Brian Dickson, Willem Toorop, Pieter Lexis, > Puneet Sood, Olivier Poitrey, Mashooq Muhaimen, Tom Carpay, and many > others for their feedback and suggestions on this draft. Suggested: > 15. Related Proposals > Over the years, there has been a wide range of proposed solutions to > the zone-apex CNAME challenge. These include [HTTP-DNS- RR], > [ANAME-DNS-RR], and others. > ... > Acknowledgments > Thank you to Ian Swett, Ralf Weber, Jon Reed, Martin Thomson, Lucas > Pardue, Ilari Liusvaara, Tim Wicinski, Tommy Pauly, Chris Wood, David > Benjamin, Mark Andrews, Emily Stark, Eric Orth, Kyle Rose, Craig > Taylor, Dan McArdle, Brian Dickson, Willem Toorop, Pieter Lexis, > Puneet Sood, Olivier Poitrey, Mashooq Muhaimen, Tom Carpay, and many > others for their feedback and suggestions on this document. > --> > 26) <!-- [rfced] Please review the "Inclusive Language" portion of > the online Style Guide at > <https://www.rfc- > editor.org/styleguide/part2/#inclusive_language >, and let us know if any > changes are needed. > For example, please consider whether the following should be updated: > whitespace (whitespace-separated list, internal whitespace) > --> > 27) <!-- [rfced] Please let us know if any changes are needed for > the > following: > a) The following terms were used inconsistently in this document. > We chose to use the latter forms. Please let us know any objections. > Alt-Svc Field Value / Alt-Svc field value (per [AltSvc]) attrleaf > label / Attrleaf label (per [Attrleaf]) > IPv6 hint / ipv6hint (per three of the four companion documents) > (https://www.rfc-editor.org/cluster_info.php?cid=C461 )) key Name / key > name > RRType (titles of Sections 14.1 and 14.2) / RR Type (per approx. 40 > instances of "RR type" in text) wire-format / wireformat / wire format > (noun) > (per "wire format" in companion document draft-ietf-add- svcb-dns) > zone file (adj.) / zone-file (adj.) > b) The following terms appear to be used inconsistently in this > document. Please let us know which form is preferred. Additional record / > additional record (We also see > "Additionals" and "Additional A records" in Section > 4.2.1.) > additional section / Additional section / Additional Section mode / > Mode ("two modes", "same Mode", "connection modes") Multi-CDN ("A > Multi-CDN customer domain") / > multi-CDN ("a multi-CDN configuration") > (We suggest lowercase, based on past usage in RFCs.) Name MUST / > name MUST (Section 14.3.1) > c) Should lowercase "alpn" be written in text with or without quotes? > alpn / "alpn" ('e.g., alpn', 'e.g., URIs or "alpn"') Also, should > 'non-default alpn' be 'non-default ALPN' or perhaps 'non-default "alpn"'? > d) May we change the instances of "RRSet" to "RRset"? We see that > the latter form is used much more often in RFCs from RFC 6000 > onwards.--> > > On Sep 8, 2023, rfc-editor@rfc-editor.org wrote: > > *****IMPORTANT***** > Updated 2023/09/08 > RFC Author(s): > -------------- > Instructions for Completing AUTH48 > Your document has now entered AUTH48. Once it has been reviewed > and approved by you and all coauthors, it will be > published as an RFC. > If an author is no longer available, there are several remedies > available as listed in the FAQ (https://www.rfc- > editor.org/faq/ ). > You and you coauthors are responsible for engaging other parties > (e.g., Contributors or Working Group) as necessary before providing > your approval. > Planning your review --------------------- Please review the > following aspects of your document: > * RFC Editor questions > Please review and resolve any questions raised by the RFC Editor > that have been included in the XML file as comments marked as > follows: > <!-- [rfced] ... --> > These questions will also be sent in a subsequent email. > * Changes submitted by coauthors Please ensure that you review any changes > submitted by your > coauthors. We assume that if you do not speak up that you agree to changes > submitted by your coauthors. > * Content Please review the full content of the document, as this cannot > change once the RFC is published. Please pay particular attention to: > - IANA considerations updates (if applicable) > - contact information > - references > * Copyright notices and legends > Please review the copyright notice and legends as defined in > RFC 5378 and the Trust Legal Provisions (TLP – > https://trustee.ietf.org/license-info/ ). > * Semantic markup > Please review the markup in the XML file to ensure that elements of > content are correctly tagged. For example, ensure that > <sourcecode> > and <artwork> are set correctly. See details at > <https://authors.ietf.org/rfcxml-vocabulary >. > * Formatted output > Please review the PDF, HTML, and TXT files to ensure that the > formatted output, as generated from the markup in the XML file, is > reasonable. Please note that the TXT will have formatting limitations > compared to the PDF and HTML. > Submitting changes > ------------------ > To submit changes, please reply to this email using ‘REPLY ALL’ as > all the parties CCed on this message need to see your changes. The > parties > include: > * your coauthors > * rfc-editor@rfc-editor.org (the RPC team) > * other document participants, depending on the stream > (e.g., > IETF Stream participants are your working group chairs, the > responsible ADs, and the document shepherd). > * auth48archive@rfc-editor.org, which is a new archival mailing list > to preserve AUTH48 conversations; it is not an active discussion > list: > * More info: > https://mailarchive.ietf.org/arch/msg/ietf- > announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > * The archive itself: > https://mailarchive.ietf.org/arch/browse/auth48archive/ > * Note: If only absolutely necessary, you may > temporarily opt out > of the archiving of messages (e.g., to discuss a > sensitive matter). > If needed, please add a note at the top of the message that you > have dropped the address. When the discussion is > concluded, > auth48archive@rfc-editor.org will be re-added to the CC list and > its addition will be noted at the top of the message. You may submit your > changes in one of two ways: > An update to the provided XML file > — OR — > An explicit list of changes in this format Section # (or indicate > Global) > OLD: > old text > NEW: > new text > You do not need to reply with both an updated XML file and an > explicit list of changes, as either form is sufficient. We will ask a > stream manager to review and approve any changes that > seem beyond editorial in nature, e.g., addition of new text, > deletion of text, and technical changes. Information about stream > managers can be found in the FAQ. Editorial changes do not require > approval from a stream manager. > Approving for publication > -------------------------- > To approve your RFC for publication, please reply to this email > stating that you approve this RFC for publication. Please use > ‘REPLY ALL’, as all the parties CCed on this message need to see your > approval. > Files ----- > The files are available here: > https://www.rfc-editor.org/authors/rfc9460.xml > https://www.rfc-editor.org/authors/rfc9460.html > https://www.rfc-editor.org/authors/rfc9460.pdf > https://www.rfc-editor.org/authors/rfc9460.txt > Diff file of the text: > https://www.rfc-editor.org/authors/rfc9460-diff.html https://www. > rfc-editor.org/authors/rfc9460-rfcdiff.html > (side by side) > Diff of the XML: https://www.rfc- > editor.org/authors/rfc9460-xmldiff1.html > This diff file compares an altered original and the RFC > (in order to make the changes in moved text viewable): https://www. > rfc-editor.org/authors/rfc9460-alt-diff.html Tracking progress > ----------------- > The details of the AUTH48 status of your document are here: > https://www.rfc-editor.org/auth48/rfc9460 > Please let us know if you have any questions. Thank you for your > cooperation, > RFC Editor > -------------------------------------- > RFC9460 (draft-ietf-dnsop-svcb-https-12) > Title : Service Binding and Parameter > Specification via the DNS (DNS SVCB and HTTPS Resource Records (RRs)) > Author(s) : B. Schwartz, M. Bishop, E. Nygren WG Chair(s) : Suzanne Woolf, > Benno Overeinder, Tim Wicinski > Area Director(s) : Warren Kumari, Robert Wilton > > <rfc9460.xml> > > <rfc9460.xml> > >
- [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-dnsop… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Warren Kumari
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Tim Wicinski
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- [auth48] [IANA] Re: AUTH48: RFC-to-be 9460 <draft… Lynne Bartholomew
- [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Erik Nygren
- [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUT… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Warren Kumari
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Mike Bishop
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Erik Nygren
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- [auth48] * [IANA] **[AD] Re: AUTH48: RFC-to-be 94… Lynne Bartholomew
- Re: [auth48] * [IANA] **[AD] Re: AUTH48: RFC-to-b… Ben Schwartz
- [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Lynne Bartholomew
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Rob Wilton (rwilton)
- [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUT… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Warren Kumari
- Re: [auth48] *[AD] Re: AUTH48: RFC-to-be 9460 <dr… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop