Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review
Lynne Bartholomew <lbartholomew@amsl.com> Tue, 24 October 2023 22:34 UTC
Return-Path: <lbartholomew@amsl.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F526C14CF09; Tue, 24 Oct 2023 15:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EGkYlBZXImq3; Tue, 24 Oct 2023 15:34:45 -0700 (PDT)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02ED3C151078; Tue, 24 Oct 2023 15:34:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id D17FE424B435; Tue, 24 Oct 2023 15:34:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OrhC8fMjy2Pp; Tue, 24 Oct 2023 15:34:44 -0700 (PDT)
Received: from smtpclient.apple (unknown [IPv6:2601:646:9882:8ac0:c0fe:b043:47c2:8fa5]) by c8a.amsl.com (Postfix) with ESMTPSA id 678BD424B432; Tue, 24 Oct 2023 15:34:44 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\))
From: Lynne Bartholomew <lbartholomew@amsl.com>
In-Reply-To: <rt-5.0.3-1366268-1698170707-853.1284364-37-0@icann.org>
Date: Tue, 24 Oct 2023 15:34:33 -0700
Cc: Ben Schwartz <bemasc@meta.com>, Warren Kumari <warren@kumari.net>, tls-chairs@ietf.org, tjw.ietf@gmail.com, rwilton@cisco.com, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>, nygren@gmail.com, mbishop@evequefou.be, ietf@bemasc.net, dnsop-chairs@ietf.org, dnsop-ads@ietf.org, auth48archive@rfc-editor.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <05A5094B-9FD5-41B9-B841-52E641851F05@amsl.com>
References: <RT-Ticket-1284364@icann.org> <20230909024843.23314E5EA7@rfcpa.amsl.com> <PH0PR22MB3102689F598B65A0549D2027DAF9A@PH0PR22MB3102.namprd22.prod.outlook.com> <E9C199B0-4A37-4D3E-862B-70C7ED633E9B@amsl.com> <BN8PR15MB32816A6ED8DD517245E00396B3D8A@BN8PR15MB3281.namprd15.prod.outlook.com> <5079D5C3-5849-4602-A623-BFB652852C6E@amsl.com> <BN8PR15MB32813076DCCF2E7E93A52BA7B3D8A@BN8PR15MB3281.namprd15.prod.outlook.com> <9B9236D2-8628-4B6B-83D0-6BC246D2891C@amsl.com> <BN8PR15MB3281E93F2EB081C714740AA1B3DFA@BN8PR15MB3281.namprd15.prod.outlook.com> <6F5990FC-5007-4CEC-990E-147FA69E21FA@amsl.com> <rt-5.0.3-1366268-1698170707-853.1284364-37-0@icann.org>
To: iana-matrix@iana.org
X-Mailer: Apple Mail (2.3731.200.110.1.12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/FXpSbzZBOQTX4KxBbA31Go8W8m8>
Subject: Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Oct 2023 22:34:49 -0000
Hi, Amanda. Thank you for the quick turnaround! RFC Editor/lb > On Oct 24, 2023, at 11:05 AM, Amanda Baber via RT <iana-matrix@iana.org> wrote: > > Hi, > > We've updated the registration to read as follows: > > Number: 5 > Name: ech > Meaning: RESERVED (held for Encrypted ClientHello) > Change Controller: IETF > Reference: [RFC-ietf-dnsop-svcb-https-12] > > Please see > https://www.iana.org/assignments/dns-svcb > > Amanda > > On Tue Oct 24 16:19:04 2023, lbartholomew@amsl.com wrote: >> Hi, Ben, *IANA, and **Rob. >> >> IANA, please update <https://www.iana.org/assignments/dns-svcb/> per >> per Ben's note below. >> >> **Rob and Ben, please confirm that the reference mismatch ("N/A" in >> this document versus "[RFC-ietf-dnsop-svcb-https-12]" (to be changed >> to "[RFC9460]" after publication) on the IANA page) is acceptable. >> >> Thank you! >> >> RFC Editor/lb >> >>> On Oct 24, 2023, at 8:36 AM, Ben Schwartz <bemasc@meta.com> wrote: >>> >>> The requested change in the IANA registry is: >>> >>> OLD >>> RESERVED (will be used for ECH) >>> >>> NEW >>> RESERVED (held for Encrypted ClientHello) >>> >>> --Ben SchwartzFrom: Lynne Bartholomew <lbartholomew@amsl.com> >>> Sent: Monday, October 23, 2023 5:10 PM >>> To: Ben Schwartz <bemasc@meta.com> >>> Cc: Erik Nygren <nygren@gmail.com>; Mike Bishop >>> <mbishop@evequefou.be>; Warren Kumari <warren@kumari.net>; iana- >>> matrix-comment@iana.org <iana-matrix-comment@iana.org>; dnsop- >>> ads@ietf.org <dnsop-ads@ietf.org>; Rob Wilton <rwilton@cisco.com>; >>> Tim Wicinski <tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org <rfc- >>> editor@rfc-editor.org>; ietf@bemasc.net <ietf@bemasc.net>; dnsop- >>> chairs <dnsop-chairs@ietf.org>; auth48archive@rfc-editor.org >>> <auth48archive@rfc-editor.org>; TLS Chairs <tls-chairs@ietf.org> >>> Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be >>> 9460 <draft-ietf-dnsop-svcb-https-12> for your review >>> !------------------------------------------------------------------- >>> | >>> This Message Is From an External Sender >>> >>> |-------------------------------------------------------------------! >>> >>> Hi, Ben. >>> >>> Can you please clarify what that update to the document might be, >>> using "OLD" and "NEW" text? >>> >>> Thank you! >>> >>> RFC Editor/lb >>> >>>> On Oct 23, 2023, at 9:26 AM, Ben Schwartz <bemasc@meta.com> wrote: >>>> >>>> RFC-to-be 9460 does request a change to the "Meaning" field that >>>> has not yet been implemented on iana.org, so I think it's fair to >>>> say that the IANA registry is not "in sync" with that document, and >>>> an update is requested. >>>> >>>> --BenFrom: Lynne Bartholomew <lbartholomew@amsl.com> >>>> Sent: Monday, October 23, 2023 12:22 PM >>>> To: Erik Nygren <nygren@gmail.com>; Mike Bishop >>>> <mbishop@evequefou.be>; Warren Kumari <warren@kumari.net>; Ben >>>> Schwartz <bemasc@meta.com> >>>> Cc: iana-matrix-comment@iana.org <iana-matrix-comment@iana.org>; >>>> dnsop-ads@ietf.org <dnsop-ads@ietf.org>; Rob Wilton >>>> <rwilton@cisco.com>; Tim Wicinski <tjw.ietf@gmail.com>; rfc- >>>> editor@rfc-editor.org <rfc-editor@rfc-editor.org>; >>>> ietf@bemasc.net<ietf@bemasc.net>; dnsop-chairs <dnsop- >>>> chairs@ietf.org>; auth48archive@rfc-editor.org <auth48archive@rfc- >>>> editor.org>; TLS Chairs <tls-chairs@ietf.org> >>>> Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be >>>> 9460 <draft-ietf-dnsop-svcb-https-12> for your review >>>> !------------------------------------------------------------------- >>>> | >>>> This Message Is From an External Sender >>>> >>>> |------------------------------------------------------------------- >>>> ! >>>> >>>> Hello, all. >>>> >>>> It is not clear to us whether or not further changes are required >>>> for this document. >>>> Currently (best viewed with a fixed-point font): >>>> +===========+=================+================+=========+==========+ >>>> |Number | Name | Meaning |Reference|Change >>>> | >>>> | | | | >>>> |Controller| >>>> +===========+=================+================+=========+==========+ >>>> ... >>>> +-----------+-----------------+----------------+--------- >>>> +----------+ >>>> |5 | ech | RESERVED |N/A |IETF >>>> | >>>> | | | (held for | | >>>> | >>>> | | | Encrypted | | >>>> | >>>> | | | ClientHello) | | >>>> | >>>> +-----------+-----------------+----------------+--------- >>>> +----------+ >>>> >>>> The corresponding IANA entry (which would normally match) on >>>> <https://www.iana.org/assignments/dns-svcb/ >: >>>> Number Name Meaning Change >>>> Controller Reference >>>> ... >>>> 5 ech RESERVED (will be used for ECH) IETF >>>> [RFC-ietf-dnsop-svcb-https-12] >>>> >>>> Please let us know if this mismatch is acceptable. >>>> >>>> Thank you. >>>> >>>> RFC Editor/lb >>>> >>>> >>>>> On Oct 23, 2023, at 8:31 AM, Ben Schwartz <bemasc@meta.com> >>>>> wrote: >>>>> >>>>> Given the large-scale rollout of ECH, and the fact that ECHConfig >>>>> is internally versioned, there's simply no scenario in which we >>>>> change this codepoint. "ech" is and will be codepoint 5. >>>>> >>>>> There are some process questions about which document owns that >>>>> row during this awkward interim period, but the current registry >>>>> contents look great [1] and I think our best strategy for now is >>>>> to declare victory and move on. >>>>> >>>>> --Ben >>>>> >>>>> [1] https://www.iana.org/assignments/dns-svcb/dns-svcb.xhtml >>>>> From: Erik Nygren <nygren@gmail.com> >>>> >>>>> Sent: Monday, October 23, 2023 11:19 AM >>>>> To: Mike Bishop <mbishop@evequefou.be> >>>>> Cc: Warren Kumari <warren@kumari.net>; Lynne Bartholomew >>>>> <lbartholomew@amsl.com>; iana-matrix-comment@iana.org <iana- >>>>> matrix-comment@iana.org>; dnsop-ads@ietf.org<dnsop-ads@ietf.org>; >>>>> Rob Wilton <rwilton@cisco.com>; Tim Wicinski >>>>> <tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org <rfc-editor@rfc- >>>>> editor.org>; ietf@bemasc.net<ietf@bemasc.net>; dnsop-chairs >>>>> <dnsop-chairs@ietf.org>; Ben Schwartz <bemasc@meta.com>; >>>>> auth48archive@rfc-editor.org <auth48archive@rfc-editor.org>; TLS >>>>> Chairs <tls-chairs@ietf.org> >>>>> Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to- >>>>> be 9460 <draft-ietf-dnsop-svcb-https-12> for your review >>>>> This Message Is From an External Sender >>>>> >>>>> + TLS Chairs >>>>> >>>>> There are also implementations using this codepoint so if major >>>>> changes are needed that don't fit into the versioning supported >>>>> in ECHConfig then we might already need to switch to a new >>>>> codepoint. As Mike mentioned, the TLS WG was also discussing >>>>> requesting a SvcParam codepoint for this so we might be at the >>>>> right point for that. >>>>> >>>>> On Mon, Oct 23, 2023, 5:05 PM Mike Bishop <mbishop@evequefou.be> >>>>> wrote: >>>>> This entry was originally used by this document; when that was >>>>> extracted out, this document “Reserved” it for the future use of >>>>> ECH to ensure the codepoint doesn’t get allocated elsewhere. I >>>>> don’t see why we really care where the reservation points, so >>>>> long as it’s reserved. It would be formally allocated when some >>>>> ECH document is published to make use of it. >>>>> >>>>> Frankly, I think we’d also be fine to drop the reservation – >>>>> there’s already an adopted document that requests the assignment >>>>> of this codepoint, so as a practical matter I don’t think it will >>>>> get stomped on. >>>> >>>>> From: Warren Kumari <warren@kumari.net> >>>>> Sent: Saturday, October 21, 2023 3:49 PM >>>>> To: Lynne Bartholomew <lbartholomew@amsl.com> >>>>> Cc: iana-matrix-comment@iana.org; Erik Nygren <nygren@gmail.com>; >>>>> dnsop-ads@ietf.org; Rob Wilton <rwilton@cisco.com>; Tim Wicinski >>>>> <tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org; Mike Bishop >>>>> <mbishop@evequefou.be>; ietf@bemasc.net; dnsop-chairs <dnsop- >>>>> chairs@ietf.org>; Ben Schwartz <bemasc@meta.com>; >>>>> auth48archive@rfc-editor.org >>>>> Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to- >>>>> be 9460 <draft-ietf-dnsop-svcb-https-12> for your review >>>>> >>>>> On Fri, Oct 20, 2023 at 11:59 PM, Lynne Bartholomew >>>>> <lbartholomew@amsl.com> wrote: >>>>> Hi, Amanda, Erik, and *AD (Warren or Rob). Amanda, thank you for >>>>> making the updates! All looks good (but we're asking the AD about >>>>> the updated "ech" entry). >>>>> Erik, thank you for your suggestion. * Warren or Rob, please see >>>>> Erik's suggestion re. a reference for the "ech" entry, and let us >>>>> know if that suggested update in this document and on >>>>> <https://www.iana.org/assignments/dns-svcb > would be acceptable. >>>>> Please see <https://www.rfc- >>>>> editor.org/authors/rfc9460.html#table-1 > and IANA's note below. >>>>> >>>>> Erm, I think I got lost somewhere in the (many) levels of >>>>> quoting… >>>>> Doesn't that mean that the reference would be to a (currently in >>>>> progress) draft? Is this OK? What if the draft significantly >>>>> changes? >>>>> W >>>>> >>>>> Thanks again! RFC Editor/lb On Oct 19, 2023, at 5:09 PM, Erik >>>>> Nygren <nygren@gmail.com> wrote: >>>>> Another option for the reference for "ech" would be to "draft- >>>>> ietf-tls-svcb-ech-00" which is where that portion of the format >>>>> specification has moved to and where the TLS WG is working on it. >>>>> Thanks, Erik On Thu, Oct 19, 2023 at 8:01 PM Amanda Baber via RT >>>>> <iana-matrix-comment@iana.org> wrote: Hi, >>>>> We've completed these changes, but need to make a note about the >>>>> second one: >>>>> On Wed Oct 18 19:43:35 2023, lbartholomew@amsl.com wrote: Dear >>>>> IANA, We are preparing this document for publication. Please make >>>>> the following updates to the "Resource Record (RR) TYPEs" >>>>> registry on >>>>> <https://www.iana.org/assignments/dns-parameters/ >: >>>>> OLD: >>>>> General Purpose Service Binding >>>>> Service Binding type for use with HTTP NEW: >>>>> General-purpose service binding >>>>> SVCB-compatible type for use with HTTP This is complete: >>>>> https://www.iana.org/assignments/dns-parameters >>>>> = = = = = Please make the following update to the "Service >>>>> Parameter Keys >>>>> (SvcParamKeys)" registry on >>>>> <https://www.iana.org/assignments/dns-svcb/ >: >>>>> OLD (column name): >>>>> Format Reference NEW: >>>>> Reference The Service Parameter Keys (SvcParamKeys) registry >>>>> originally had the "Format Reference" field populated by the >>>>> document and a "Reference" field added by IANA. Aside from the >>>>> entry for "ech", which was filled in with "N/A", the former >>>>> contained either a more detailed version of IANA's reference or >>>>> the same reference. >>>>> We've removed IANA's "Reference" field and changed the name of >>>>> the "Format Reference" field to "Reference," but we've also >>>>> replaced "N/A" with "[RFC-ietf-dnsop-svcb-https-12]" for "ech", >>>>> so as to avoid leaving that entry unreferenced: >>>>> https://www.iana.org/assignments/dns-svcb >>>>> thanks, >>>>> Amanda Thank you! RFC Editor/lb On Oct 18, 2023, at 12:31 PM, >>>>> Lynne Bartholomew >>>>> <lbartholomew@amsl.com> wrote: >>>>> Hi, Ben. Great; thanks! RFC Editor/lb On Oct 18, 2023, at 12:26 >>>>> PM, Ben Schwartz <bemasc@meta.com> wrote: >>>>> Correct. On Oct 18, 2023, at 11:26 AM, Lynne Bartholomew >>>>> <lbartholomew@amsl.com> wrote: >>>>> Hi, Ben. Just to confirm -- 'replace the "Reference" column that >>>>> IANA added' means 'change IANA's "Format Reference" column >>>>> heading to >>>>> "Reference"; correct? Thank you! RFC Editor/lb On Oct 18, 2023, >>>>> at 11:17 AM, Ben Schwartz <bemasc@meta.com> wrote: >>>>> That's correct. This will replace the "Reference" column that >>>>> IANA added for compliance with their usual processes. >>>>> --Ben SchwartzFrom: Lynne Bartholomew <lbartholomew@amsl.com> >>>>> Sent: Wednesday, October 18, 2023 1:34 PM >>>>> To: Mike Bishop <mbishop@evequefou.be> >>>>> Cc: Erik Nygren <nygren@gmail.com>; Ben Schwartz >>>>> <bemasc@meta.com>; ietf@bemasc.net <ietf@bemasc.net>; rfc- >>>>> editor@rfc-editor.org <rfc-editor@rfc-editor.org>; dnsop- >>>>> ads@ietf.org<dnsop-ads@ietf.org>; dnsop-chairs@ietf.org <dnsop- >>>>> chairs@ietf.org>;tjw.ietf@gmail.com <tjw.ietf@gmail.com>; >>>>> auth48archive@rfc-editor.org<auth48archive@rfc-editor.org> >>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https- >>>>> 12> for your review >>>>> !------------------------------------------------------------------- >>>>> | >>>>> This Message Is From an External Sender >>>>> |------------------------------------------------------------------- >>>>> ! Hi, Mike. So noted: https://www.rfc-editor.org/auth48/rfc9460 >>>>> Before we ask IANA to make updates per changes made to this >>>>> document, we first want to confirm that, per AUTH48 XML updates >>>>> that you sent us on26 September, we also need to ask for the >>>>> following change on <https://www.iana.org/assignments/dns-svcb/ >>>>>> : OLD (column name): >>>>> Format Reference NEW: >>>>> Reference Please let us know about the above. We will wait to >>>>> hear from you before proceeding. >>>>> Thank you! RFC Editor/lb On Oct 17, 2023, at 12:52 PM, Mike >>>>> Bishop <mbishop@evequefou.be> wrote: >>>>> Approved -- thanks to everyone for their work on this. >>>>> -----Original Message----- >>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Monday, >>>>> October 16, 2023 11:30 AM >>>>> To: Erik Nygren <nygren@gmail.com> >>>>> Cc: Ben Schwartz <bemasc@meta.com>; Mike Bishop >>>>> <mbishop@evequefou.be>; ietf@bemasc.net; rfc-editor@rfc- >>>>> editor.org; dnsop-ads@ietf.org; dnsop-chairs@ietf.org; >>>>> tjw.ietf@gmail.com; auth48archive@rfc-editor.org >>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https- >>>>> 12> for your review >>>>> Hi, Erik. Thank you for confirming your approval! RFC Editor/lb >>>>> On Oct 15, 2023, at 6:45 AM, Erik Nygren <nygren@gmail.com> >>>>> wrote: >>>>> I just looked at the latest and it looks good to me. Thanks! Erik >>>>> On Fri, Oct 13, 2023 at 5:53 PM Lynne Bartholomew >>>>> <lbartholomew@amsl.com> wrote: >>>>> Hi, Erik, Ben, and Mike. Ben and Mike, we have made further >>>>> updates to this document per your notes below. >>>>> The latest files are posted here (please refresh your browser): >>>>> https://www.rfc-editor.org/authors/rfc9460.txt >>>>> https://www.rfc-editor.org/authors/rfc9460.pdf >>>>> https://www.rfc-editor.org/authors/rfc9460.html >>>>> https://www.rfc-editor.org/authors/rfc9460.xml >>>>> https://www.rfc-editor.org/authors/rfc9460- >>>>> diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> auth48diff.html https://www.rfc-editor.org/authors/rfc9460- >>>>> lastdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> lastrfcdiff.html >>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html >>>>> https://www.rfc-editor.org/authors/rfc9460- >>>>> xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- >>>>> diff.html >>>>> Erik and Ben, we have noted your approvals on the AUTH48 status >>>>> page. Please note, however, that if you object to any subsequent >>>>> updates to this document you will let us know: >>>>> https://www.rfc-editor.org/auth48/rfc9460 >>>>> Thank you! RFC Editor/lb On Oct 12, 2023, at 2:05 PM, Mike Bishop >>>>> <mbishop@evequefou.be> wrote: >>>>> I’ve finished my final read-through. These are minor issues, and >>>>> everything else looks fine. >>>>> I caught a few uses of the first-person through the document. I >>>>> suggest: >>>>> • Section 1.3: “Our terminology…” => “Terminology in this >>>>> document…” >>>>> • Section 2.3: “We term this behavior "Port Prefix Naming" and >>>>> use it in the examples throughout this document.” => “This >>>>> document terms this behavior "Port Prefix Naming" and uses it in >>>>> the examples throughout.” >>>>> • Appendix A: “Here, we summarize…” => “The following >>>>> summarizes…” >>>>> • Appendix C: “…by providing an extensible solution that solves >>>>> multiple problems we will overcome this inertia…” => “…an >>>>> extensible solution that solves multiple problems will overcome >>>>> this inertia…” >>>>> There is a nested parenthetical in 2.3. I suggest the following: >>>>> Current: >>>>> (Parentheses are used to ignore a line break in DNS zone-file >>>>> presentation format ([RFC1035], Section 5.1).) >>>>> Proposed: >>>>> (Parentheses are used to ignore a line break in DNS zone-file >>>>> presentation format, per Section 5.1 of [RFC1035].) >>>>> On Oct 11, 2023, at 10:51 AM, Ben Schwartz <bemasc@meta.com> >>>>> wrote: >>>>> The caption of Figure 10 is 'An alpn Value with ...'. I believe >>>>> "alpn" should be quoted for consistency, resulting in >>>>> 'An "alpn" Value with ...". Apart from that suggestion, I approve >>>>> this version for publication. >>>>> --Ben Schwartz On Oct 11, 2023, at 10:34 AM, Erik Nygren >>>>> <nygren@gmail.com> wrote: >>>>> Approved from my perspective! (Assuming no objections from Mike >>>>> or Ben.) >>>>> Best, Erik On Wed, Oct 11, 2023 at 12:11 PM Lynne Bartholomew >>>>> <lbartholomew@amsl.com> wrote: >>>>> Hi, Erik. We have updated this document per your note below. The >>>>> latest files are posted here (please refresh your browser): >>>>> https://www.rfc-editor.org/authors/rfc9460.txt >>>>> https://www.rfc-editor.org/authors/rfc9460.pdf >>>>> https://www.rfc-editor.org/authors/rfc9460.html >>>>> https://www.rfc-editor.org/authors/rfc9460.xml >>>>> https://www.rfc-editor.org/authors/rfc9460-diff.html >>>>> https://www.rfc-editor.org/authors/rfc9460- >>>>> rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> auth48diff.html https://www.rfc-editor.org/authors/rfc9460- >>>>> lastdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> lastrfcdiff.html >>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html >>>>> https://www.rfc-editor.org/authors/rfc9460- >>>>> xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- >>>>> diff.html >>>>> We will wait to hear from your coauthors regarding any subsequent >>>>> changes before noting anyone's approval. >>>>> Thank you! RFC Editor/lb On Oct 10, 2023, at 2:13 PM, Erik Nygren >>>>> <nygren@gmail.com> wrote: >>>>> I took a final reading pass through and the only thing that >>>>> jumped out would be to change this: >>>>> - "," and "\" characters instead of implementing the >>>>> <tt>value-list</tt> escaping >>>>> + "," and "\" characters in ALPN IDs instead of implementing the >>>>> <tt>value-list</tt> escaping >>>>> The current text is ambiguous as to whether those characters are >>>>> prohibited in ALPN IDs or prohibited in value-list. It is clear >>>>> that the intent is for them to only be prohibited in ALPN IDs so >>>>> that value-list can contain commas, but inserting the "in ALPN >>>>> IDs" would reduce risk of misreading. >>>>> Everything else looks good. I believe Mike and Ben are making >>>>> similar read-throughs. Thanks, Erik On Fri, Oct 6, 2023 at >>>>> 4:30 PM Mike Bishop >>>>> <mbishop@evequefou.be> wrote: >>>>> Ben proposed this text on GitHub: In this document, this >>>>> algorithm is referred to as "character- string decoding", because >>>>> <xref target="RFC1035" sectionFormat="of" section="5.1"/> uses >>>>> this >>>>> algorithm to produce a <tt><character-string></tt>. (And a >>>>> corresponding "the allowed input" => "some allowed inputs".) >>>>> The attached XML incorporates this proposal, if that works for >>>>> everyone. >>>>> -----Original Message----- >>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Thursday, >>>>> October 5, 2023 12:32 PM >>>>> To: Erik Nygren <erik+ietf@nygren.org>; Ben Schwartz >>>>> <bemasc@meta.com> >>>>> Cc: Mike Bishop <mbishop@evequefou.be>;ietf@bemasc.net; rfc- >>>>> editor@rfc-editor.org; dnsop-ads@ietf.org; dnsop- >>>>> chairs@ietf.org; tjw.ietf@gmail.com; auth48archive@rfc- >>>>> editor.org >>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- >>>>> https-12> for your review >>>>> Hi, Erik and Ben. Erik, thank you for the suggestion. Ben, is >>>>> Erik's suggestion acceptable, and may we update accordingly? >>>>> Thank you! RFC Editor/lb On Oct 5, 2023, at 6:12 AM, Erik Nygren >>>>> <erik+ietf@nygren.org> wrote: >>>>> What about "described in" (instead of just "in" or "per") ? So: >>>>> -it is used to produce a <tt><character-string></tt> in >>>>> +it is used to produce the <tt><character-string></tt> >>>>> described in ? On Wed, Oct 4, 2023 at 11:58 AM Ben Schwartz >>>>> <bemasc@meta.com> wrote: >>>>> Re: "We made the additional update (changed "in" to "per") per >>>>> your note for 1) below." >>>>> I think we need to give that section another look. I believe that >>>>> "per" may not be correct here. >>>>> --Ben Schwartz From: Lynne Bartholomew <lbartholomew@amsl.com> >>>>> Sent: Tuesday, October 3, 2023 12:29 PM >>>>> To: Mike Bishop <mbishop@evequefou.be> >>>>> Cc: ietf@bemasc.net<ietf@bemasc.net>;erik+ietf@nygren.org >>>>> <erik+ietf@nygren.org>; rfc-editor@rfc-editor.org <rfc- >>>>> editor@rfc-editor.org>; dnsop-ads@ietf.org <dnsop-ads@ietf.org>; >>>>> dnsop-chairs@ietf.org <dnsop- >>>>> chairs@ietf.org>;tjw.ietf@gmail.com<tjw.ietf@gmail.com>; >>>>> auth48archive@rfc-editor.org <auth48archive@rfc-editor.org> >>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- >>>>> https-12> for your review >>>>> !------------------------------------------------------------------- >>>>> | >>>>> This Message Is From an External Sender >>>>> |------------------------------------------------------------------- >>>>> ! Hi, Mike. Thank you for the latest updated XML file! We made >>>>> the additional update (changed "in" to "per") per your note for >>>>> 1) below. >>>>> FYI that the new line breaks in the list in Section 1.2 >>>>> constitute a bug (https://github.com/ietf- >>>>> tools/xml2rfc/issues/1045). We hope that this issue will be >>>>> resolved soon. The latest files are posted here (please refresh >>>>> your browser): >>>>> https://www.rfc-editor.org/authors/rfc9460.txt >>>>> https://www.rfc-editor.org/authors/rfc9460.pdf >>>>> https://www.rfc-editor.org/authors/rfc9460.html >>>>> https://www.rfc-editor.org/authors/rfc9460.xml >>>>> https://www.rfc-editor.org/authors/rfc9460-diff.html >>>>> https://www.rfc-editor.org/authors/rfc9460-rfcdiff.html >>>>> https://www.rfc-editor.org/authors/rfc9460- >>>>> auth48diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> lastdiff.html https://www.rfc-editor.org/authors/rfc9460- >>>>> lastrfcdiff.html >>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html >>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff2.html >>>>> https://www.rfc-editor.org/authors/rfc9460-alt-diff.html >>>>> Thanks again! RFC Editor/lb On Sep 29, 2023, at 11:52 AM, Mike >>>>> Bishop >>>>> <mbishop@evequefou.be> wrote: >>>>> 1) This is fine. 2) All reasonable, but we'd prefer to avoid >>>>> nested parentheses. In the attached, we've changed this to >>>>> "supported protocols" in 3.2 and moved the expansion back to >>>>> 7.1. We also noted in reviewing the change to the title of Figure >>>>> 1 that this URL was not quoted, so we've added those. >>>>> -----Original Message----- >>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Thursday, >>>>> September 28, 2023 11:48 AM >>>>> To: Mike Bishop <mbishop@evequefou.be> >>>>> Cc: ietf@bemasc.net;erik+ietf@nygren.org; rfc-editor@rfc- >>>>> editor.org; dnsop-ads@ietf.org; dnsop-chairs@ietf.org; >>>>> tjw.ietf@gmail.com; auth48archive@rfc-editor.org >>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- >>>>> https-12> for your review >>>>> Hi, Mike. Thank you very much for the updated XML file! Thanks >>>>> also for the detailed list of updates after your >>>>> "late-arriving review from the DNS Directorate" note; your note >>>>> informed us that we would not need to ask for AD approval for any >>>>> of those updates; very helpful and much appreciated! >>>>> A couple follow-up items for you: 1) "used to produce a >>>>> <character-string> in Section 5.1 of >>>>> [RFC1035]" reads a bit oddly. May we change it to "used to >>>>> produce a <character-string> per Section 5.1 of [RFC1035]"? >>>>> 2) Please note that per our style guidelines we made the >>>>> following updates to your copy: >>>>> * Moved the expansion of "ALPN" from Section 7.1 to Section >>>>> 3.2. >>>>> * Changed "Section 2.4.2 and Section 3" to "Sections 2.4.2 and 3" >>>>> in Section 9.1. >>>>> * Changed "At" to "at" in the title of Figure 1. The latest files >>>>> are posted here: https://www.rfc-editor.org/authors/rfc9460.txt >>>>> https://www.rfc-editor.org/authors/rfc9460.pdf >>>>> https://www.rfc-editor.org/authors/rfc9460.html >>>>> https://www.rfc-editor.org/authors/rfc9460.xml >>>>> https://www.rfc-editor.org/authors/rfc9460- >>>>> diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> auth48diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> lastdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> lastrfcdiff.html >>>>> https://www.rfc-editor.org/authors/rfc9460- >>>>> xmldiff1.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- >>>>> diff.html >>>>> Again, many thanks for your help with this document! RFC >>>>> Editor/lb On Sep 26, 2023, at 11:40 AM, Mike Bishop >>>>> <mbishop@evequefou.be> wrote: >>>>> Hi, Lynne - >>>>> Please see attached an updated XML from our side, with the >>>>> following changes in response to your questions. >>>>> • We expanded "RR" in the document title. Please let us know any >>>>> objections. >>>>> We have adjusted the title to expand the initialism while >>>>> avoiding nested parentheses. >>>>> Original: >>>>> Service Binding and Parameter Specification via the DNS >>>>> (DNS SVCB and >>>>> HTTPS Resource Records (RRs)) >>>>> Current: >>>>> Service Binding and Parameter Specification via the DNS >>>>> (SVCB and >>>>> HTTPS Resource Records) 2. Please insert any keywords… >>>>> We have added various relevant keywords. 3. Datatracker "idnits" >>>>> output for the original approved document included the following >>>>> warning … There are 2 instances of lines with non-RFC2606- >>>>> compliant FQDNs >>>>> These instances are false positives. 4. Section 1.1: We changed >>>>> this section title, as it did not match the contents of the >>>>> section. If this update is incorrect, perhaps some text is >>>>> missing? If so, please clarify "goal" vs. "goals". We have >>>>> accepted the new section title, and also corrected an obsolete >>>>> reference to statements that were previously >>>>> “mentioned above” but now appear later in the document. Original: >>>>> (As mentioned above, this all >>>>> applies equally to the HTTPS RR, which shares the same encoding, >>>>> format, and high-level semantics.) >>>>> Current: >>>>> (As discussed in <xref target="svcb-compatible"/>, this all >>>>> applies >>>>> equally to the HTTPS RR, which shares the same encoding, format, >>>>> and >>>>> high-level semantics.) 5. Please review the "type" attribute of >>>>> each sourcecode element… >>>>> We have added types and converted “artwork” tags to >>>>> “sourcecode” as appropriate. 6. Section 2.4.2: As it appears that >>>>> "multiple" means "multiple RRs" (as opposed to "multiple >>>>> RRSets"), we updated this sentence accordingly. If this is >>>>> incorrect, please provide clarifying text. >>>>> We have adjusted this to “multiple AliasMode RRs”. 7. Section >>>>> 4.2: Is resolution of unknown RR types the only type of normal >>>>> response construction, or should "i.e." ("that is") be "e.g." >>>>> ("for example") here? Yes. For clarity, we’ve removed this use of >>>>> “i.e.” entirely. >>>>> 8. Section 4.3: Does "even if the contents are invalid" refer to >>>>> the "MUST" clause, the "MAY" clause, or both? >>>>> It refers to the “MAY” clause. To improve clarity, we’ve >>>>> restructured this sentence and the following one. >>>>> Original: >>>>> Recursive resolvers <bcp14>MUST</bcp14> be able to convey SVCB >>>>> records >>>>> with unrecognized SvcParamKeys, and <bcp14>MAY</bcp14> treat the >>>>> entire SvcParams portion of the record as opaque, even if the >>>>> contents >>>>> are invalid. Alternatively, recursive resolvers >>>>> <bcp14>MAY</bcp14> >>>>> report an error such as SERVFAIL to avoid returning a >>>>> SvcParamValue that is invalid according to the SvcParam's >>>>> specification. >>>>> Current: >>>>> Recursive resolvers <bcp14>MUST</bcp14> be able to convey SVCB >>>>> records >>>>> with unrecognized SvcParamKeys. Resolvers >>>>> <bcp14>MAY</bcp14> >>>>> accomplish this by treating the entire SvcParams portion of the >>>>> record >>>>> as opaque, even if the contents are invalid. If a recognized >>>>> SvcParamKey is followed by a value that is invalid according to >>>>> the >>>>> SvcParam's specification, a recursive resolver >>>>> <bcp14>MAY</bcp14> >>>>> report an error such as SERVFAIL instead of returning the record. >>>>> 9. Section 7.2: Should "this SvcParam" be >>>>> "this SvcParamValue" here? >>>>> Yes. (Corrected.) 10. Section 9.1: Please clarify the meaning of >>>>> "Following of". >>>>> We’ve clarified by reformulating this sentence and including >>>>> references to the relevant sections where the behavior is >>>>> defined. >>>>> Original: >>>>> Following of HTTPS AliasMode RRs and CNAME aliases is unchanged >>>>> from SVCB. >>>>> Current: >>>>> The procedure for following HTTPS AliasMode RRs >>>>> and CNAME aliases is unchanged from SVCB (as described in >>>>> <xref target="alias-mode"/> and <xref target="client- >>>>> behavior"/>). 11. Should the instances of "9443" be "8443" here? >>>>> No, this distinction is intentional. 12. Section 9.4 and Table 1: >>>>> Does "ECH" refer to citations for draft-ietf-tls-esni and not to >>>>> "Encrypted ClientHello" in general, or does it refer to some >>>>> (unknown) future specification related to ECH (in which case the >>>>> text should be clarified)? >>>>> For clarity, we’ve replaced “ECH” here with that reference, and >>>>> expanded the acronym where it appears in the IANA instructions. >>>>> The assignment is currently captured in draft-sbn-tls-svcb-ech- >>>>> 00, which was extracted from this document. The TLS WG has >>>>> adopted that document, and will need to decide whether to fold it >>>>> into draft-ietf-tls-esni or advance it separately. >>>>> 13. Section 9.6: Should 'HTTP URL' be '"http" URL'? … Also, we >>>>> could not find any instances of >>>>> "requestURL" in [WebSocket], any other published RFC, or >>>>> [FETCH]. >>>>> We’ve replaced ‘HTTP URL” with the formal term defined in RFC >>>>> 9110: “HTTP-related URI scheme”. >>>>> Since we wrote this text, WHATWG has moved the definition of >>>>> “requestURL” to a new document. We’ve fixed the problem by adding >>>>> that reference here. >>>>> Original: >>>>> All HTTP connections to named origins are eligible to use HTTPS >>>>> RRs, >>>>> even when HTTP is used as part of another protocol or without an >>>>> explicit HTTP URL. For example, clients that support HTTPS RRs >>>>> and >>>>> implement the altered WebSocket <xref target="RFC6455"/> opening >>>>> handshake from the W3C Fetch specification <xref target="FETCH"/> >>>>> <bcp14>SHOULD</bcp14> use HTTPS RRs for the >>>>> <tt>requestURL</tt>. >>>>> Current: >>>>> All HTTP connections to named origins are eligible to use HTTPS >>>>> RRs, >>>>> even when HTTP is used as part of another protocol or without an >>>>> explicit HTTP-related URI scheme (<relref target="RFC9110" >>>>> section="4.2"/>). For example, clients that support HTTPS RRs and >>>>> implement <xref target="RFC6455"/> using the altered opening >>>>> handshake >>>>> from <xref target="FETCH-WEBSOCKETS"/> >>>>> <bcp14>SHOULD</bcp14> use HTTPS RRs for the >>>>> <tt>requestURL</tt>. 14. Section 10.3: We had trouble following >>>>> "various interpretations of RFCs" in the first sentence… We’ve >>>>> replaced this vague statement by a reference to the BIND >>>>> documentation for the behavior in question. >>>>> Original: >>>>> Note that some implementations may not allow A or AAAA records on >>>>> names starting with an underscore due to various >>>>> interpretations of RFCs. >>>>> This could be an operational issue when the TargetName contains >>>>> an >>>>> Attrleaf label, as well as using a TargetName of "." when the >>>>> owner name contains an Attrleaf label. >>>>> Current: >>>>> Some authoritative DNS servers may not allow A or AAAA records on >>>>> names starting with an underscore (e.g., <xref >>>>> target="BIND-CHECK-NAMES"/>). >>>>> This could create an operational issue when the TargetName >>>>> contains an >>>>> Attrleaf label, or when using a TargetName of "." if the owner >>>>> name contains an Attrleaf label. >>>>> 15. Section 11: We do not see the word >>>>> "stapling" or "staple" in RFC 6066. Please confirm that this >>>>> citation will be clear to readers. >>>>> We’ve adjusted this sentence to expand “OCSP” and mention >>>>> “Certificate Status Request”, which is the formal name from RFC >>>>> 6066. >>>>> (We’ve preserved the term “stapling” because it is much more >>>>> widely >>>>> understood and commonly used than the formal name.) Original: >>>>> Server operators implementing this standard >>>>> <bcp14>SHOULD</bcp14> also >>>>> implement TLS 1.3 <xref target="RFC8446"/> and Online Certificate >>>>> Status Protocol (OCSP) Stapling <xref target="RFC6066"/>, both of >>>>> which confer substantial performance and >>>>> privacy benefits when used in combination with SVCB records. >>>>> Current: >>>>> Server operators implementing this standard >>>>> <bcp14>SHOULD</bcp14> also >>>>> implement TLS 1.3 <xref target="RFC8446"/> and Online Certificate >>>>> Status Protocol (OCSP) Stapling (i.e., Certificate Status Request >>>>> in >>>>> <xref target="RFC6066" section="8" sectionFormat="of"/>), both of >>>>> which confer substantial performance and privacy benefits when >>>>> used in >>>>> combination with SVCB records.</t> 16. Section 12: "unintended >>>>> access" reads oddly here. If the suggested text is not correct, >>>>> should the word "unintended" be removed? >>>>> We’ve rephrased this in a way that avoids the word >>>>> “unintended” and improves specificity. >>>>> Original: >>>>> If the attacker can influence the >>>>> client's payload (e.g., TLS session ticket contents) and an >>>>> internal >>>>> service has a sufficiently lax parser, it's possible that the >>>>> attacker >>>>> could gain unintended access. >>>>> Current: >>>>> If the attacker can influence the >>>>> client's payload (e.g., TLS session ticket contents) and an >>>>> internal >>>>> service has a sufficiently lax parser, the attacker could gain >>>>> access >>>>> to the internal service. 17. FYI, we have changed two instances >>>>> of >>>>> "Service Binding" to "service binding" because it written in >>>>> lowercase where used generally in this document. We will ask >>>>> IANA… >>>>> We’ve changed the description in the IANA instructions to use the >>>>> more precise term “SVCB-compatible” instead. (The original IANA >>>>> instructions may predate this term.) 18. The following ACTION >>>>> text indicates that the >>>>> "Service Parameter Keys (SvcParamKeys)" registry should appear on >>>>> the "Domain Name System (DNS) Parameters" page. However, the >>>>> registry appears on a page under the heading >>>>> "DNS Service Bindings (SVCB)" >>>>> This disparity may have occurred because IANA reorganized their >>>>> website after the original instructions were written. The current >>>>> location of the registry correctly reflects the authors’ intent, >>>>> and we have updated the draft to describe the new location. >>>>> 19. Because the IANA registry does not include a >>>>> "Meaning" column, we have updated the text as shown below. Please >>>>> let us know if any updates are required. >>>>> This change is correct. 20. Appendix A: Because Section 3.3 of >>>>> RFC 1035 says "<character-string> is treated as binary >>>>> information, and can be up to 256 characters in length >>>>> (including the length octet)", we updated this sentence to >>>>> clarify the meaning of "same as". If this is incorrect, please >>>>> provide text that clarifies the meaning of "same as". >>>>> This change is not correct. We have adjusted the text to provide >>>>> a clearer distinction between “<character-string>” >>>>> (which is binary) and the textual representation used to generate >>>>> it. >>>>> Original: >>>>> DNS zone files are capable of representing arbitrary octet >>>>> sequences >>>>> in basic ASCII text, using various delimiters and >>>>> encodings. The >>>>> algorithm for decoding these character strings is defined in >>>>> <xref section="5.1" sectionFormat="of" target="RFC1035"/>. >>>>> Current: >>>>> DNS zone files are capable of representing arbitrary octet >>>>> sequences >>>>> in basic ASCII text, using various delimiters and >>>>> encodings, according >>>>> to an algorithm defined in <xref section="5.1" sectionFormat="of" >>>>> target="RFC1035"/>. Original: >>>>> In this document, this algorithm is referred to as >>>>> "character-string decoding". >>>>> The algorithm is the same as the guideline for >>>>> <tt><character-string></tt> provided in <xref >>>>> target="RFC1035" sectionFormat="of" section="3.3"/>, except that >>>>> in this document the output length is not limited to 255 octets. >>>>> Current: >>>>> In this document, this algorithm is referred to as >>>>> "character-string >>>>> decoding", because it is used to produce a >>>>> <tt><character-string></tt> in <xref target="RFC1035" >>>>> sectionFormat="of" section="5.1"/>. Note that while the length of >>>>> a >>>>> <tt><character-string></tt> is limited to 255 octets, the >>>>> character-string decoding algorithm can produce output of any >>>>> length.</t> 21. Appendix C.4: We changed "the authoritative" at >>>>> the end of this sentence to "the authoritative DNS server". >>>>> This change is correct. 22. Appendix D.2: Do "target (root >>>>> label)" and >>>>> "target, root label" mean the same thing? If yes, should they >>>>> both be expressed in the same way (i.e., either parentheses or >>>>> comma)? Also, should "length: 2 bytes" be >>>>> "length 2", per the format of all other "# length" and "; length" >>>>> entries? >>>>> Yes, these carry the same meaning. We have incorporated these >>>>> changes to improve consistency. >>>>> 23. The example.comline in Figure 8 extends beyond the 72- >>>>> character limit. >>>>> 24. Figure 8: The "example.com." line is too long… >>>>> We have adjusted this figure as suggested to fit within the 72- >>>>> character limit. 25. Figures 14 and 15: Should "mandatory" be >>>>> written in the same way in both titles (i.e., either lowercase >>>>> and quoted or initial-capitalized and unquoted)? No. In one case, >>>>> it refers to an item that must be present; in the other it refers >>>>> to the literal 9-character sequence “mandatory”. 26. >>>>> "Acknowledgments and Related Proposals" reads oddly, in that the >>>>> two ideas seem unrelated. "... proposed solutions ...challenge >>>>> proposed" reads oddly as well. May we make a new Section 15 >>>>> ("Related Proposals") … >>>>> ? >>>>> We’ve reformulated this paragraph to make clear that the related >>>>> proposals are mentioned by way of acknowledgement and gratitude. >>>>> 27. Please review the "Inclusive Language" portion of the online >>>>> Style Guide … >>>>> We have reviewed this guidance but did not find any changes that >>>>> could be made on this basis. >>>>> 28. Please let us know if any changes are needed for the >>>>> following [capitalization consistency issues] We have attempted >>>>> to correct these issues to improve consistency. In the case of >>>>> ALPN, we have clarified some uses as “ALPN protocol” or “ALPN >>>>> ID”. >>>>> ------------ >>>>> Additionally, we made several edits in response to a late- >>>>> arriving review from the DNS Directorate, as Warren indicated. >>>>> These are highlighted below, in no particular order. >>>>> # Positive and negative DNSSEC (Section 4.1) >>>>> Original: >>>>> If the zone is signed, the server SHOULD also include positive or >>>>> negative DNSSEC responses for these records in the Additional >>>>> section. >>>>> Current: >>>>> If the zone is signed, the server SHOULD also include DNSSEC >>>>> records >>>>> authenticating the existence or nonexistence of these records in >>>>> the >>>>> Additional section. >>>>> # Use of “origin” for concepts other than HTTP origins >>>>> - In 1.1, “an origin within the DNS” => “a service identified by >>>>> a domain name” >>>>> - In 3.1, “origin’s SVCB record” => “service’s SVCB record” >>>>> - In 7.3, “origin hostname” => “service name” >>>>> - In 9.3, “origin endpoint” => “authority endpoint” >>>>> - In 12, “origin” => “authoritative server” >>>>> # Use of “delegation” outside the sense of DNS zone delegation >>>>> - In 1, “delegating the origin” => “aliasing the origin” >>>>> - In 1.1, “delegation of operational authority for an origin >>>>> within >>>>> the DNS to an alternate name.” => “extending operational >>>>> authority for >>>>> a service identified by a domain name to other instances with >>>>> alternate names.” (overlap with previous set) >>>>> - In 1.1, “apex delegation” => “apex aliasing” >>>>> - In 3.2, “It allows the service to delegate the apex domain.” => >>>>> “It allows a service on an apex domain to use aliasing.” >>>>> - In Figure 1 (caption), “Is Delegated to” => “Is Available At” >>>>> # Inconsistency of terms for list and sorting in Section 3 >>>>> - “enumerating the priority-ordered endpoints” => >>>>> “enumerating and ordering the available endpoints” >>>>> - Addition of “Sort the records by ascending SvcPriority.” to >>>>> step 4. >>>>> - “known endpoints” => “available endpoints” >>>>> - “priority list” => “list of endpoints” >>>>> - “the resolved list” => “this list” >>>>> # Vague performance statements >>>>> In 2.4.2, removed “which would likely improve performance” >>>>> # No such thing as empty RRset >>>>> Original: >>>>> If the SVCB RRset contains no compatible RRs, the client will >>>>> generally act as if the RRset is empty. >>>>> Current: >>>>> Incompatible RRs are ignored (see step 5 of the procedure defined >>>>> in <xref target="client-behavior"/>). >>>>> ------------ >>>>> Finally, with regard to the changes from our previous e- mail: >>>>> The attached file incorporates your proposed changes. We have >>>>> made one adjustment, where <tt> was already being used around a >>>>> hostname which is now quoted. The >>>>> combination is probably not necessary; for consistency, we can >>>>> align on quotes. >>>>> Original: >>>>> When using the generic SVCB RR type with aliasing, zone owners >>>>> <bcp14>SHOULD</bcp14> choose alias target names that indicate the >>>>> scheme in use (e.g., <tt>"foosvc.example.net"</tt> for >>>>> <tt>"foo://"</tt> schemes). This will help to avoid confusion >>>>> when >>>>> another scheme needs to be added to the configuration. When >>>>> multiple >>>>> port numbers are in use, it may be helpful to repeat the prefix >>>>> labels in the alias target name (e.g., >>>>> <tt>"_1234._foo.svc.example.net"</tt>). Current: >>>>> When using the generic SVCB RR type with aliasing, zone owners >>>>> <bcp14>SHOULD</bcp14> choose alias target names that indicate the >>>>> scheme in use (e.g., "foosvc.example.net" for "foo" schemes). >>>>> This >>>>> will help to avoid confusion when another scheme needs to be >>>>> added to >>>>> the configuration. When multiple port numbers are in use, it may >>>>> be >>>>> helpful to repeat the prefix labels in the alias target name >>>>> (e.g., "_1234._foo.svc.example.net"). We have also removed the >>>>> “://”, which is not properly part of the scheme. -----Original >>>>> Message----- >>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Friday, >>>>> September 22, 2023 2:39 PM >>>>> To: Mike Bishop >>>>> <mbishop@evequefou.be>;ietf@bemasc.net;erik+ietf@nygren.org >>>>> Cc: rfc-editor@rfc-editor.org;dnsop-ads@ietf.org;dnsop- >>>>> chairs@ietf.org;tjw.ietf@gmail.com; >>>>> auth48archive@rfc-editor.org >>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop- svcb- >>>>> https-12> >>>>> for your review Hi, Mike and coauthors. >>>>> Mike, apologies for our confusion with the emails >>>>> yesterday. We have updated this document per your notes below. >>>>> Please see our "[rfced]" notes inline. Also, apologies for an >>>>> issue regarding an update to Section 14.4. The updated section is >>>>> now correct. We also removed a duplicate question regarding >>>>> Figure 8. >>>>> The latest files are posted here. Please refresh your browser to >>>>> view the latest updates and the updated list of questions: >>>>> https://www.rfc-editor.org/authors/rfc9460.txt >>>>> https://www.rfc-editor.org/authors/rfc9460.pdf >>>>> https://www.rfc-editor.org/authors/rfc9460.html >>>>> https://www.rfc-editor.org/authors/rfc9460.xml >>>>> https://www.rfc-editor.org/authors/rfc9460- >>>>> diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> auth48diff.html >>>>> https://www.rfc-editor.org/authors/rfc9460-alt- >>>>> diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> xmldiff1.htmlhttps://www.rfc-editor.org/authors/rfc9460- >>>>> xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- >>>>> diff.htmlThank you, and again, apologies for our confusion. RFC >>>>> Editor/lb >>>>> On Sep 20, 2023, at 1:33 PM, Mike Bishop >>>>> <mbishop@evequefou.be> wrote: >>>>> A couple points from the copy-edits I wanted to discuss as we go >>>>> through these…. >>>>> Under SVC Query Names, I see this change: >>>>> Original: When querying the SVCB RR, a service is translated into >>>>> a QNAME by >>>>> prepending the service name with a label indicating the scheme, >>>>> prefixed with an underscore, resulting in a domain name like >>>>> "_examplescheme.api.example.com.". >>>>> Current: When querying the SVCB RR, a service is translated into >>>>> a QNAME by >>>>> prepending the service name with a label indicating the scheme, >>>>> prefixed with an underscore, resulting in a domain name like >>>>> "_examplescheme.api.example.com." >>>>> In this instance, however, the literal domain name ends with a >>>>> period. Given the general rule in American English that the >>>>> period goes inside the quotation marks and not outside, the >>>>> absence of the explicit exterior period might cause some readers >>>>> to apply that rule and not expect the actual domain name to >>>>> contain the trailing dot; hence the separate period in the >>>>> original. >>>>> Could we revert this change, or is there a different way we could >>>>> word this to avoid any confusion? >>>>> [rfced] Reverted. Thank you for the explanation. Under AliasMode, >>>>> quotes were added to offset >>>>> “https://example.com ”, but similar quotes were not added around >>>>> “foo://example.com:8080”. Should all URIs be quoted, if this one >>>>> is? [rfced] We added quotes to URIs listed in text. Please review >>>>> and let us know if any of the new quotes are incorrect (e.g., we >>>>> added quotes for 'owner of >>>>> "example.com"' because we found 'the operator of >>>>> "https://example.com "', but is this update correct?). Regarding >>>>> the hyphenation of “SVCB-optional” and “SVCB- reliant”: Original: >>>>> A client is called "SVCB-optional" if it can connect without the >>>>> use >>>>> of ServiceMode records, and "SVCB-reliant" otherwise. Current: A >>>>> client is called "SVCB optional" if it can connect without the >>>>> use >>>>> of ServiceMode records; otherwise, it is called "SVCB reliant". >>>>> These terms are used primarily as adjectives before a noun (and >>>>> therefore hyphenated) and in a few instances with a verb in >>>>> between. It seems unclear not to >>>>> hyphenate the definition of the terms when that’s >>>>> primarily how they’re used, for ease of searching. For >>>>> uniformity, could we hyphenate these terms throughout? If I >>>>> understand the rule correctly, a compound adjective is >>>>> *generally* not hyphenated when not before a noun, but some are. >>>>> (The same applies to “SVCB-compatible” later.) [rfced] We >>>>> restored the hyphens. >>>>> Updated list of questions: >>>>> 1) <!-- [rfced] We expanded "RR" in the document title. Please >>>>> let us know any objections. >>>>> Original: >>>>> Service binding and parameter specification via the DNS >>>>> (DNS SVCB and >>>>> HTTPS RRs) >>>>> Currently: >>>>> Service Binding and Parameter Specification via the DNS >>>>> (DNS SVCB and >>>>> HTTPS Resource Records (RRs)) --> >>>>> 2) <!-- [rfced] Please insert any keywords (beyond those that >>>>> appear >>>>> in the >>>>> title) for use on <https://www.rfc-editor.org/search >. --> >>>>> 3) <!-- [rfced] Datatracker "idnits" output for the original >>>>> approved document included the following warning. Please let us >>>>> know if any changes are needed as related to this warning: >>>>> == There are 2 instances of lines with non-RFC2606- compliant >>>>> FQDNs in the >>>>> document. --> >>>>> 4) <!-- [rfced] Section 1.1: We changed this section title, as it >>>>> did not match the contents of the section. If this update is >>>>> incorrect, perhaps some text is missing? If so, please clarify >>>>> "goal" vs. >>>>> "goals". >>>>> Original (excerpts from this section are included for context): >>>>> 1.1. Goals of the SVCB RR >>>>> The goal of the SVCB RR is to allow clients to resolve a single >>>>> additional DNS RR in a way that: >>>>> ... >>>>> Additional goals specific to HTTPS RRs and the HTTP use- cases >>>>> include: >>>>> Currently: >>>>> 1.1. Goals --> >>>>> 5) <!-- [rfced] Please review the "type" attribute of each >>>>> sourcecode element in the XML file to ensure correctness. If the >>>>> current list of preferred values for "type" >>>>> (https://www.rfc-editor.org/materials/sourcecode-types.txt >>>>> ) does not contain an applicable type, please let us know. Also, >>>>> it is acceptable to leave the "type" attribute not set. >>>>> In addition, review each artwork element. Specifically, should >>>>> any artwork element be tagged as sourcecode (e.g., >>>>> "dns-rr", "pseudocode", or "test-vectors" for some or all of the >>>>> figures in the appendices)? --> >>>>> 6) <!-- [rfced] Section 2.4.2: As it appears that >>>>> "multiple" means "multiple RRs" (as opposed to "multiple >>>>> RRSets"), we updated this sentence accordingly. If this is >>>>> incorrect, please provide clarifying text. >>>>> Original (the previous sentence is included for context): In >>>>> AliasMode, the SVCB record aliases a service to a TargetName. >>>>> SVCB RRSets SHOULD only have a single resource record in >>>>> AliasMode. >>>>> If multiple are present, clients or recursive resolvers SHOULD >>>>> pick one at random. >>>>> Currently: >>>>> If multiple >>>>> RRs are present, clients or recursive resolvers SHOULD pick one >>>>> at random. --> >>>>> 7) <!-- [rfced] Section 4.2: Is resolution of unknown RR types >>>>> the only type of normal response construction, or should "i.e." >>>>> ("that is") be "e.g." ("for example") here? Original: >>>>> Whether the recursive resolver is aware of SVCB or not, the >>>>> normal >>>>> response construction process (i.e. unknown RR type resolution >>>>> under >>>>> [RFC3597]) generates the Answer section of the response. >>>>> --> >>>>> 8) <!-- [rfced] Section 4.3: Does "even if the contents are >>>>> invalid" >>>>> refer to the "MUST" clause, the "MAY" clause, or both? Original: >>>>> Recursive resolvers MUST be able to convey SVCB records with >>>>> unrecognized SvcParamKeys, and MAY treat the entire SvcParams >>>>> portion of the record as opaque, even if the contents are >>>>> invalid. >>>>> (A) Perhaps (both): >>>>> Recursive resolvers MUST be able to convey SVCB records with >>>>> unrecognized SvcParamKeys and MAY treat the entire SvcParams >>>>> portion of the record as opaque, even if the contents are >>>>> invalid. >>>>> (B) Or possibly (only the "MAY" clause): Recursive resolvers MUST >>>>> be able to convey SVCB records with unrecognized SvcParamKeys, >>>>> and the resolvers MAY treat the entire SvcParams portion of the >>>>> record as opaque even if the contents are invalid. >>>>> (C) Or to be specific (instead of rely only on the comma): >>>>> Recursive resolvers MUST be able to convey SVCB records with >>>>> unrecognized SvcParamKeys, and the resolvers MAY treat the entire >>>>> SvcParams portion of the record as opaque even if the contents >>>>> (of that portion) are invalid. --> >>>>> 9) <!-- [rfced] Section 7.2: Should "this SvcParam" be >>>>> "this >>>>> SvcParamValue" here? We ask because we see two instances of >>>>> "SvcParamValue MUST NOT contain escape sequences" later in this >>>>> document. >>>>> Original: >>>>> To enable simpler parsing, this SvcParam MUST NOT contain escape >>>>> sequences. --> >>>>> 10) <!-- [rfced] Section 9.1: Please clarify the meaning of >>>>> "Following of". >>>>> Original: >>>>> Following of HTTPS AliasMode RRs and CNAME aliases is unchanged >>>>> from >>>>> SVCB. --> >>>>> 11) <!--[rfced] Should the instances of "9443" be "8443" here? >>>>> Original: >>>>> Alt-Svc: h2="alt.example:443", >>>>> h2="alt2.example:443", h3=":8443" The >>>>> client would retrieve the following HTTPS records: alt.example. >>>>> IN HTTPS 1 . alpn=h2,h3 foo=... >>>>> alt2.example. IN HTTPS 1 >>>>> alt2b.example. alpn=h3 foo=... >>>>> _8443._https.example.com. IN HTTPS >>>>> 1 alt3.example. ( >>>>> port=9443 alpn=h2,h3 foo=... ) >>>>> [...] >>>>> * >>>>> HTTP/3 to alt3.example:9443 --> >>>>> 12) <!-- [rfced] Section 9.4 and Table 1: Does "ECH" refer to >>>>> citations for draft-ietf-tls-esni and not to "Encrypted >>>>> ClientHello" >>>>> in general, or does it refer to some (unknown) future >>>>> specification >>>>> related to ECH (in which case the text should be >>>>> clarified)? >>>>> Please note that we could not find any indication in draft-ietf- >>>>> tls-esni that the parameter in question will be reserved >>>>> for it. >>>>> Original: >>>>> Clients MUST NOT use an HTTPS RR response unless the client >>>>> supports >>>>> TLS Server Name Indication (SNI) and indicates the origin name in >>>>> the >>>>> TLS ClientHello (which might be encrypted via a future >>>>> specification >>>>> such as ECH). >>>>> ... >>>>> | 5 | ech | RESERVED |N/A >>>>> |IETF | >>>>> | | | (will be | | >>>>> | >>>>> | | | used for | | >>>>> | >>>>> | | | ECH) | | >>>>> | --> >>>>> 13) <!-- [rfced] Section 9.6: >>>>> Should 'HTTP URL' be '"http" URL'? We ask because we do not see >>>>> 'HTTP URL' used anywhere else in this document or in this cluster >>>>> of >>>>> documents (https://www.rfc- >>>>> editor.org/cluster_info.php?cid=C461 ). >>>>> Also, we could not find any instances of "requestURL" in >>>>> [WebSocket], >>>>> any other published RFC, or [FETCH]. However, we see >>>>> "Request-URI" >>>>> in [WebSocket]. Will the use of "requestURL" be clear to readers? >>>>> Original: >>>>> All HTTP connections to named origins are eligible to use HTTPS >>>>> RRs, >>>>> even when HTTP is used as part of another protocol or without an >>>>> explicit HTTP URL. For example, clients that support HTTPS RRs >>>>> and >>>>> implement the altered WebSocket [WebSocket] opening handshake >>>>> from the >>>>> W3C Fetch specification [FETCH] SHOULD use HTTPS RRs for the >>>>> requestURL. --> >>>>> 14) <!-- [rfced] Section 10.3: We had trouble following >>>>> "various >>>>> interpretations of RFCs" in the first sentence, as it appears to >>>>> indicate that the RFCs themselves are being interpreted. Also, >>>>> the >>>>> second sentence does not parse. Would the "Perhaps" text below be >>>>> helpful? If not, please provide clarifying text. >>>>> Original ("an TargetName" has been fixed): Note that some >>>>> implementations may not allow A or AAAA records on >>>>> names starting with an underscore due to various >>>>> interpretations of >>>>> RFCs. This could be an operational issue when the TargetName >>>>> contains >>>>> an attrleaf label, as well as using an TargetName of "." when the >>>>> owner name contains an attrleaf label. >>>>> Perhaps: >>>>> Note that some implementations may not allow A or AAAA records on >>>>> names that start with an underscore, due to various >>>>> interpretations in >>>>> other RFCs. This could be an operational issue when the >>>>> TargetName >>>>> contains an Attrleaf label, as well as when a TargetName of "." >>>>> is >>>>> used when the owner name contains an Attrleaf label. --> 15) <!-- >>>>> [rfced] Section 11: We do not see the word >>>>> "stapling" or >>>>> "staple" in RFC 6066. Please confirm that this citation will be >>>>> clear >>>>> to readers. >>>>> Original: >>>>> Server operators implementing this standard SHOULD also implement >>>>> TLS >>>>> 1.3 [RFC8446] and OCSP Stapling [RFC6066], both of which confer >>>>> substantial performance and privacy benefits when used in >>>>> combination >>>>> with SVCB records. --> >>>>> 16) <!-- [rfced] Section 12: "unintended access" reads oddly >>>>> here. >>>>> If the suggested text is not correct, should the word >>>>> "unintended" >>>>> be removed? Please provide alternative text if you'd like to >>>>> rephrase. >>>>> Original: >>>>> If the attacker can influence the client's payload (e.g. TLS >>>>> session ticket contents), and an internal service has a >>>>> sufficiently lax parser, it's possible that the attacker could >>>>> gain >>>>> unintended access. >>>>> Suggested: >>>>> If the attacker can influence the client's payload (e.g., TLS >>>>> session >>>>> ticket contents) and an internal service has a >>>>> sufficiently lax >>>>> parser, it's possible that, as an unintended consequence, the >>>>> attacker >>>>> could gain access. --> >>>>> 17) <!-- [rfced] FYI, we have changed two instances of >>>>> "Service Binding" >>>>> to "service binding" because it written in lowercase where used >>>>> generally in this document. We will ask IANA to update >>>>> <https://www.iana.org/assignments/dns-parameters/ > accordingly, >>>>> unless you let us know you prefer otherwise. Original: >>>>> * Meaning: General Purpose Service Binding Current: Meaning: >>>>> General-purpose service binding >>>>> Original: >>>>> * Meaning: Service Binding type for use with HTTP Current: >>>>> Meaning: Service binding type for use with HTTP >>>>> --> >>>>> 18) <!-- [rfced] The following ACTION text indicates that the >>>>> "Service Parameter Keys (SvcParamKeys)" registry should appear on >>>>> the >>>>> "Domain Name System (DNS) Parameters" page. However, the registry >>>>> appears on a page under the heading "DNS Service Bindings >>>>> (SVCB)" >>>>> (see https://www.iana.org/assignments/dns-svcb/ ). Please review >>>>> and >>>>> let us know if the location of the "DNS Service Bindings >>>>> (SVCB)" >>>>> registry is correct. >>>>> Original: >>>>> ACTION: create this registry, on a new page entitled "DNS Service >>>>> Bindings (SVCB)" under the "Domain Name System (DNS) Parameters" >>>>> category. --> >>>>> 19) <!-- [rfced] Section 14.4: Because the "Underscored and >>>>> Globally Scoped DNS Node Names" IANA registry does not include a >>>>> "Meaning" >>>>> column, we have updated the table as shown below. Please let us >>>>> know >>>>> if any other updates are required. >>>>> Original (to avoid the issue of double dashes and XML comments, >>>>> the >>>>> bottom line of the table is not included): >>>>> Per [Attrleaf], please add the following entry to the DNS >>>>> Underscore >>>>> Global Scoped Entry Registry: >>>>> +=========+============+=================+=================+ >>>>> | RR TYPE | _NODE NAME | Meaning | Reference >>>>> | >>>>> +=========+============+=================+=================+ >>>>> | HTTPS | _https | HTTPS SVCB info | (This >>>>> document) | >>>>> Table 2 >>>>> Currently: >>>>> Per [Attrleaf], the following entry has been added to the DNS >>>>> "Underscored and Globally Scoped DNS Node Names" registry: >>>>> +=========+============+===========+ >>>>> | RR Type | _NODE NAME | Reference | >>>>> +=========+============+===========+ >>>>> | HTTPS | _https | RFC 9460 | >>>>> Table 2 --> >>>>> 20) <!-- [rfced] Appendix A: Because Section 3.3 of RFC 1035 says >>>>> "<character-string> is treated as binary information, and can be >>>>> up to >>>>> 256 characters in length (including the length octet)", we >>>>> updated >>>>> this sentence to clarify the meaning of "same as". If this is >>>>> incorrect, please provide text that clarifies the meaning >>>>> of "same as". >>>>> Original: >>>>> The algorithm is the same as used by >>>>> <character-string> in RFC 1035, although the output length in >>>>> this >>>>> document is not limited to 255 octets. >>>>> Currently: >>>>> The algorithm is the same as the >>>>> guideline for <character-string> in [RFC1035], except that in >>>>> this >>>>> document the output length is not limited to 255 octets. >>>>> --> >>>>> 21) <!-- [rfced] Appendix C.4: We changed "the authoritative" at >>>>> the end of this sentence to "the authoritative DNS server". If >>>>> this >>>>> is incorrect, please clarify the meaning of "the authoritative". >>>>> Original: >>>>> Recursive resolvers that implement the specification would, upon >>>>> receipt of a ServiceMode query, emit both a ServiceMode and an >>>>> AliasMode query to the authoritative. >>>>> Currently: >>>>> Recursive resolvers that implement the specification would, upon >>>>> receipt of a ServiceMode query, emit both a ServiceMode query and >>>>> an >>>>> AliasMode query to the authoritative DNS server. --> 22) <!-- >>>>> [rfced] Appendix D.2: Do "target (root label)" and >>>>> "target, root label" mean the same thing? If yes, should they >>>>> both be >>>>> expressed in the same way (i.e., either parentheses or comma)? >>>>> Also, should "length: 2 bytes" be "length 2", per the format of >>>>> all >>>>> other "# length" and "; length" entries? Original: >>>>> 00 ; target (root label) >>>>> ... >>>>> \x00 # target, root label >>>>> ... >>>>> \x00\x02 # length: 2 bytes >>>>> ... >>>>> \x00\x05 # length 5 >>>>> ... >>>>> \x00\x09 # length 9 >>>>> ... >>>>> \x00\x20 # length 32 >>>>> ... >>>>> \x00\x10 # length 16 --> >>>>> 23) <!-- [rfced] Figure 8: The "example.com." line is too long >>>>> and >>>>> yields the following warning: >>>>> Warning: Too long line found (L2319), 4 characters longer than 72 >>>>> characters: >>>>> example.com. SVCB 1example.com. >>>>> ipv6hint="2001:db8:122:344::192.0.2.33" >>>>> We see a similar type of line at the top of Figure 7, although >>>>> that >>>>> line uses parentheses before and after the line break around >>>>> "ipv6hint". Would it be syntactically correct to format this line >>>>> (i.e., with parentheses and line breaks) per Figure 7? Original: >>>>> example.com. SVCB 1example.com. >>>>> ipv6hint="2001:db8:122:344::192.0.2.33" >>>>> Possibly: >>>>> example.com. SVCB 1example.com. ( >>>>> ipv6hint="2001:db8:122:344::192.0.2.33" >>>>> ) --> >>>>> 24) <!-- [rfced] Figures 14 and 15: Should "mandatory" be written >>>>> in the same way in both titles (i.e., either lowercase and quoted >>>>> or >>>>> initial-capitalized and unquoted)? >>>>> Original: >>>>> Figure 14: A mandatory SvcParam is missing ... >>>>> Figure 15: The "mandatory" S >
- [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-dnsop… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Warren Kumari
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Tim Wicinski
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- [auth48] [IANA] Re: AUTH48: RFC-to-be 9460 <draft… Lynne Bartholomew
- [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Erik Nygren
- [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUT… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Warren Kumari
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Mike Bishop
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Erik Nygren
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- [auth48] * [IANA] **[AD] Re: AUTH48: RFC-to-be 94… Lynne Bartholomew
- Re: [auth48] * [IANA] **[AD] Re: AUTH48: RFC-to-b… Ben Schwartz
- [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Lynne Bartholomew
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Rob Wilton (rwilton)
- [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUT… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Warren Kumari
- Re: [auth48] *[AD] Re: AUTH48: RFC-to-be 9460 <dr… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop