Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review
Erik Nygren <nygren@gmail.com> Fri, 20 October 2023 00:09 UTC
Return-Path: <nygren@gmail.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9852C14CE22; Thu, 19 Oct 2023 17:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBjxg9eoTSLH; Thu, 19 Oct 2023 17:09:38 -0700 (PDT)
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B717DC14CF15; Thu, 19 Oct 2023 17:09:37 -0700 (PDT)
Received: by mail-wm1-x32a.google.com with SMTP id 5b1f17b1804b1-40572aeb673so1984495e9.0; Thu, 19 Oct 2023 17:09:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697760576; x=1698365376; darn=rfc-editor.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Aip26baoPJJVmHMzTN5pG0dUXiSmYYet6lyL0sZovz0=; b=QLKM2BSbIjHJbcO5IzT0/J/+c8if/e9lHHETeFROAVOBkGdsC/jm3YTlUhKHCPmJ7K +dH0T1wvgRGFjgLnKJvk66TfGynZm5sfxqOG81l9b8hrvXLqkE9l1JSSdmrXtHuFIOq0 v/iD12s5ymdcGlUPmuHijr3zIQpspddfEPQpfKou4Qwr5XGYVLu+KzrlAyEQboZOEZ7K v0TPPQXtRzYYqUNl2nSA6UwNsTux56MGPc4Xjs2iljdF3KNQD3q34kMs4fLzOAWD1cxF eHHEUf8GKdQ0VQbk8N9xiV+ov0ZYUWU73gdEoRLZyASjj8xx0x8uOD/f0x5BkfY5liEr o/+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697760576; x=1698365376; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Aip26baoPJJVmHMzTN5pG0dUXiSmYYet6lyL0sZovz0=; b=VwNjCYEJKnzEFe3jMVV6fOCh4OBO+eD9FZDHMkL5V4yOAEbz2SO57TwZCbwX2aFwgP kcisgUdcFdBDdfMi8qPaVbClYWjgaeS7c+pQ60AC+eYQPy6ZvmPsPxAdSDFFTs+NKv8R AZ8QcAyUNcOYKntR+ddVB1uojC3ynlNBj6WThwV4BbPmOxs2VONJdrOwKcjgnhC5RTYS cEDrX0vLhUbS1GjQAb5k/LRcxEfLwkSMNNKSOpVeM+RzWjrXNgIyq3eipfB7qThxtgeA 6STRfGUzfJjLnBdTTsYK/BUQE69ty7Jo7Ri0GRilGDp3xU/2f8lBMKUAOyficLc7RHSe tvgQ==
X-Gm-Message-State: AOJu0YzaUB9wKOtAfEQ2Hj+uqjgwGHrECmUX/N3Bqu5Ja/uoYRxE4lwe L73YIObE/Pq7EyWRPESttufulh1hhNPGmH7x0iA=
X-Google-Smtp-Source: AGHT+IEjofVkA02F1nhM9xfSENZ4KlThLCpMplJR6CwrIdQsEUug2cn+DnqKUfX1RULUTPDjZ/yZjJTfEhKyFRMlei0=
X-Received: by 2002:a05:6000:809:b0:313:eb09:c029 with SMTP id bt9-20020a056000080900b00313eb09c029mr222523wrb.43.1697760575644; Thu, 19 Oct 2023 17:09:35 -0700 (PDT)
MIME-Version: 1.0
References: <RT-Ticket-1284364@icann.org> <20230909024843.23314E5EA7@rfcpa.amsl.com> <PH0PR22MB3102689F598B65A0549D2027DAF9A@PH0PR22MB3102.namprd22.prod.outlook.com> <E9C199B0-4A37-4D3E-862B-70C7ED633E9B@amsl.com> <PH0PR22MB3102283BB824AF4DB536E323DAC3A@PH0PR22MB3102.namprd22.prod.outlook.com> <PH0PR22MB3102698FDBC0D78EF2D8F89BDAD6A@PH0PR22MB3102.namprd22.prod.outlook.com> <A51365AB-9409-4C57-AE3C-2B8C060C59DB@amsl.com> <BN8PR15MB3281989B39E4F9A6958287B9B3D5A@BN8PR15MB3281.namprd15.prod.outlook.com> <B7B4736A-77C9-4F42-AA38-C19D9C0747CE@amsl.com> <42D5059B-1990-49BF-AFE8-714961EB043C@amsl.com> <rt-5.0.3-801080-1697760108-1453.1284364-9-0@icann.org>
In-Reply-To: <rt-5.0.3-801080-1697760108-1453.1284364-9-0@icann.org>
From: Erik Nygren <nygren@gmail.com>
Date: Thu, 19 Oct 2023 20:09:22 -0400
Message-ID: <CAKC-DJgBEXZfx2pBS2x75Mpx3oc-9nLY34b0dd6U+RCaX+qD3g@mail.gmail.com>
To: iana-matrix-comment@iana.org
Cc: tjw.ietf@gmail.com, rfc-editor@rfc-editor.org, mbishop@evequefou.be, ietf@bemasc.net, dnsop-chairs@ietf.org, dnsop-ads@ietf.org, bemasc@meta.com, auth48archive@rfc-editor.org
Content-Type: multipart/alternative; boundary="000000000000066a8e06081ab0ae"
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/gI-LkWwdFPZsbikBXsQtNsFp9V0>
Subject: Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2023 00:09:43 -0000
Another option for the reference for "ech" would be to "draft-ietf-tls-svcb-ech-00" which is where that portion of the format specification has moved to and where the TLS WG is working on it. Thanks, Erik On Thu, Oct 19, 2023 at 8:01 PM Amanda Baber via RT < iana-matrix-comment@iana.org> wrote: > Hi, > > We've completed these changes, but need to make a note about the second > one: > > On Wed Oct 18 19:43:35 2023, lbartholomew@amsl.com wrote: > > Dear IANA, > > > > We are preparing this document for publication. > > > > Please make the following updates to the "Resource Record (RR) TYPEs" > > registry on > > <https://www.iana.org/assignments/dns-parameters/>: > > > > OLD: > > General Purpose Service Binding > > Service Binding type for use with HTTP > > > > NEW: > > General-purpose service binding > > SVCB-compatible type for use with HTTP > > This is complete: > > https://www.iana.org/assignments/dns-parameters > > > = = = = = > > > > Please make the following update to the "Service Parameter Keys > > (SvcParamKeys)" registry on > > <https://www.iana.org/assignments/dns-svcb/>: > > > > OLD (column name): > > Format Reference > > > > NEW: > > Reference > > The Service Parameter Keys (SvcParamKeys) registry originally had the > "Format Reference" field populated by the document and a "Reference" field > added by IANA. Aside from the entry for "ech", which was filled in with > "N/A", the former contained either a more detailed version of IANA's > reference or the same reference. > > We've removed IANA's "Reference" field and changed the name of the "Format > Reference" field to "Reference," but we've also replaced "N/A" with > "[RFC-ietf-dnsop-svcb-https-12]" for "ech", so as to avoid leaving that > entry unreferenced: > > https://www.iana.org/assignments/dns-svcb > > thanks, > Amanda > > > Thank you! > > > > RFC Editor/lb > > > > > > > On Oct 18, 2023, at 12:31 PM, Lynne Bartholomew > > > <lbartholomew@amsl.com> wrote: > > > > > > Hi, Ben. Great; thanks! > > > > > > RFC Editor/lb > > > > > >> On Oct 18, 2023, at 12:26 PM, Ben Schwartz <bemasc@meta.com> wrote: > > >> > > >> Correct. > > >> > > >>> On Oct 18, 2023, at 11:26 AM, Lynne Bartholomew > > >>> <lbartholomew@amsl.com> wrote: > > >>> > > >>> Hi, Ben. > > >>> > > >>> Just to confirm -- 'replace the "Reference" column that IANA added' > > >>> means 'change IANA's "Format Reference" column heading to > > >>> "Reference"; correct? > > >>> > > >>> Thank you! > > >>> > > >>> RFC Editor/lb > > >>> > > >>>> On Oct 18, 2023, at 11:17 AM, Ben Schwartz <bemasc@meta.com> > > >>>> wrote: > > >>>> > > >>>> That's correct. This will replace the "Reference" column that > > >>>> IANA added for compliance with their usual processes. > > >>>> > > >>>> --Ben SchwartzFrom: Lynne Bartholomew <lbartholomew@amsl.com> > > >>>> Sent: Wednesday, October 18, 2023 1:34 PM > > >>>> To: Mike Bishop <mbishop@evequefou.be> > > >>>> Cc: Erik Nygren <nygren@gmail.com>; Ben Schwartz > > >>>> <bemasc@meta.com>; ietf@bemasc.net <ietf@bemasc.net>; rfc- > > >>>> editor@rfc-editor.org <rfc-editor@rfc-editor.org>; dnsop- > > >>>> ads@ietf.org <dnsop-ads@ietf.org>; dnsop-chairs@ietf.org <dnsop- > > >>>> chairs@ietf.org>; tjw.ietf@gmail.com <tjw.ietf@gmail.com>; > > >>>> auth48archive@rfc-editor.org <auth48archive@rfc-editor.org> > > >>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https- > > >>>> 12> for your review > > >>>> !------------------------------------------------------------------- > > >>>> | > > >>>> This Message Is From an External Sender > > >>>> > > >>>> |------------------------------------------------------------------- > > >>>> ! > > >>>> > > >>>> Hi, Mike. So noted: > > >>>> > > >>>> https://www.rfc-editor.org/auth48/rfc9460 > > >>>> > > >>>> Before we ask IANA to make updates per changes made to this > > >>>> document, we first want to confirm that, per AUTH48 XML updates > > >>>> that you sent us on 26 September, we also need to ask for the > > >>>> following change on <https://www.iana.org/assignments/dns-svcb/ >: > > >>>> > > >>>> OLD (column name): > > >>>> Format Reference > > >>>> > > >>>> NEW: > > >>>> Reference > > >>>> > > >>>> Please let us know about the above. We will wait to hear from you > > >>>> before proceeding. > > >>>> > > >>>> Thank you! > > >>>> > > >>>> RFC Editor/lb > > >>>> > > >>>>> On Oct 17, 2023, at 12:52 PM, Mike Bishop <mbishop@evequefou.be> > > >>>>> wrote: > > >>>>> > > >>>>> Approved -- thanks to everyone for their work on this. > > >>>>> > > >>>>> -----Original Message----- > > >>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> > > >>>>> Sent: Monday, October 16, 2023 11:30 AM > > >>>>> To: Erik Nygren <nygren@gmail.com> > > >>>>> Cc: Ben Schwartz <bemasc@meta.com>; Mike Bishop > > >>>>> <mbishop@evequefou.be>; ietf@bemasc.net; rfc-editor@rfc- > > >>>>> editor.org; dnsop-ads@ietf.org; dnsop-chairs@ietf.org; > > >>>>> tjw.ietf@gmail.com; auth48archive@rfc-editor.org > > >>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https- > > >>>>> 12> for your review > > >>>>> > > >>>>> Hi, Erik. Thank you for confirming your approval! > > >>>>> > > >>>>> RFC Editor/lb > > >>>>> > > >>>>>> On Oct 15, 2023, at 6:45 AM, Erik Nygren <nygren@gmail.com> > > >>>>>> wrote: > > >>>>>> > > >>>>>> I just looked at the latest and it looks good to me. > > >>>>>> > > >>>>>> Thanks! Erik > > >>>>>> > > >>>>>> On Fri, Oct 13, 2023 at 5:53 PM Lynne Bartholomew > > >>>>>> <lbartholomew@amsl.com> wrote: > > >>>>>> Hi, Erik, Ben, and Mike. > > >>>>>> > > >>>>>> Ben and Mike, we have made further updates to this document per > > >>>>>> your notes below. > > >>>>>> > > >>>>>> The latest files are posted here (please refresh your browser): > > >>>>>> > > >>>>>> https://www.rfc-editor.org/authors/rfc9460.txt > > >>>>>> https://www.rfc-editor.org/authors/rfc9460.pdf > > >>>>>> https://www.rfc-editor.org/authors/rfc9460.html > > >>>>>> https://www.rfc-editor.org/authors/rfc9460.xml > > >>>>>> https://www.rfc-editor.org/authors/rfc9460-diff.html > > >>>>>> https://www.rfc-editor.org/authors/rfc9460-rfcdiff.html > > >>>>>> https://www.rfc-editor.org/authors/rfc9460-auth48diff.html > > >>>>>> https://www.rfc-editor.org/authors/rfc9460-lastdiff.html > > >>>>>> https://www.rfc-editor.org/authors/rfc9460-lastrfcdiff.html > > >>>>>> > > >>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html > > >>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff2.html > > >>>>>> https://www.rfc-editor.org/authors/rfc9460-alt-diff.html > > >>>>>> > > >>>>>> Erik and Ben, we have noted your approvals on the AUTH48 status > > >>>>>> page. Please note, however, that if you object to any > > >>>>>> subsequent updates to this document you will let us know: > > >>>>>> > > >>>>>> https://www.rfc-editor.org/auth48/rfc9460 > > >>>>>> > > >>>>>> Thank you! > > >>>>>> > > >>>>>> RFC Editor/lb > > >>>>>> > > >>>>>>> On Oct 12, 2023, at 2:05 PM, Mike Bishop <mbishop@evequefou.be> > > >>>>>>> wrote: > > >>>>>>> > > >>>>>>> I’ve finished my final read-through. These are minor issues, > > >>>>>>> and everything else looks fine. > > >>>>>>> > > >>>>>>> I caught a few uses of the first-person through the document. > > >>>>>>> I suggest: > > >>>>>>> > > >>>>>>> • Section 1.3: “Our terminology…” => “Terminology in this > > >>>>>>> document…” > > >>>>>>> > > >>>>>>> • Section 2.3: “We term this behavior "Port Prefix Naming" and > > >>>>>>> use it in the examples throughout this document.” => “This > > >>>>>>> document terms this behavior "Port Prefix Naming" and uses it > > >>>>>>> in the examples throughout.” > > >>>>>>> > > >>>>>>> • Appendix A: “Here, we summarize…” => “The following > > >>>>>>> summarizes…” > > >>>>>>> > > >>>>>>> • Appendix C: “…by providing an extensible solution that solves > > >>>>>>> multiple problems we will overcome this inertia…” => “…an > > >>>>>>> extensible solution that solves multiple problems will overcome > > >>>>>>> this inertia…” > > >>>>>>> > > >>>>>>> There is a nested parenthetical in 2.3. I suggest the > > >>>>>>> following: > > >>>>>>> > > >>>>>>> Current: > > >>>>>>> (Parentheses are used to ignore a line break in DNS zone-file > > >>>>>>> presentation format ([RFC1035], Section 5.1).) > > >>>>>>> > > >>>>>>> Proposed: > > >>>>>>> (Parentheses are used to ignore a line break in DNS zone-file > > >>>>>>> presentation format, per Section 5.1 of [RFC1035].) > > >>>>>> > > >>>>>> > > >>>>>>> On Oct 11, 2023, at 10:51 AM, Ben Schwartz <bemasc@meta.com> > > >>>>>>> wrote: > > >>>>>>> > > >>>>>>> The caption of Figure 10 is 'An alpn Value with ...'. I > > >>>>>>> believe "alpn" should be quoted for consistency, resulting in > > >>>>>>> 'An "alpn" Value with ...". > > >>>>>>> > > >>>>>>> Apart from that suggestion, I approve this version for > > >>>>>>> publication. > > >>>>>>> > > >>>>>>> --Ben Schwartz > > >>>>>> > > >>>>>>> On Oct 11, 2023, at 10:34 AM, Erik Nygren <nygren@gmail.com> > > >>>>>>> wrote: > > >>>>>>> > > >>>>>>> Approved from my perspective! (Assuming no objections from > > >>>>>>> Mike or Ben.) > > >>>>>>> > > >>>>>>> Best, Erik > > >>>>>>> > > >>>>>>> > > >>>>>>> On Wed, Oct 11, 2023 at 12:11 PM Lynne Bartholomew > > >>>>>>> <lbartholomew@amsl.com> wrote: > > >>>>>>> Hi, Erik. > > >>>>>>> > > >>>>>>> We have updated this document per your note below. > > >>>>>>> > > >>>>>>> The latest files are posted here (please refresh your browser): > > >>>>>>> > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460.txt > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460.pdf > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460.html > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460.xml > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460-diff.html > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460-rfcdiff.html > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460-auth48diff.html > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460-lastdiff.html > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460-lastrfcdiff.html > > >>>>>>> > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff2.html > > >>>>>>> https://www.rfc-editor.org/authors/rfc9460-alt-diff.html > > >>>>>>> > > >>>>>>> We will wait to hear from your coauthors regarding any > > >>>>>>> subsequent changes before noting anyone's approval. > > >>>>>>> > > >>>>>>> Thank you! > > >>>>>>> > > >>>>>>> RFC Editor/lb > > >>>>>>> > > >>>>>>>> On Oct 10, 2023, at 2:13 PM, Erik Nygren <nygren@gmail.com> > > >>>>>>>> wrote: > > >>>>>>>> > > >>>>>>>> I took a final reading pass through and the only thing that > > >>>>>>>> jumped out would be to change this: > > >>>>>>>> > > >>>>>>>> - "," and "\" characters instead of implementing the > > >>>>>>>> <tt>value-list</tt> escaping > > >>>>>>>> + "," and "\" characters in ALPN IDs instead of implementing > > >>>>>>>> the <tt>value-list</tt> escaping > > >>>>>>>> > > >>>>>>>> The current text is ambiguous as to whether those characters > > >>>>>>>> are prohibited in ALPN IDs or prohibited in value-list. > > >>>>>>>> It is clear that the intent is for them to only be prohibited > > >>>>>>>> in ALPN IDs so that value-list can contain commas, > > >>>>>>>> but inserting the "in ALPN IDs" would reduce risk of > > >>>>>>>> misreading. > > >>>>>>>> Everything else looks good. > > >>>>>>>> > > >>>>>>>> I believe Mike and Ben are making similar read-throughs. > > >>>>>>>> > > >>>>>>>> Thanks, Erik > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> > > >>>>>>>> On Fri, Oct 6, 2023 at 4:30 PM Mike Bishop > > >>>>>>>> <mbishop@evequefou.be> wrote: > > >>>>>>>> Ben proposed this text on GitHub: > > >>>>>>>> > > >>>>>>>> In this document, this algorithm is referred to as "character- > > >>>>>>>> string decoding", because > > >>>>>>>> <xref target="RFC1035" sectionFormat="of" section="5.1"/> uses > > >>>>>>>> this > > >>>>>>>> algorithm to produce a <tt><character-string></tt>. > > >>>>>>>> > > >>>>>>>> (And a corresponding "the allowed input" => "some allowed > > >>>>>>>> inputs".) > > >>>>>>>> > > >>>>>>>> The attached XML incorporates this proposal, if that works for > > >>>>>>>> everyone. > > >>>>>>>> > > >>>>>>>> -----Original Message----- > > >>>>>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> > > >>>>>>>> Sent: Thursday, October 5, 2023 12:32 PM > > >>>>>>>> To: Erik Nygren <erik+ietf@nygren.org>; Ben Schwartz > > >>>>>>>> <bemasc@meta.com> > > >>>>>>>> Cc: Mike Bishop <mbishop@evequefou.be>; ietf@bemasc.net; rfc- > > >>>>>>>> editor@rfc-editor.org; dnsop-ads@ietf.org; dnsop- > > >>>>>>>> chairs@ietf.org; tjw.ietf@gmail.com; auth48archive@rfc- > > >>>>>>>> editor.org > > >>>>>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- > > >>>>>>>> https-12> for your review > > >>>>>>>> > > >>>>>>>> Hi, Erik and Ben. > > >>>>>>>> > > >>>>>>>> Erik, thank you for the suggestion. Ben, is Erik's suggestion > > >>>>>>>> acceptable, and may we update accordingly? > > >>>>>>>> > > >>>>>>>> Thank you! > > >>>>>>>> > > >>>>>>>> RFC Editor/lb > > >>>>>>>> > > >>>>>>>>> On Oct 5, 2023, at 6:12 AM, Erik Nygren > > >>>>>>>>> <erik+ietf@nygren.org> wrote: > > >>>>>>>>> > > >>>>>>>>> What about "described in" (instead of just "in" or "per") ? > > >>>>>>>>> So: > > >>>>>>>>> > > >>>>>>>>> -it is used to produce a <tt><character-string></tt> in > > >>>>>>>>> +it is used to produce the <tt><character-string></tt> > > >>>>>>>>> described in > > >>>>>>>>> > > >>>>>>>>> ? > > >>>>>>>>> > > >>>>>>>>> On Wed, Oct 4, 2023 at 11:58 AM Ben Schwartz > > >>>>>>>>> <bemasc@meta.com> wrote: > > >>>>>>>>> Re: "We made the additional update (changed "in" to "per") > > >>>>>>>>> per your note for 1) below." > > >>>>>>>>> > > >>>>>>>>> I think we need to give that section another look. I believe > > >>>>>>>>> that "per" may not be correct here. > > >>>>>>>>> > > >>>>>>>>> --Ben Schwartz > > >>>>>>>>> > > >>>>>>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> > > >>>>>>>>> Sent: Tuesday, October 3, 2023 12:29 PM > > >>>>>>>>> To: Mike Bishop <mbishop@evequefou.be> > > >>>>>>>>> Cc: ietf@bemasc.net <ietf@bemasc.net>; erik+ietf@nygren.org > > >>>>>>>>> <erik+ietf@nygren.org>; rfc-editor@rfc-editor.org <rfc- > > >>>>>>>>> editor@rfc-editor.org>; dnsop-ads@ietf.org <dnsop- > > >>>>>>>>> ads@ietf.org>; dnsop-chairs@ietf.org <dnsop-chairs@ietf.org>; > > >>>>>>>>> tjw.ietf@gmail.com<tjw.ietf@gmail.com>; auth48archive@rfc- > > >>>>>>>>> editor.org <auth48archive@rfc-editor.org> > > >>>>>>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- > > >>>>>>>>> https-12> for your review > > >>>>>>>>> > !------------------------------------------------------------------- > > >>>>>>>>> | > > >>>>>>>>> This Message Is From an External Sender > > >>>>>>>>> > > >>>>>>>>> > |------------------------------------------------------------------- > > >>>>>>>>> ! > > >>>>>>>>> > > >>>>>>>>> Hi, Mike. > > >>>>>>>>> > > >>>>>>>>> Thank you for the latest updated XML file! > > >>>>>>>>> > > >>>>>>>>> We made the additional update (changed "in" to "per") per > > >>>>>>>>> your note for 1) below. > > >>>>>>>>> > > >>>>>>>>> FYI that the new line breaks in the list in Section 1.2 > > >>>>>>>>> constitute a bug (https://github.com/ietf- > > >>>>>>>>> tools/xml2rfc/issues/1045). We hope that this issue will be > > >>>>>>>>> resolved soon. > > >>>>>>>>> > > >>>>>>>>> The latest files are posted here (please refresh your > > >>>>>>>>> browser): > > >>>>>>>>> > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.txt > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.pdf > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.html > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.xml > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-diff.html > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-rfcdiff.html > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-auth48diff.html > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-lastdiff.html > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-lastrfcdiff.html > > >>>>>>>>> > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff2.html > > >>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-alt-diff.html > > >>>>>>>>> > > >>>>>>>>> Thanks again! > > >>>>>>>>> > > >>>>>>>>> RFC Editor/lb > > >>>>>>>>> > > >>>>>>>>>> On Sep 29, 2023, at 11:52 AM, Mike Bishop > > >>>>>>>>>> <mbishop@evequefou.be> wrote: > > >>>>>>>>>> > > >>>>>>>>>> 1) This is fine. > > >>>>>>>>>> > > >>>>>>>>>> 2) All reasonable, but we'd prefer to avoid nested > > >>>>>>>>>> parentheses. In the attached, we've changed this to > > >>>>>>>>>> "supported protocols" in 3.2 and moved the expansion back to > > >>>>>>>>>> 7.1. > > >>>>>>>>>> > > >>>>>>>>>> We also noted in reviewing the change to the title of Figure > > >>>>>>>>>> 1 that this URL was not quoted, so we've added those. > > >>>>>>>>>> > > >>>>>>>>>> -----Original Message----- > > >>>>>>>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> > > >>>>>>>>>> Sent: Thursday, September 28, 2023 11:48 AM > > >>>>>>>>>> To: Mike Bishop <mbishop@evequefou.be> > > >>>>>>>>>> Cc: ietf@bemasc.net; erik+ietf@nygren.org; rfc-editor@rfc- > > >>>>>>>>>> editor.org; dnsop-ads@ietf.org; dnsop-chairs@ietf.org; > > >>>>>>>>>> tjw.ietf@gmail.com; auth48archive@rfc-editor.org > > >>>>>>>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- > > >>>>>>>>>> https-12> for your review > > >>>>>>>>>> > > >>>>>>>>>> Hi, Mike. > > >>>>>>>>>> > > >>>>>>>>>> Thank you very much for the updated XML file! > > >>>>>>>>>> > > >>>>>>>>>> Thanks also for the detailed list of updates after your > > >>>>>>>>>> "late-arriving review from the DNS Directorate" note; your > > >>>>>>>>>> note informed us that we would not need to ask for AD > > >>>>>>>>>> approval for any of those updates; very helpful and much > > >>>>>>>>>> appreciated! > > >>>>>>>>>> > > >>>>>>>>>> A couple follow-up items for you: > > >>>>>>>>>> > > >>>>>>>>>> 1) "used to produce a <character-string> in Section 5.1 of > > >>>>>>>>>> [RFC1035]" reads a bit oddly. May we change it to "used to > > >>>>>>>>>> produce a <character-string> per Section 5.1 of [RFC1035]"? > > >>>>>>>>>> > > >>>>>>>>>> 2) Please note that per our style guidelines we made the > > >>>>>>>>>> following updates to your copy: > > >>>>>>>>>> > > >>>>>>>>>> * Moved the expansion of "ALPN" from Section 7.1 to Section > > >>>>>>>>>> 3.2. > > >>>>>>>>>> * Changed "Section 2.4.2 and Section 3" to "Sections 2.4.2 > > >>>>>>>>>> and 3" in Section 9.1. > > >>>>>>>>>> * Changed "At" to "at" in the title of Figure 1. > > >>>>>>>>>> > > >>>>>>>>>> The latest files are posted here: > > >>>>>>>>>> > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.txt > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.pdf > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.html > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.xml > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-diff.html > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-rfcdiff.html > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-auth48diff.html > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-lastdiff.html > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-lastrfcdiff.html > > >>>>>>>>>> > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff2.html > > >>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-alt-diff.html > > >>>>>>>>>> > > >>>>>>>>>> Again, many thanks for your help with this document! > > >>>>>>>>>> > > >>>>>>>>>> RFC Editor/lb > > >>>>>>>>>> > > >>>>>>>>>> > > >>>>>>>>>>> On Sep 26, 2023, at 11:40 AM, Mike Bishop > > >>>>>>>>>>> <mbishop@evequefou.be> wrote: > > >>>>>>>>>>> > > >>>>>>>>>>> Hi, Lynne - > > >>>>>>>>>>> Please see attached an updated XML from our side, with the > > >>>>>>>>>>> following changes in response to your questions. > > >>>>>>>>>>> > > >>>>>>>>>>> • We expanded "RR" in the document title. Please let us > > >>>>>>>>>>> know any objections. > > >>>>>>>>>>> We have adjusted the title to expand the initialism while > > >>>>>>>>>>> avoiding nested parentheses. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Service Binding and Parameter Specification via the DNS > > >>>>>>>>>>> (DNS SVCB and > > >>>>>>>>>>> HTTPS Resource Records (RRs)) > > >>>>>>>>>>> Current: > > >>>>>>>>>>> Service Binding and Parameter Specification via the DNS > > >>>>>>>>>>> (SVCB and > > >>>>>>>>>>> HTTPS Resource Records) > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 2. Please insert any keywords… > > >>>>>>>>>>> We have added various relevant keywords. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 3. Datatracker "idnits" output for the > > >>>>>>>>>>> original approved document included the following warning … > > >>>>>>>>>>> There are 2 instances of lines with non-RFC2606-compliant > > >>>>>>>>>>> FQDNs > > >>>>>>>>>>> These instances are false positives. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 4. Section 1.1: We changed this section > > >>>>>>>>>>> title, as it did not match the contents of the section. If > > >>>>>>>>>>> this update is incorrect, perhaps some text is missing? If > > >>>>>>>>>>> so, please clarify "goal" vs. "goals". > > >>>>>>>>>>> We have accepted the new section title, and also corrected > > >>>>>>>>>>> an obsolete reference to statements that were previously > > >>>>>>>>>>> “mentioned above” but now appear later in the document. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> (As mentioned above, this all > > >>>>>>>>>>> applies equally to the HTTPS RR, which shares the same > > >>>>>>>>>>> encoding, > > >>>>>>>>>>> format, and high-level semantics.) > > >>>>>>>>>>> Current: > > >>>>>>>>>>> (As discussed in <xref target="svcb-compatible"/>, this > > >>>>>>>>>>> all applies > > >>>>>>>>>>> equally to the HTTPS RR, which shares the same encoding, > > >>>>>>>>>>> format, and > > >>>>>>>>>>> high-level semantics.) > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 5. Please review the "type" attribute of each > > >>>>>>>>>>> sourcecode element… > > >>>>>>>>>>> We have added types and converted “artwork” tags to > > >>>>>>>>>>> “sourcecode” as appropriate. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 6. Section 2.4.2: As it appears that > > >>>>>>>>>>> "multiple" means "multiple RRs" (as opposed to "multiple > > >>>>>>>>>>> RRSets"), we updated this sentence accordingly. If this is > > >>>>>>>>>>> incorrect, please provide clarifying text. > > >>>>>>>>>>> We have adjusted this to “multiple AliasMode RRs”. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 7. Section 4.2: Is resolution of unknown RR > > >>>>>>>>>>> types the only type of normal response construction, or > > >>>>>>>>>>> should "i.e." ("that is") be "e.g." ("for example") here? > > >>>>>>>>>>> Yes. For clarity, we’ve removed this use of “i.e.” > > >>>>>>>>>>> entirely. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 8. Section 4.3: Does "even if the contents > > >>>>>>>>>>> are invalid" refer to the "MUST" clause, the "MAY" clause, > > >>>>>>>>>>> or both? > > >>>>>>>>>>> It refers to the “MAY” clause. To improve clarity, we’ve > > >>>>>>>>>>> restructured this sentence and the following one. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Recursive resolvers <bcp14>MUST</bcp14> be able to convey > > >>>>>>>>>>> SVCB records > > >>>>>>>>>>> with unrecognized SvcParamKeys, and <bcp14>MAY</bcp14> > > >>>>>>>>>>> treat the > > >>>>>>>>>>> entire SvcParams portion of the record as opaque, even if > > >>>>>>>>>>> the contents > > >>>>>>>>>>> are invalid. Alternatively, recursive resolvers > > >>>>>>>>>>> <bcp14>MAY</bcp14> > > >>>>>>>>>>> report an error such as SERVFAIL to avoid returning a > > >>>>>>>>>>> SvcParamValue that is invalid according to the SvcParam's > > >>>>>>>>>>> specification. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> Recursive resolvers <bcp14>MUST</bcp14> be able to convey > > >>>>>>>>>>> SVCB records > > >>>>>>>>>>> with unrecognized SvcParamKeys. Resolvers > > >>>>>>>>>>> <bcp14>MAY</bcp14> > > >>>>>>>>>>> accomplish this by treating the entire SvcParams portion > > >>>>>>>>>>> of the record > > >>>>>>>>>>> as opaque, even if the contents are invalid. If a > > >>>>>>>>>>> recognized > > >>>>>>>>>>> SvcParamKey is followed by a value that is invalid > > >>>>>>>>>>> according to the > > >>>>>>>>>>> SvcParam's specification, a recursive resolver > > >>>>>>>>>>> <bcp14>MAY</bcp14> > > >>>>>>>>>>> report an error such as SERVFAIL instead of returning the > > >>>>>>>>>>> record. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 9. Section 7.2: Should "this SvcParam" be > > >>>>>>>>>>> "this SvcParamValue" here? > > >>>>>>>>>>> Yes. (Corrected.) > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 10. Section 9.1: Please clarify the meaning of > > >>>>>>>>>>> "Following of". > > >>>>>>>>>>> We’ve clarified by reformulating this sentence and > > >>>>>>>>>>> including references to the relevant sections where the > > >>>>>>>>>>> behavior is defined. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Following of HTTPS AliasMode RRs and CNAME aliases > > >>>>>>>>>>> is unchanged from SVCB. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> The procedure for following HTTPS AliasMode RRs > > >>>>>>>>>>> and CNAME aliases is unchanged from SVCB (as described in > > >>>>>>>>>>> <xref target="alias-mode"/> and <xref target="client- > > >>>>>>>>>>> behavior"/>). > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 11. Should the instances of "9443" be "8443" > > >>>>>>>>>>> here? > > >>>>>>>>>>> No, this distinction is intentional. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 12. Section 9.4 and Table 1: Does "ECH" refer > > >>>>>>>>>>> to citations for draft-ietf-tls-esni and not to "Encrypted > > >>>>>>>>>>> ClientHello" in general, or does it refer to some (unknown) > > >>>>>>>>>>> future specification related to ECH (in which case the text > > >>>>>>>>>>> should be clarified)? > > >>>>>>>>>>> For clarity, we’ve replaced “ECH” here with that reference, > > >>>>>>>>>>> and expanded the acronym where it appears in the IANA > > >>>>>>>>>>> instructions. The assignment is currently captured in > > >>>>>>>>>>> draft-sbn-tls-svcb-ech-00, which was extracted from this > > >>>>>>>>>>> document. The TLS WG has adopted that document, and will > > >>>>>>>>>>> need to decide whether to fold it into draft-ietf-tls-esni > > >>>>>>>>>>> or advance it separately. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 13. Section 9.6: Should 'HTTP URL' be '"http" > > >>>>>>>>>>> URL'? … Also, we could not find any instances of > > >>>>>>>>>>> "requestURL" in [WebSocket], any other published RFC, or > > >>>>>>>>>>> [FETCH]. > > >>>>>>>>>>> We’ve replaced ‘HTTP URL” with the formal term defined in > > >>>>>>>>>>> RFC 9110: “HTTP-related URI scheme”. > > >>>>>>>>>>> Since we wrote this text, WHATWG has moved the definition > > >>>>>>>>>>> of “requestURL” to a new document. We’ve fixed the problem > > >>>>>>>>>>> by adding that reference here. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> All HTTP connections to named origins are eligible to use > > >>>>>>>>>>> HTTPS RRs, > > >>>>>>>>>>> even when HTTP is used as part of another protocol or > > >>>>>>>>>>> without an > > >>>>>>>>>>> explicit HTTP URL. For example, clients that support > > >>>>>>>>>>> HTTPS RRs and > > >>>>>>>>>>> implement the altered WebSocket <xref target="RFC6455"/> > > >>>>>>>>>>> opening > > >>>>>>>>>>> handshake from the W3C Fetch specification <xref > > >>>>>>>>>>> target="FETCH"/> > > >>>>>>>>>>> <bcp14>SHOULD</bcp14> use HTTPS RRs for the > > >>>>>>>>>>> <tt>requestURL</tt>. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> All HTTP connections to named origins are eligible to use > > >>>>>>>>>>> HTTPS RRs, > > >>>>>>>>>>> even when HTTP is used as part of another protocol or > > >>>>>>>>>>> without an > > >>>>>>>>>>> explicit HTTP-related URI scheme (<relref target="RFC9110" > > >>>>>>>>>>> section="4.2"/>). For example, clients that support HTTPS > > >>>>>>>>>>> RRs and > > >>>>>>>>>>> implement <xref target="RFC6455"/> using the altered > > >>>>>>>>>>> opening handshake > > >>>>>>>>>>> from <xref target="FETCH-WEBSOCKETS"/> > > >>>>>>>>>>> <bcp14>SHOULD</bcp14> use HTTPS RRs for the > > >>>>>>>>>>> <tt>requestURL</tt>. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 14. Section 10.3: We had trouble following > > >>>>>>>>>>> "various interpretations of RFCs" in the first sentence… > > >>>>>>>>>>> We’ve replaced this vague statement by a reference to the > > >>>>>>>>>>> BIND documentation for the behavior in question. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Note that some implementations may not allow A or AAAA > > >>>>>>>>>>> records on > > >>>>>>>>>>> names starting with an underscore due to various > > >>>>>>>>>>> interpretations of RFCs. > > >>>>>>>>>>> This could be an operational issue when the TargetName > > >>>>>>>>>>> contains an > > >>>>>>>>>>> Attrleaf label, as well as using a TargetName of "." when > > >>>>>>>>>>> the owner name contains an Attrleaf label. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> Some authoritative DNS servers may not allow A or AAAA > > >>>>>>>>>>> records on > > >>>>>>>>>>> names starting with an underscore (e.g., <xref > > >>>>>>>>>>> target="BIND-CHECK-NAMES"/>). > > >>>>>>>>>>> This could create an operational issue when the TargetName > > >>>>>>>>>>> contains an > > >>>>>>>>>>> Attrleaf label, or when using a TargetName of "." if the > > >>>>>>>>>>> owner name contains an Attrleaf label. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 15. Section 11: We do not see the word > > >>>>>>>>>>> "stapling" or "staple" in RFC 6066. Please confirm that > > >>>>>>>>>>> this citation will be clear to readers. > > >>>>>>>>>>> We’ve adjusted this sentence to expand “OCSP” and mention > > >>>>>>>>>>> “Certificate Status Request”, which is the formal name > > >>>>>>>>>>> from RFC 6066. > > >>>>>>>>>>> (We’ve preserved the term “stapling” because it is much > > >>>>>>>>>>> more widely > > >>>>>>>>>>> understood and commonly used than the formal name.) > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Server operators implementing this standard > > >>>>>>>>>>> <bcp14>SHOULD</bcp14> also > > >>>>>>>>>>> implement TLS 1.3 <xref target="RFC8446"/> and Online > > >>>>>>>>>>> Certificate Status Protocol (OCSP) Stapling <xref > > >>>>>>>>>>> target="RFC6066"/>, both of which confer substantial > > >>>>>>>>>>> performance and > > >>>>>>>>>>> privacy benefits when used in combination with SVCB > > >>>>>>>>>>> records. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> Server operators implementing this standard > > >>>>>>>>>>> <bcp14>SHOULD</bcp14> also > > >>>>>>>>>>> implement TLS 1.3 <xref target="RFC8446"/> and Online > > >>>>>>>>>>> Certificate > > >>>>>>>>>>> Status Protocol (OCSP) Stapling (i.e., Certificate Status > > >>>>>>>>>>> Request in > > >>>>>>>>>>> <xref target="RFC6066" section="8" sectionFormat="of"/>), > > >>>>>>>>>>> both of > > >>>>>>>>>>> which confer substantial performance and privacy benefits > > >>>>>>>>>>> when used in > > >>>>>>>>>>> combination with SVCB records.</t> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 16. Section 12: "unintended access" reads oddly > > >>>>>>>>>>> here. If the suggested text is not correct, should the > > >>>>>>>>>>> word "unintended" be removed? > > >>>>>>>>>>> We’ve rephrased this in a way that avoids the word > > >>>>>>>>>>> “unintended” and improves specificity. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> If the attacker can influence the > > >>>>>>>>>>> client's payload (e.g., TLS session ticket contents) and > > >>>>>>>>>>> an internal > > >>>>>>>>>>> service has a sufficiently lax parser, it's possible that > > >>>>>>>>>>> the attacker > > >>>>>>>>>>> could gain unintended access. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> If the attacker can influence the > > >>>>>>>>>>> client's payload (e.g., TLS session ticket contents) and > > >>>>>>>>>>> an internal > > >>>>>>>>>>> service has a sufficiently lax parser, the attacker could > > >>>>>>>>>>> gain access > > >>>>>>>>>>> to the internal service. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 17. FYI, we have changed two instances of > > >>>>>>>>>>> "Service Binding" to "service binding" because it written > > >>>>>>>>>>> in lowercase where used generally in this document. We will > > >>>>>>>>>>> ask IANA… > > >>>>>>>>>>> We’ve changed the description in the IANA instructions to > > >>>>>>>>>>> use the > > >>>>>>>>>>> more precise term “SVCB-compatible” instead. (The > > >>>>>>>>>>> original IANA > > >>>>>>>>>>> instructions may predate this term.) > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 18. The following ACTION text indicates that the > > >>>>>>>>>>> "Service Parameter Keys (SvcParamKeys)" registry should > > >>>>>>>>>>> appear on the "Domain Name System (DNS) Parameters" page. > > >>>>>>>>>>> However, the registry appears on a page under the heading > > >>>>>>>>>>> "DNS Service Bindings (SVCB)" > > >>>>>>>>>>> This disparity may have occurred because IANA reorganized > > >>>>>>>>>>> their website after the original instructions were written. > > >>>>>>>>>>> The current location of the registry correctly reflects the > > >>>>>>>>>>> authors’ intent, and we have updated the draft to describe > > >>>>>>>>>>> the new location. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 19. Because the IANA registry does not include a > > >>>>>>>>>>> "Meaning" column, we have updated the text as shown below. > > >>>>>>>>>>> Please let us know if any updates are required. > > >>>>>>>>>>> This change is correct. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 20. Appendix A: Because Section 3.3 of RFC > > >>>>>>>>>>> 1035 says "<character-string> is treated as binary > > >>>>>>>>>>> information, and can be up to 256 characters in length > > >>>>>>>>>>> (including the length octet)", we updated this sentence to > > >>>>>>>>>>> clarify the meaning of "same as". If this is incorrect, > > >>>>>>>>>>> please provide text that clarifies the meaning of "same > > >>>>>>>>>>> as". > > >>>>>>>>>>> This change is not correct. We have adjusted the text to > > >>>>>>>>>>> provide a clearer distinction between “<character-string>” > > >>>>>>>>>>> (which is binary) and the textual representation used to > > >>>>>>>>>>> generate it. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> DNS zone files are capable of representing arbitrary octet > > >>>>>>>>>>> sequences > > >>>>>>>>>>> in basic ASCII text, using various delimiters and > > >>>>>>>>>>> encodings. The > > >>>>>>>>>>> algorithm for decoding these character strings is defined > > >>>>>>>>>>> in <xref section="5.1" sectionFormat="of" > > >>>>>>>>>>> target="RFC1035"/>. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> DNS zone files are capable of representing arbitrary octet > > >>>>>>>>>>> sequences > > >>>>>>>>>>> in basic ASCII text, using various delimiters and > > >>>>>>>>>>> encodings, according > > >>>>>>>>>>> to an algorithm defined in <xref section="5.1" > > >>>>>>>>>>> sectionFormat="of" target="RFC1035"/>. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> In this document, this algorithm is referred to as > > >>>>>>>>>>> "character-string decoding". > > >>>>>>>>>>> The algorithm is the same as the guideline for > > >>>>>>>>>>> <tt><character-string></tt> provided in <xref > > >>>>>>>>>>> target="RFC1035" sectionFormat="of" section="3.3"/>, except > > >>>>>>>>>>> that in this document the output length is not limited to > > >>>>>>>>>>> 255 octets. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> In this document, this algorithm is referred to as > > >>>>>>>>>>> "character-string > > >>>>>>>>>>> decoding", because it is used to produce a > > >>>>>>>>>>> <tt><character-string></tt> in <xref > > >>>>>>>>>>> target="RFC1035" > > >>>>>>>>>>> sectionFormat="of" section="5.1"/>. Note that while the > > >>>>>>>>>>> length of a > > >>>>>>>>>>> <tt><character-string></tt> is limited to 255 > > >>>>>>>>>>> octets, the > > >>>>>>>>>>> character-string decoding algorithm can produce output of > > >>>>>>>>>>> any > > >>>>>>>>>>> length.</t> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 21. Appendix C.4: We changed "the > > >>>>>>>>>>> authoritative" at the end of this sentence to "the > > >>>>>>>>>>> authoritative DNS server". > > >>>>>>>>>>> This change is correct. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 22. Appendix D.2: Do "target (root label)" and > > >>>>>>>>>>> "target, root label" mean the same thing? If yes, should > > >>>>>>>>>>> they both be expressed in the same way (i.e., either > > >>>>>>>>>>> parentheses or comma)? Also, should "length: 2 bytes" be > > >>>>>>>>>>> "length 2", per the format of all other "# length" and "; > > >>>>>>>>>>> length" entries? > > >>>>>>>>>>> Yes, these carry the same meaning. We have incorporated > > >>>>>>>>>>> these changes to improve consistency. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 23. The example.com line in Figure 8 extends > > >>>>>>>>>>> beyond the 72-character limit. > > >>>>>>>>>>> 24. Figure 8: The "example.com." line is too > > >>>>>>>>>>> long… > > >>>>>>>>>>> We have adjusted this figure as suggested to fit within the > > >>>>>>>>>>> 72-character limit. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 25. Figures 14 and 15: Should "mandatory" be > > >>>>>>>>>>> written in the same way in both titles (i.e., either > > >>>>>>>>>>> lowercase and quoted or initial-capitalized and unquoted)? > > >>>>>>>>>>> No. In one case, it refers to an item that must be > > >>>>>>>>>>> present; in the other it refers to the literal 9-character > > >>>>>>>>>>> sequence “mandatory”. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 26. "Acknowledgments and Related Proposals" > > >>>>>>>>>>> reads oddly, in that the two ideas seem unrelated. "... > > >>>>>>>>>>> proposed solutions ...challenge proposed" reads oddly as > > >>>>>>>>>>> well. May we make a new Section 15 ("Related Proposals") … > > >>>>>>>>>>> ? > > >>>>>>>>>>> We’ve reformulated this paragraph to make clear that the > > >>>>>>>>>>> related proposals are mentioned by way of acknowledgement > > >>>>>>>>>>> and gratitude. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 27. Please review the "Inclusive Language" > > >>>>>>>>>>> portion of the online Style Guide … > > >>>>>>>>>>> We have reviewed this guidance but did not find any changes > > >>>>>>>>>>> that could be made on this basis. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> 28. Please let us know if any changes are needed > > >>>>>>>>>>> for the following [capitalization consistency issues] > > >>>>>>>>>>> We have attempted to correct these issues to improve > > >>>>>>>>>>> consistency. In the case of ALPN, we have clarified some > > >>>>>>>>>>> uses as “ALPN protocol” or “ALPN ID”. > > >>>>>>>>>>> ------------ > > >>>>>>>>>>> Additionally, we made several edits in response to a late- > > >>>>>>>>>>> arriving review from the DNS Directorate, as Warren > > >>>>>>>>>>> indicated. These are highlighted below, in no particular > > >>>>>>>>>>> order. > > >>>>>>>>>>> # Positive and negative DNSSEC (Section 4.1) > > >>>>>>>>>>> Original: > > >>>>>>>>>>> If the zone is signed, the server SHOULD also include > > >>>>>>>>>>> positive or > > >>>>>>>>>>> negative DNSSEC responses for these records in the > > >>>>>>>>>>> Additional section. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> If the zone is signed, the server SHOULD also include > > >>>>>>>>>>> DNSSEC records > > >>>>>>>>>>> authenticating the existence or nonexistence of these > > >>>>>>>>>>> records in the > > >>>>>>>>>>> Additional section. > > >>>>>>>>>>> # Use of “origin” for concepts other than HTTP origins > > >>>>>>>>>>> - In 1.1, “an origin within the DNS” => “a service > > >>>>>>>>>>> identified by a domain name” > > >>>>>>>>>>> - In 3.1, “origin’s SVCB record” => “service’s SVCB record” > > >>>>>>>>>>> - In 7.3, “origin hostname” => “service name” > > >>>>>>>>>>> - In 9.3, “origin endpoint” => “authority endpoint” > > >>>>>>>>>>> - In 12, “origin” => “authoritative server” > > >>>>>>>>>>> # Use of “delegation” outside the sense of DNS zone > > >>>>>>>>>>> delegation > > >>>>>>>>>>> - In 1, “delegating the origin” => “aliasing the origin” > > >>>>>>>>>>> - In 1.1, “delegation of operational authority for an > > >>>>>>>>>>> origin within > > >>>>>>>>>>> the DNS to an alternate name.” => “extending operational > > >>>>>>>>>>> authority for > > >>>>>>>>>>> a service identified by a domain name to other instances > > >>>>>>>>>>> with > > >>>>>>>>>>> alternate names.” (overlap with previous set) > > >>>>>>>>>>> - In 1.1, “apex delegation” => “apex aliasing” > > >>>>>>>>>>> - In 3.2, “It allows the service to delegate the apex > > >>>>>>>>>>> domain.” => “It allows a service on an apex domain to use > > >>>>>>>>>>> aliasing.” > > >>>>>>>>>>> - In Figure 1 (caption), “Is Delegated to” => “Is Available > > >>>>>>>>>>> At” > > >>>>>>>>>>> # Inconsistency of terms for list and sorting in Section 3 > > >>>>>>>>>>> - “enumerating the priority-ordered endpoints” => > > >>>>>>>>>>> “enumerating and ordering the available endpoints” > > >>>>>>>>>>> - Addition of “Sort the records by ascending SvcPriority.” > > >>>>>>>>>>> to step 4. > > >>>>>>>>>>> - “known endpoints” => “available endpoints” > > >>>>>>>>>>> - “priority list” => “list of endpoints” > > >>>>>>>>>>> - “the resolved list” => “this list” > > >>>>>>>>>>> # Vague performance statements > > >>>>>>>>>>> In 2.4.2, removed “which would likely improve performance” > > >>>>>>>>>>> # No such thing as empty RRset > > >>>>>>>>>>> Original: > > >>>>>>>>>>> If the SVCB RRset contains no compatible RRs, the client > > >>>>>>>>>>> will generally act as if the RRset is empty. > > >>>>>>>>>>> Current: > > >>>>>>>>>>> Incompatible RRs are ignored (see step 5 of the procedure > > >>>>>>>>>>> defined in <xref target="client-behavior"/>). > > >>>>>>>>>>> ------------ > > >>>>>>>>>>> Finally, with regard to the changes from our previous e- > > >>>>>>>>>>> mail: The attached file incorporates your proposed changes. > > >>>>>>>>>>> We have made one adjustment, where <tt> was already being > > >>>>>>>>>>> used around a hostname which is now quoted. The > > >>>>>>>>>>> combination is probably not necessary; for consistency, we > > >>>>>>>>>>> can align on quotes. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> When using the generic SVCB RR type with aliasing, zone > > >>>>>>>>>>> owners > > >>>>>>>>>>> <bcp14>SHOULD</bcp14> choose alias target names that > > >>>>>>>>>>> indicate the > > >>>>>>>>>>> scheme in use (e.g., <tt>"foosvc.example.net"</tt> for > > >>>>>>>>>>> <tt>"foo://"</tt> schemes). This will help to avoid > > >>>>>>>>>>> confusion when > > >>>>>>>>>>> another scheme needs to be added to the configuration. > > >>>>>>>>>>> When multiple > > >>>>>>>>>>> port numbers are in use, it may be helpful to repeat the > > >>>>>>>>>>> prefix labels in the alias target name (e.g., > > >>>>>>>>>>> <tt>"_1234._foo.svc.example.net"</tt>). > > >>>>>>>>>>> Current: > > >>>>>>>>>>> When using the generic SVCB RR type with aliasing, zone > > >>>>>>>>>>> owners > > >>>>>>>>>>> <bcp14>SHOULD</bcp14> choose alias target names that > > >>>>>>>>>>> indicate the > > >>>>>>>>>>> scheme in use (e.g., "foosvc.example.net" for "foo" > > >>>>>>>>>>> schemes). This > > >>>>>>>>>>> will help to avoid confusion when another scheme needs to > > >>>>>>>>>>> be added to > > >>>>>>>>>>> the configuration. When multiple port numbers are in use, > > >>>>>>>>>>> it may be > > >>>>>>>>>>> helpful to repeat the prefix labels in the alias target > > >>>>>>>>>>> name (e.g., "_1234._foo.svc.example.net"). > > >>>>>>>>>>> We have also removed the “://”, which is not properly part > > >>>>>>>>>>> of the scheme. > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>> -----Original Message----- > > >>>>>>>>>>> From: Lynne Bartholomew <lbartholomew@amsl.com> > > >>>>>>>>>>> Sent: Friday, September 22, 2023 2:39 PM > > >>>>>>>>>>> To: Mike Bishop <mbishop@evequefou.be>; ietf@bemasc.net; > > >>>>>>>>>>> erik+ietf@nygren.org > > >>>>>>>>>>> Cc: rfc-editor@rfc-editor.org; dnsop-ads@ietf.org; > > >>>>>>>>>>> dnsop-chairs@ietf.org; tjw.ietf@gmail.com; > > >>>>>>>>>>> auth48archive@rfc-editor.org > > >>>>>>>>>>> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop- > > >>>>>>>>>>> svcb-https-12> > > >>>>>>>>>>> for your review Hi, Mike and coauthors. > > >>>>>>>>>>> Mike, apologies for our confusion with the emails > > >>>>>>>>>>> yesterday. We have updated this document per your notes > > >>>>>>>>>>> below. Please see our "[rfced]" notes inline. > > >>>>>>>>>>> Also, apologies for an issue regarding an update to Section > > >>>>>>>>>>> 14.4. The updated section is now correct. We also removed > > >>>>>>>>>>> a duplicate question regarding Figure 8. > > >>>>>>>>>>> The latest files are posted here. Please refresh your > > >>>>>>>>>>> browser to view the latest updates and the updated list of > > >>>>>>>>>>> questions: > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.txt > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.pdf > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.html > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.xml > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-diff.html > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-rfcdiff.html > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460- > > >>>>>>>>>>> auth48diff.html > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-alt-diff.html > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-xmldiff2.html > > >>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-alt-diff.html > > >>>>>>>>>>> Thank you, and again, apologies for our confusion. > > >>>>>>>>>>> RFC Editor/lb > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>>> On Sep 20, 2023, at 1:33 PM, Mike Bishop > > >>>>>>>>>>>> <mbishop@evequefou.be> wrote: > > >>>>>>>>>>>>> A couple points from the copy-edits I wanted to discuss > > >>>>>>>>>>>>> as we go through these…. > > >>>>>>>>>>>>> Under SVC Query Names, I see this change: > > >>>>>>>>>>>>> Original: > > >>>>>>>>>>>> When querying the SVCB RR, a service is translated into a > > >>>>>>>>>>>> QNAME by > > >>>>>>>>>>>> prepending the service name with a label indicating the > > >>>>>>>>>>>> scheme, > > >>>>>>>>>>>> prefixed with an underscore, resulting in a domain name > > >>>>>>>>>>>> like "_examplescheme.api.example.com.". > > >>>>>>>>>>>>> Current: > > >>>>>>>>>>>> When querying the SVCB RR, a service is translated into a > > >>>>>>>>>>>> QNAME by > > >>>>>>>>>>>> prepending the service name with a label indicating the > > >>>>>>>>>>>> scheme, > > >>>>>>>>>>>> prefixed with an underscore, resulting in a domain name > > >>>>>>>>>>>> like "_examplescheme.api.example.com." > > >>>>>>>>>>>>> In this instance, however, the literal domain name ends > > >>>>>>>>>>>>> with a period. Given the general rule in American > > >>>>>>>>>>>>> English that the period goes inside the quotation marks > > >>>>>>>>>>>>> and not outside, the absence of the explicit exterior > > >>>>>>>>>>>>> period might cause some readers to apply that rule and > > >>>>>>>>>>>>> not expect the actual domain name to contain the trailing > > >>>>>>>>>>>>> dot; hence the separate period in the original. > > >>>>>>>>>>>>> Could we revert this change, or is there a different way > > >>>>>>>>>>>>> we could word this to avoid any confusion? > > >>>>>>>>>>> [rfced] Reverted. Thank you for the explanation. > > >>>>>>>>>>>>> Under AliasMode, quotes were added to offset > > >>>>>>>>>>>>> “https://example.com ”, but similar quotes were not added > > >>>>>>>>>>>>> around “foo://example.com:8080”. Should all URIs be > > >>>>>>>>>>>>> quoted, if this one is? > > >>>>>>>>>>>> [rfced] We added quotes to URIs listed in text. Please > > >>>>>>>>>>>> review and let us know if any of the new quotes are > > >>>>>>>>>>>> incorrect (e.g., we added quotes for 'owner of > > >>>>>>>>>>>> "example.com"' because we found 'the operator of > > >>>>>>>>>>>> "https://example.com "', but is this update correct?). > > >>>>>>>>>>>> Regarding the hyphenation of “SVCB-optional” and “SVCB- > > >>>>>>>>>>>> reliant”: > > >>>>>>>>>>>>> Original: > > >>>>>>>>>>>> A client is called "SVCB-optional" if it can connect > > >>>>>>>>>>>> without the use > > >>>>>>>>>>>> of ServiceMode records, and "SVCB-reliant" otherwise. > > >>>>>>>>>>>>> Current: > > >>>>>>>>>>>> A client is called "SVCB optional" if it can connect > > >>>>>>>>>>>> without the use > > >>>>>>>>>>>> of ServiceMode records; otherwise, it is called "SVCB > > >>>>>>>>>>>> reliant". > > >>>>>>>>>>>>> These terms are used primarily as adjectives before a > > >>>>>>>>>>>>> noun (and therefore hyphenated) and in a few instances > > >>>>>>>>>>>>> with a verb in between. It seems unclear not to > > >>>>>>>>>>>>> hyphenate the definition of the terms when that’s > > >>>>>>>>>>>>> primarily how they’re used, for ease of searching. For > > >>>>>>>>>>>>> uniformity, could we hyphenate these terms throughout? > > >>>>>>>>>>>>> If I understand the rule correctly, a compound adjective > > >>>>>>>>>>>>> is *generally* not hyphenated when not before a noun, but > > >>>>>>>>>>>>> some are. > > >>>>>>>>>>>>> (The same applies to “SVCB-compatible” later.) > > >>>>>>>>>>> [rfced] We restored the hyphens. > > >>>>>>>>>>> Updated list of questions: > > >>>>>>>>>>> 1) <!-- [rfced] We expanded "RR" in the document title. > > >>>>>>>>>>> Please let us know any objections. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Service binding and parameter specification via the DNS > > >>>>>>>>>>> (DNS SVCB and > > >>>>>>>>>>> HTTPS RRs) > > >>>>>>>>>>> Currently: > > >>>>>>>>>>> Service Binding and Parameter Specification via the DNS > > >>>>>>>>>>> (DNS SVCB and > > >>>>>>>>>>> HTTPS Resource Records (RRs)) --> > > >>>>>>>>>>> 2) <!-- [rfced] Please insert any keywords (beyond those > > >>>>>>>>>>> that appear > > >>>>>>>>>>> in the > > >>>>>>>>>>> title) for use on <https://www.rfc-editor.org/search >. --> > > >>>>>>>>>>> 3) <!-- [rfced] Datatracker "idnits" output for the > > >>>>>>>>>>> original approved document included the following warning. > > >>>>>>>>>>> Please let us know if any changes are needed as related to > > >>>>>>>>>>> this warning: > > >>>>>>>>>>> == There are 2 instances of lines with non-RFC2606- > > >>>>>>>>>>> compliant FQDNs in the > > >>>>>>>>>>> document. --> > > >>>>>>>>>>> 4) <!-- [rfced] Section 1.1: We changed this section > > >>>>>>>>>>> title, as it did not match the contents of the section. If > > >>>>>>>>>>> this update is incorrect, perhaps some text is missing? If > > >>>>>>>>>>> so, please clarify "goal" vs. > > >>>>>>>>>>> "goals". > > >>>>>>>>>>> Original (excerpts from this section are included for > > >>>>>>>>>>> context): > > >>>>>>>>>>> 1.1. Goals of the SVCB RR > > >>>>>>>>>>> The goal of the SVCB RR is to allow clients to resolve a > > >>>>>>>>>>> single > > >>>>>>>>>>> additional DNS RR in a way that: > > >>>>>>>>>>> ... > > >>>>>>>>>>> Additional goals specific to HTTPS RRs and the HTTP use- > > >>>>>>>>>>> cases > > >>>>>>>>>>> include: > > >>>>>>>>>>> Currently: > > >>>>>>>>>>> 1.1. Goals --> > > >>>>>>>>>>> 5) <!-- [rfced] Please review the "type" attribute of each > > >>>>>>>>>>> sourcecode element in the XML file to ensure correctness. > > >>>>>>>>>>> If the current list of preferred values for "type" > > >>>>>>>>>>> (https://www.rfc-editor.org/materials/sourcecode-types.txt > > >>>>>>>>>>> ) does not contain an applicable type, please let us know. > > >>>>>>>>>>> Also, it is acceptable to leave the "type" attribute not > > >>>>>>>>>>> set. > > >>>>>>>>>>> In addition, review each artwork element. Specifically, > > >>>>>>>>>>> should any artwork element be tagged as sourcecode (e.g., > > >>>>>>>>>>> "dns-rr", "pseudocode", or "test-vectors" for some or all > > >>>>>>>>>>> of the figures in the appendices)? --> > > >>>>>>>>>>> 6) <!-- [rfced] Section 2.4.2: As it appears that > > >>>>>>>>>>> "multiple" means "multiple RRs" (as opposed to "multiple > > >>>>>>>>>>> RRSets"), we updated this sentence accordingly. If this is > > >>>>>>>>>>> incorrect, please provide clarifying text. > > >>>>>>>>>>> Original (the previous sentence is included for context): > > >>>>>>>>>>> In AliasMode, the SVCB record aliases a service to a > > >>>>>>>>>>> TargetName. > > >>>>>>>>>>> SVCB RRSets SHOULD only have a single resource record in > > >>>>>>>>>>> AliasMode. > > >>>>>>>>>>> If multiple are present, clients or recursive resolvers > > >>>>>>>>>>> SHOULD pick one at random. > > >>>>>>>>>>> Currently: > > >>>>>>>>>>> If multiple > > >>>>>>>>>>> RRs are present, clients or recursive resolvers SHOULD pick > > >>>>>>>>>>> one at random. --> > > >>>>>>>>>>> 7) <!-- [rfced] Section 4.2: Is resolution of unknown RR > > >>>>>>>>>>> types the only type of normal response construction, or > > >>>>>>>>>>> should "i.e." ("that is") be "e.g." ("for example") here? > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Whether the recursive resolver is aware of SVCB or not, > > >>>>>>>>>>> the normal > > >>>>>>>>>>> response construction process (i.e. unknown RR type > > >>>>>>>>>>> resolution under > > >>>>>>>>>>> [RFC3597]) generates the Answer section of the response. > > >>>>>>>>>>> --> > > >>>>>>>>>>> 8) <!-- [rfced] Section 4.3: Does "even if the contents > > >>>>>>>>>>> are invalid" > > >>>>>>>>>>> refer to the "MUST" clause, the "MAY" clause, or both? > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Recursive resolvers MUST be able to convey SVCB records > > >>>>>>>>>>> with unrecognized SvcParamKeys, and MAY treat the entire > > >>>>>>>>>>> SvcParams portion of the record as opaque, even if the > > >>>>>>>>>>> contents are invalid. > > >>>>>>>>>>> (A) Perhaps (both): > > >>>>>>>>>>> Recursive resolvers MUST be able to convey SVCB records > > >>>>>>>>>>> with unrecognized SvcParamKeys and MAY treat the entire > > >>>>>>>>>>> SvcParams portion of the record as opaque, even if the > > >>>>>>>>>>> contents are invalid. > > >>>>>>>>>>> (B) Or possibly (only the "MAY" clause): > > >>>>>>>>>>> Recursive resolvers MUST be able to convey SVCB records > > >>>>>>>>>>> with unrecognized SvcParamKeys, and the resolvers MAY > > >>>>>>>>>>> treat the entire SvcParams portion of the record as opaque > > >>>>>>>>>>> even if the contents are invalid. > > >>>>>>>>>>> (C) Or to be specific (instead of rely only on the comma): > > >>>>>>>>>>> Recursive resolvers MUST be able to convey SVCB records > > >>>>>>>>>>> with > > >>>>>>>>>>> unrecognized SvcParamKeys, and the resolvers MAY treat the > > >>>>>>>>>>> entire > > >>>>>>>>>>> SvcParams portion of the record as opaque even if the > > >>>>>>>>>>> contents > > >>>>>>>>>>> (of that portion) are invalid. --> > > >>>>>>>>>>> 9) <!-- [rfced] Section 7.2: Should "this SvcParam" be > > >>>>>>>>>>> "this > > >>>>>>>>>>> SvcParamValue" here? We ask because we see two instances > > >>>>>>>>>>> of > > >>>>>>>>>>> "SvcParamValue MUST NOT contain escape sequences" later in > > >>>>>>>>>>> this > > >>>>>>>>>>> document. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> To enable simpler parsing, this SvcParam MUST NOT contain > > >>>>>>>>>>> escape > > >>>>>>>>>>> sequences. --> > > >>>>>>>>>>> 10) <!-- [rfced] Section 9.1: Please clarify the meaning > > >>>>>>>>>>> of > > >>>>>>>>>>> "Following of". > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Following of HTTPS AliasMode RRs and CNAME aliases is > > >>>>>>>>>>> unchanged from > > >>>>>>>>>>> SVCB. --> > > >>>>>>>>>>> 11) <!--[rfced] Should the instances of "9443" be "8443" > > >>>>>>>>>>> here? > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Alt-Svc: h2="alt.example:443", > > >>>>>>>>>>> h2="alt2.example:443", h3=":8443" > > >>>>>>>>>>> > The > > >>>>>>>>>>> client would retrieve the following HTTPS records: > > >>>>>>>>>>> > alt.example. > > >>>>>>>>>>> IN HTTPS 1 . alpn=h2,h3 foo=... > > >>>>>>>>>>> alt2.example. IN HTTPS 1 > > >>>>>>>>>>> alt2b.example. alpn=h3 foo=... > > >>>>>>>>>>> _8443._https.example.com. IN HTTPS > > >>>>>>>>>>> 1 alt3.example. ( > > >>>>>>>>>>> port=9443 alpn=h2,h3 foo=... ) > > >>>>>>>>>>> [...] > > >>>>>>>>>>> > * > > >>>>>>>>>>> HTTP/3 to alt3.example:9443 --> > > >>>>>>>>>>> 12) <!-- [rfced] Section 9.4 and Table 1: Does "ECH" > > >>>>>>>>>>> refer to > > >>>>>>>>>>> citations for draft-ietf-tls-esni and not to "Encrypted > > >>>>>>>>>>> ClientHello" > > >>>>>>>>>>> in general, or does it refer to some (unknown) future > > >>>>>>>>>>> specification > > >>>>>>>>>>> related to ECH (in which case the text should be > > >>>>>>>>>>> clarified)? > > >>>>>>>>>>> Please note that we could not find any indication in > > >>>>>>>>>>> draft-ietf-tls-esni that the parameter in question will be > > >>>>>>>>>>> reserved > > >>>>>>>>>>> for it. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Clients MUST NOT use an HTTPS RR response unless the > > >>>>>>>>>>> client supports > > >>>>>>>>>>> TLS Server Name Indication (SNI) and indicates the origin > > >>>>>>>>>>> name in the > > >>>>>>>>>>> TLS ClientHello (which might be encrypted via a future > > >>>>>>>>>>> specification > > >>>>>>>>>>> such as ECH). > > >>>>>>>>>>> ... > > >>>>>>>>>>> | 5 | ech | RESERVED |N/A > > >>>>>>>>>>> |IETF | > > >>>>>>>>>>> | | | (will be | | > > >>>>>>>>>>> | > > >>>>>>>>>>> | | | used for | | > > >>>>>>>>>>> | > > >>>>>>>>>>> | | | ECH) | | > > >>>>>>>>>>> | --> > > >>>>>>>>>>> 13) <!-- [rfced] Section 9.6: > > >>>>>>>>>>> Should 'HTTP URL' be '"http" URL'? We ask because we do > > >>>>>>>>>>> not see > > >>>>>>>>>>> 'HTTP URL' used anywhere else in this document or in this > > >>>>>>>>>>> cluster of > > >>>>>>>>>>> documents (https://www.rfc- > > >>>>>>>>>>> editor.org/cluster_info.php?cid=C461 ). > > >>>>>>>>>>> Also, we could not find any instances of "requestURL" in > > >>>>>>>>>>> [WebSocket], > > >>>>>>>>>>> any other published RFC, or [FETCH]. However, we see > > >>>>>>>>>>> "Request-URI" > > >>>>>>>>>>> in [WebSocket]. Will the use of "requestURL" be clear to > > >>>>>>>>>>> readers? > > >>>>>>>>>>> Original: > > >>>>>>>>>>> All HTTP connections to named origins are eligible to use > > >>>>>>>>>>> HTTPS RRs, > > >>>>>>>>>>> even when HTTP is used as part of another protocol or > > >>>>>>>>>>> without an > > >>>>>>>>>>> explicit HTTP URL. For example, clients that support > > >>>>>>>>>>> HTTPS RRs and > > >>>>>>>>>>> implement the altered WebSocket [WebSocket] opening > > >>>>>>>>>>> handshake from the > > >>>>>>>>>>> W3C Fetch specification [FETCH] SHOULD use HTTPS RRs for > > >>>>>>>>>>> the > > >>>>>>>>>>> requestURL. --> > > >>>>>>>>>>> 14) <!-- [rfced] Section 10.3: We had trouble following > > >>>>>>>>>>> "various > > >>>>>>>>>>> interpretations of RFCs" in the first sentence, as it > > >>>>>>>>>>> appears to > > >>>>>>>>>>> indicate that the RFCs themselves are being interpreted. > > >>>>>>>>>>> Also, the > > >>>>>>>>>>> second sentence does not parse. Would the "Perhaps" text > > >>>>>>>>>>> below be > > >>>>>>>>>>> helpful? If not, please provide clarifying text. > > >>>>>>>>>>> Original ("an TargetName" has been fixed): > > >>>>>>>>>>> Note that some implementations may not allow A or AAAA > > >>>>>>>>>>> records on > > >>>>>>>>>>> names starting with an underscore due to various > > >>>>>>>>>>> interpretations of > > >>>>>>>>>>> RFCs. This could be an operational issue when the > > >>>>>>>>>>> TargetName contains > > >>>>>>>>>>> an attrleaf label, as well as using an TargetName of "." > > >>>>>>>>>>> when the owner name contains an attrleaf label. > > >>>>>>>>>>> Perhaps: > > >>>>>>>>>>> Note that some implementations may not allow A or AAAA > > >>>>>>>>>>> records on > > >>>>>>>>>>> names that start with an underscore, due to various > > >>>>>>>>>>> interpretations in > > >>>>>>>>>>> other RFCs. This could be an operational issue when the > > >>>>>>>>>>> TargetName > > >>>>>>>>>>> contains an Attrleaf label, as well as when a TargetName > > >>>>>>>>>>> of "." is > > >>>>>>>>>>> used when the owner name contains an Attrleaf label. --> > > >>>>>>>>>>> 15) <!-- [rfced] Section 11: We do not see the word > > >>>>>>>>>>> "stapling" or > > >>>>>>>>>>> "staple" in RFC 6066. Please confirm that this citation > > >>>>>>>>>>> will be clear > > >>>>>>>>>>> to readers. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Server operators implementing this standard SHOULD also > > >>>>>>>>>>> implement TLS > > >>>>>>>>>>> 1.3 [RFC8446] and OCSP Stapling [RFC6066], both of which > > >>>>>>>>>>> confer > > >>>>>>>>>>> substantial performance and privacy benefits when used in > > >>>>>>>>>>> combination > > >>>>>>>>>>> with SVCB records. --> > > >>>>>>>>>>> 16) <!-- [rfced] Section 12: "unintended access" reads > > >>>>>>>>>>> oddly here. > > >>>>>>>>>>> If the suggested text is not correct, should the word > > >>>>>>>>>>> "unintended" > > >>>>>>>>>>> be removed? Please provide alternative text if you'd like > > >>>>>>>>>>> to > > >>>>>>>>>>> rephrase. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> If the attacker can influence the client's payload (e.g. > > >>>>>>>>>>> TLS session ticket contents), and an internal service has > > >>>>>>>>>>> a > > >>>>>>>>>>> sufficiently lax parser, it's possible that the attacker > > >>>>>>>>>>> could gain > > >>>>>>>>>>> unintended access. > > >>>>>>>>>>> Suggested: > > >>>>>>>>>>> If the attacker can influence the client's payload (e.g., > > >>>>>>>>>>> TLS session > > >>>>>>>>>>> ticket contents) and an internal service has a > > >>>>>>>>>>> sufficiently lax > > >>>>>>>>>>> parser, it's possible that, as an unintended consequence, > > >>>>>>>>>>> the attacker > > >>>>>>>>>>> could gain access. --> > > >>>>>>>>>>> 17) <!-- [rfced] FYI, we have changed two instances of > > >>>>>>>>>>> "Service Binding" > > >>>>>>>>>>> to "service binding" because it written in lowercase where > > >>>>>>>>>>> used > > >>>>>>>>>>> generally in this document. We will ask IANA to update > > >>>>>>>>>>> <https://www.iana.org/assignments/dns-parameters/ > > > >>>>>>>>>>> accordingly, unless you let us know you prefer otherwise. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> * Meaning: General Purpose Service Binding Current: > > >>>>>>>>>>> Meaning: General-purpose service binding > > >>>>>>>>>>> Original: > > >>>>>>>>>>> * Meaning: Service Binding type for use with HTTP > > >>>>>>>>>>> Current: > > >>>>>>>>>>> Meaning: Service binding type for use with HTTP > > >>>>>>>>>>> --> > > >>>>>>>>>>> 18) <!-- [rfced] The following ACTION text indicates that > > >>>>>>>>>>> the > > >>>>>>>>>>> "Service Parameter Keys (SvcParamKeys)" registry should > > >>>>>>>>>>> appear on the > > >>>>>>>>>>> "Domain Name System (DNS) Parameters" page. However, the > > >>>>>>>>>>> registry > > >>>>>>>>>>> appears on a page under the heading "DNS Service Bindings > > >>>>>>>>>>> (SVCB)" > > >>>>>>>>>>> (see https://www.iana.org/assignments/dns-svcb/ ). > > >>>>>>>>>>> Please review and > > >>>>>>>>>>> let us know if the location of the "DNS Service Bindings > > >>>>>>>>>>> (SVCB)" > > >>>>>>>>>>> registry is correct. > > >>>>>>>>>>> Original: > > >>>>>>>>>>> ACTION: create this registry, on a new page entitled "DNS > > >>>>>>>>>>> Service > > >>>>>>>>>>> Bindings (SVCB)" under the "Domain Name System (DNS) > > >>>>>>>>>>> Parameters" > > >>>>>>>>>>> category. --> > > >>>>>>>>>>> 19) <!-- [rfced] Section 14.4: Because the "Underscored > > >>>>>>>>>>> and > > >>>>>>>>>>> Globally Scoped DNS Node Names" IANA registry does not > > >>>>>>>>>>> include a "Meaning" > > >>>>>>>>>>> column, we have updated the table as shown below. Please > > >>>>>>>>>>> let us know > > >>>>>>>>>>> if any other updates are required. > > >>>>>>>>>>> Original (to avoid the issue of double dashes and XML > > >>>>>>>>>>> comments, the > > >>>>>>>>>>> bottom line of the table is not included): > > >>>>>>>>>>> Per [Attrleaf], please add the following entry to the DNS > > >>>>>>>>>>> Underscore > > >>>>>>>>>>> Global Scoped Entry Registry: > > >>>>>>>>>>> > +=========+============+=================+=================+ > > >>>>>>>>>>> | RR TYPE | _NODE NAME | Meaning | Reference > > >>>>>>>>>>> | > > >>>>>>>>>>> > +=========+============+=================+=================+ > > >>>>>>>>>>> | HTTPS | _https | HTTPS SVCB info | (This > > >>>>>>>>>>> document) | > > >>>>>>>>>>> Table 2 > > >>>>>>>>>>> Currently: > > >>>>>>>>>>> Per [Attrleaf], the following entry has been added to the > > >>>>>>>>>>> DNS > > >>>>>>>>>>> "Underscored and Globally Scoped DNS Node Names" registry: > > >>>>>>>>>>> +=========+============+===========+ > > >>>>>>>>>>> | RR Type | _NODE NAME | Reference | > > >>>>>>>>>>> +=========+============+===========+ > > >>>>>>>>>>> | HTTPS | _https | RFC 9460 | > > >>>>>>>>>>> Table 2 --> > > >>>>>>>>>>> 20) <!-- [rfced] Appendix A: Because Section 3.3 of RFC > > >>>>>>>>>>> 1035 says > > >>>>>>>>>>> "<character-string> is treated as binary information, and > > >>>>>>>>>>> can be up to > > >>>>>>>>>>> 256 characters in length (including the length octet)", we > > >>>>>>>>>>> updated > > >>>>>>>>>>> this sentence to clarify the meaning of "same as". > > >>>>>>>>>>> If this is incorrect, please provide text that clarifies > > >>>>>>>>>>> the meaning > > >>>>>>>>>>> of "same as". > > >>>>>>>>>>> Original: > > >>>>>>>>>>> The algorithm is the same as used by > > >>>>>>>>>>> <character-string> in RFC 1035, although the output length > > >>>>>>>>>>> in this > > >>>>>>>>>>> document is not limited to 255 octets. > > >>>>>>>>>>> Currently: > > >>>>>>>>>>> The algorithm is the same as the > > >>>>>>>>>>> guideline for <character-string> in [RFC1035], except > > >>>>>>>>>>> that in this > > >>>>>>>>>>> document the output length is not limited to 255 octets. > > >>>>>>>>>>> --> > > >>>>>>>>>>> 21) <!-- [rfced] Appendix C.4: We changed "the > > >>>>>>>>>>> authoritative" at > > >>>>>>>>>>> the end of this sentence to "the authoritative DNS > > >>>>>>>>>>> server". If this > > >>>>>>>>>>> is incorrect, please clarify the meaning of "the > > >>>>>>>>>>> authoritative". > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Recursive resolvers that implement the specification > > >>>>>>>>>>> would, upon > > >>>>>>>>>>> receipt of a ServiceMode query, emit both a ServiceMode > > >>>>>>>>>>> and an > > >>>>>>>>>>> AliasMode query to the authoritative. > > >>>>>>>>>>> Currently: > > >>>>>>>>>>> Recursive resolvers that implement the specification > > >>>>>>>>>>> would, upon > > >>>>>>>>>>> receipt of a ServiceMode query, emit both a ServiceMode > > >>>>>>>>>>> query and an > > >>>>>>>>>>> AliasMode query to the authoritative DNS server. --> > > >>>>>>>>>>> 22) <!-- [rfced] Appendix D.2: Do "target (root label)" > > >>>>>>>>>>> and > > >>>>>>>>>>> "target, root label" mean the same thing? If yes, should > > >>>>>>>>>>> they both be > > >>>>>>>>>>> expressed in the same way (i.e., either parentheses or > > >>>>>>>>>>> comma)? > > >>>>>>>>>>> Also, should "length: 2 bytes" be "length 2", per the > > >>>>>>>>>>> format of all > > >>>>>>>>>>> other "# length" and "; length" entries? > > >>>>>>>>>>> Original: > > >>>>>>>>>>> 00 ; target (root label) > > >>>>>>>>>>> ... > > >>>>>>>>>>> \x00 # target, root label > > >>>>>>>>>>> ... > > >>>>>>>>>>> \x00\x02 # > > >>>>>>>>>>> length: 2 bytes > > >>>>>>>>>>> ... > > >>>>>>>>>>> \x00\x05 # length > > >>>>>>>>>>> 5 > > >>>>>>>>>>> ... > > >>>>>>>>>>> \x00\x09 # length > > >>>>>>>>>>> 9 > > >>>>>>>>>>> ... > > >>>>>>>>>>> \x00\x20 # length > > >>>>>>>>>>> 32 > > >>>>>>>>>>> ... > > >>>>>>>>>>> \x00\x10 # length > > >>>>>>>>>>> 16 --> > > >>>>>>>>>>> 23) <!-- [rfced] Figure 8: The "example.com." line is too > > >>>>>>>>>>> long and > > >>>>>>>>>>> yields the following warning: > > >>>>>>>>>>> Warning: Too long line found (L2319), 4 characters longer > > >>>>>>>>>>> than 72 characters: > > >>>>>>>>>>> example.com. SVCB 1 example.com. > > >>>>>>>>>>> ipv6hint="2001:db8:122:344::192.0.2.33" > > >>>>>>>>>>> We see a similar type of line at the top of Figure 7, > > >>>>>>>>>>> although that > > >>>>>>>>>>> line uses parentheses before and after the line break > > >>>>>>>>>>> around > > >>>>>>>>>>> "ipv6hint". Would it be syntactically correct to format > > >>>>>>>>>>> this line > > >>>>>>>>>>> (i.e., with parentheses and line breaks) per Figure 7? > > >>>>>>>>>>> Original: > > >>>>>>>>>>> example.com. SVCB 1 example.com. > > >>>>>>>>>>> ipv6hint="2001:db8:122:344::192.0.2.33" > > >>>>>>>>>>> Possibly: > > >>>>>>>>>>> example.com. SVCB 1 example.com. ( > > >>>>>>>>>>> ipv6hint="2001:db8:122:344::192.0.2.33" > > >>>>>>>>>>> ) --> > > >>>>>>>>>>> 24) <!-- [rfced] Figures 14 and 15: Should "mandatory" be > > >>>>>>>>>>> written > > >>>>>>>>>>> in the same way in both titles (i.e., either lowercase and > > >>>>>>>>>>> quoted or > > >>>>>>>>>>> initial-capitalized and unquoted)? > > >>>>>>>>>>> Original: > > >>>>>>>>>>> Figure 14: A mandatory SvcParam is missing ... > > >>>>>>>>>>> Figure 15: The "mandatory" SvcParamKey must not be included > > >>>>>>>>>>> in > > >>>>>>>>>>> the mandatory list --> > > >>>>>>>>>>> 25) <!-- [rfced] "Acknowledgments and Related Proposals" > > >>>>>>>>>>> reads > > >>>>>>>>>>> oddly, in that the two ideas seem unrelated. "... proposed > > >>>>>>>>>>> solutions ... > > >>>>>>>>>>> challenge proposed" reads oddly as well. > > >>>>>>>>>>> May we make a new Section 15 ("Related Proposals") and > > >>>>>>>>>>> rephrase some > > >>>>>>>>>>> text as suggested below? > > >>>>>>>>>>> Original: > > >>>>>>>>>>> 15. Acknowledgments and Related Proposals There have > > >>>>>>>>>>> been a wide > > >>>>>>>>>>> range of proposed solutions over the years to the "CNAME > > >>>>>>>>>>> at the Zone > > >>>>>>>>>>> Apex" challenge proposed. These include > > >>>>>>>>>>> [I-D.bellis-dnsop-http-record], [I-D.ietf-dnsop-aname], and > > >>>>>>>>>>> others. > > >>>>>>>>>>> Thank you to Ian Swett, Ralf Weber, Jon Reed, Martin > > >>>>>>>>>>> Thomson, Lucas > > >>>>>>>>>>> Pardue, Ilari Liusvaara, Tim Wicinski, Tommy Pauly, Chris > > >>>>>>>>>>> Wood, David > > >>>>>>>>>>> Benjamin, Mark Andrews, Emily Stark, Eric Orth, Kyle Rose, > > >>>>>>>>>>> Craig > > >>>>>>>>>>> Taylor, Dan McArdle, Brian Dickson, Willem Toorop, Pieter > > >>>>>>>>>>> Lexis, > > >>>>>>>>>>> Puneet Sood, Olivier Poitrey, Mashooq Muhaimen, Tom > > >>>>>>>>>>> Carpay, and many > > >>>>>>>>>>> others for their feedback and suggestions on this draft. > > >>>>>>>>>>> Suggested: > > >>>>>>>>>>> 15. Related Proposals > > >>>>>>>>>>> Over the years, there has been a wide range of proposed > > >>>>>>>>>>> solutions to > > >>>>>>>>>>> the zone-apex CNAME challenge. These include [HTTP-DNS- > > >>>>>>>>>>> RR], > > >>>>>>>>>>> [ANAME-DNS-RR], and others. > > >>>>>>>>>>> ... > > >>>>>>>>>>> Acknowledgments > > >>>>>>>>>>> Thank you to Ian Swett, Ralf Weber, Jon Reed, Martin > > >>>>>>>>>>> Thomson, Lucas > > >>>>>>>>>>> Pardue, Ilari Liusvaara, Tim Wicinski, Tommy Pauly, Chris > > >>>>>>>>>>> Wood, David > > >>>>>>>>>>> Benjamin, Mark Andrews, Emily Stark, Eric Orth, Kyle Rose, > > >>>>>>>>>>> Craig > > >>>>>>>>>>> Taylor, Dan McArdle, Brian Dickson, Willem Toorop, Pieter > > >>>>>>>>>>> Lexis, > > >>>>>>>>>>> Puneet Sood, Olivier Poitrey, Mashooq Muhaimen, Tom > > >>>>>>>>>>> Carpay, and many > > >>>>>>>>>>> others for their feedback and suggestions on this document. > > >>>>>>>>>>> --> > > >>>>>>>>>>> 26) <!-- [rfced] Please review the "Inclusive Language" > > >>>>>>>>>>> portion of > > >>>>>>>>>>> the online Style Guide at > > >>>>>>>>>>> <https://www.rfc- > > >>>>>>>>>>> editor.org/styleguide/part2/#inclusive_language >, > > >>>>>>>>>>> and let us know if any changes are needed. > > >>>>>>>>>>> For example, please consider whether the following should > > >>>>>>>>>>> be updated: > > >>>>>>>>>>> whitespace (whitespace-separated list, internal whitespace) > > >>>>>>>>>>> --> > > >>>>>>>>>>> 27) <!-- [rfced] Please let us know if any changes are > > >>>>>>>>>>> needed for > > >>>>>>>>>>> the > > >>>>>>>>>>> following: > > >>>>>>>>>>> a) The following terms were used inconsistently in this > > >>>>>>>>>>> document. > > >>>>>>>>>>> We chose to use the latter forms. Please let us know any > > >>>>>>>>>>> objections. > > >>>>>>>>>>> Alt-Svc Field Value / Alt-Svc field value (per [AltSvc]) > > >>>>>>>>>>> attrleaf > > >>>>>>>>>>> label / Attrleaf label (per [Attrleaf]) > > >>>>>>>>>>> IPv6 hint / ipv6hint (per three of the four companion > > >>>>>>>>>>> documents) > > >>>>>>>>>>> (https://www.rfc-editor.org/cluster_info.php?cid=C461 )) > > >>>>>>>>>>> key Name / key name > > >>>>>>>>>>> RRType (titles of Sections 14.1 and 14.2) / RR Type (per > > >>>>>>>>>>> approx. 40 instances of "RR type" in text) wire-format / > > >>>>>>>>>>> wireformat / wire format (noun) > > >>>>>>>>>>> (per "wire format" in companion document draft-ietf-add- > > >>>>>>>>>>> svcb-dns) > > >>>>>>>>>>> zone file (adj.) / zone-file (adj.) > > >>>>>>>>>>> b) The following terms appear to be used inconsistently in > > >>>>>>>>>>> this > > >>>>>>>>>>> document. Please let us know which form is preferred. > > >>>>>>>>>>> Additional record / additional record (We also see > > >>>>>>>>>>> "Additionals" and "Additional A records" in Section > > >>>>>>>>>>> 4.2.1.) > > >>>>>>>>>>> additional section / Additional section / Additional > > >>>>>>>>>>> Section mode / > > >>>>>>>>>>> Mode ("two modes", "same Mode", "connection modes") > > >>>>>>>>>>> Multi-CDN ("A > > >>>>>>>>>>> Multi-CDN customer domain") / > > >>>>>>>>>>> multi-CDN ("a multi-CDN configuration") > > >>>>>>>>>>> (We suggest lowercase, based on past usage in RFCs.) Name > > >>>>>>>>>>> MUST / > > >>>>>>>>>>> name MUST (Section 14.3.1) > > >>>>>>>>>>> c) Should lowercase "alpn" be written in text with or > > >>>>>>>>>>> without quotes? > > >>>>>>>>>>> alpn / "alpn" ('e.g., alpn', 'e.g., URIs or "alpn"') > > >>>>>>>>>>> Also, should > > >>>>>>>>>>> 'non-default alpn' be 'non-default ALPN' or > > >>>>>>>>>>> perhaps 'non-default "alpn"'? > > >>>>>>>>>>> d) May we change the instances of "RRSet" to "RRset"? We > > >>>>>>>>>>> see that > > >>>>>>>>>>> the latter form is used much more often in RFCs from RFC > > >>>>>>>>>>> 6000 > > >>>>>>>>>>> onwards.--> > > >>>>>>>>>>> > > >>>>>>>>>>> > > >>>>>>>>>>>>> On Sep 8, 2023, rfc-editor@rfc-editor.org wrote: > > >>>>>>>>>>>> *****IMPORTANT***** > > >>>>>>>>>>>> Updated 2023/09/08 > > >>>>>>>>>>>> RFC Author(s): > > >>>>>>>>>>>> -------------- > > >>>>>>>>>>>> Instructions for Completing AUTH48 > > >>>>>>>>>>>> Your document has now entered AUTH48. Once it has been > > >>>>>>>>>>>> reviewed > > >>>>>>>>>>>> and approved by you and all coauthors, it will be > > >>>>>>>>>>>> published as an RFC. > > >>>>>>>>>>>> If an author is no longer available, there are several > > >>>>>>>>>>>> remedies > > >>>>>>>>>>>> available as listed in the FAQ (https://www.rfc- > > >>>>>>>>>>>> editor.org/faq/ ). > > >>>>>>>>>>>> You and you coauthors are responsible for engaging other > > >>>>>>>>>>>> parties > > >>>>>>>>>>>> (e.g., Contributors or Working Group) as necessary before > > >>>>>>>>>>>> providing > > >>>>>>>>>>>> your approval. > > >>>>>>>>>>>> Planning your review --------------------- Please review > > >>>>>>>>>>>> the > > >>>>>>>>>>>> following aspects of your document: > > >>>>>>>>>>>> * RFC Editor questions > > >>>>>>>>>>>> Please review and resolve any questions raised by the RFC > > >>>>>>>>>>>> Editor > > >>>>>>>>>>>> that have been included in the XML file as comments marked > > >>>>>>>>>>>> as > > >>>>>>>>>>>> follows: > > >>>>>>>>>>>> <!-- [rfced] ... --> > > >>>>>>>>>>>> These questions will also be sent in a subsequent email. > > >>>>>>>>>>>> * Changes submitted by coauthors Please ensure that > > >>>>>>>>>>>> you review any changes submitted by your > > >>>>>>>>>>>> coauthors. We assume that if you do not speak up that you > > >>>>>>>>>>>> agree to changes submitted by your coauthors. > > >>>>>>>>>>>> * Content Please review the full content of the > > >>>>>>>>>>>> document, as this cannot > > >>>>>>>>>>>> change once the RFC is published. Please pay particular > > >>>>>>>>>>>> attention to: > > >>>>>>>>>>>> - IANA considerations updates (if applicable) > > >>>>>>>>>>>> - contact information > > >>>>>>>>>>>> - references > > >>>>>>>>>>>> * Copyright notices and legends > > >>>>>>>>>>>> Please review the copyright notice and legends as defined > > >>>>>>>>>>>> in > > >>>>>>>>>>>> RFC 5378 and the Trust Legal Provisions (TLP – > > >>>>>>>>>>>> https://trustee.ietf.org/license-info/ ). > > >>>>>>>>>>>> * Semantic markup > > >>>>>>>>>>>> Please review the markup in the XML file to ensure that > > >>>>>>>>>>>> elements of > > >>>>>>>>>>>> content are correctly tagged. For example, ensure that > > >>>>>>>>>>>> <sourcecode> > > >>>>>>>>>>>> and <artwork> are set correctly. See details at > > >>>>>>>>>>>> <https://authors.ietf.org/rfcxml-vocabulary >. > > >>>>>>>>>>>> * Formatted output > > >>>>>>>>>>>> Please review the PDF, HTML, and TXT files to ensure that > > >>>>>>>>>>>> the > > >>>>>>>>>>>> formatted output, as generated from the markup in the XML > > >>>>>>>>>>>> file, is > > >>>>>>>>>>>> reasonable. Please note that the TXT will have formatting > > >>>>>>>>>>>> limitations compared to the PDF and HTML. > > >>>>>>>>>>>> Submitting changes > > >>>>>>>>>>>> ------------------ > > >>>>>>>>>>>> To submit changes, please reply to this email using ‘REPLY > > >>>>>>>>>>>> ALL’ as > > >>>>>>>>>>>> all the parties CCed on this message need to see your > > >>>>>>>>>>>> changes. The > > >>>>>>>>>>>> parties > > >>>>>>>>>>>> include: > > >>>>>>>>>>>> * your coauthors > > >>>>>>>>>>>> * rfc-editor@rfc-editor.org (the RPC team) > > >>>>>>>>>>>> * other document participants, depending on the stream > > >>>>>>>>>>>> (e.g., > > >>>>>>>>>>>> IETF Stream participants are your working group chairs, > > >>>>>>>>>>>> the > > >>>>>>>>>>>> responsible ADs, and the document shepherd). > > >>>>>>>>>>>> * auth48archive@rfc-editor.org, which is a new archival > > >>>>>>>>>>>> mailing list > > >>>>>>>>>>>> to preserve AUTH48 conversations; it is not an active > > >>>>>>>>>>>> discussion > > >>>>>>>>>>>> list: > > >>>>>>>>>>>> * More info: > > >>>>>>>>>>>> https://mailarchive.ietf.org/arch/msg/ietf- > > >>>>>>>>>>>> announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > > >>>>>>>>>>>> * The archive itself: > > >>>>>>>>>>>> > https://mailarchive.ietf.org/arch/browse/auth48archive/ > > >>>>>>>>>>>> * Note: If only absolutely necessary, you may > > >>>>>>>>>>>> temporarily opt out > > >>>>>>>>>>>> of the archiving of messages (e.g., to discuss a > > >>>>>>>>>>>> sensitive matter). > > >>>>>>>>>>>> If needed, please add a note at the top of the message > > >>>>>>>>>>>> that you > > >>>>>>>>>>>> have dropped the address. When the discussion is > > >>>>>>>>>>>> concluded, > > >>>>>>>>>>>> auth48archive@rfc-editor.org will be re-added to the CC > > >>>>>>>>>>>> list and > > >>>>>>>>>>>> its addition will be noted at the top of the message. > > >>>>>>>>>>>> You may submit your changes in one of two ways: > > >>>>>>>>>>>> An update to the provided XML file > > >>>>>>>>>>>> — OR — > > >>>>>>>>>>>> An explicit list of changes in this format Section # (or > > >>>>>>>>>>>> indicate > > >>>>>>>>>>>> Global) > > >>>>>>>>>>>> OLD: > > >>>>>>>>>>>> old text > > >>>>>>>>>>>> NEW: > > >>>>>>>>>>>> new text > > >>>>>>>>>>>> You do not need to reply with both an updated XML file and > > >>>>>>>>>>>> an > > >>>>>>>>>>>> explicit list of changes, as either form is sufficient. > > >>>>>>>>>>>> We will ask a stream manager to review and approve any > > >>>>>>>>>>>> changes that > > >>>>>>>>>>>> seem beyond editorial in nature, e.g., addition of new > > >>>>>>>>>>>> text, > > >>>>>>>>>>>> deletion of text, and technical changes. Information > > >>>>>>>>>>>> about stream > > >>>>>>>>>>>> managers can be found in the FAQ. Editorial changes do > > >>>>>>>>>>>> not require approval from a stream manager. > > >>>>>>>>>>>> Approving for publication > > >>>>>>>>>>>> -------------------------- > > >>>>>>>>>>>> To approve your RFC for publication, please reply to this > > >>>>>>>>>>>> email > > >>>>>>>>>>>> stating that you approve this RFC for publication. Please > > >>>>>>>>>>>> use > > >>>>>>>>>>>> ‘REPLY ALL’, as all the parties CCed on this message need > > >>>>>>>>>>>> to see your approval. > > >>>>>>>>>>>> Files ----- > > >>>>>>>>>>>> The files are available here: > > >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.xml > > >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.html > > >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.pdf > > >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460.txt > > >>>>>>>>>>>> Diff file of the text: > > >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-diff.html > > >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-rfcdiff.html > > >>>>>>>>>>>> (side by side) > > >>>>>>>>>>>> Diff of the XML: https://www.rfc- > > >>>>>>>>>>>> editor.org/authors/rfc9460-xmldiff1.html > > >>>>>>>>>>>> This diff file compares an altered original and the RFC > > >>>>>>>>>>>> (in order to make the changes in moved text viewable): > > >>>>>>>>>>>> https://www.rfc-editor.org/authors/rfc9460-alt-diff.html > > >>>>>>>>>>>> Tracking progress > > >>>>>>>>>>>> ----------------- > > >>>>>>>>>>>> The details of the AUTH48 status of your document are > > >>>>>>>>>>>> here: > > >>>>>>>>>>>> https://www.rfc-editor.org/auth48/rfc9460 > > >>>>>>>>>>>> Please let us know if you have any questions. Thank you > > >>>>>>>>>>>> for your cooperation, > > >>>>>>>>>>>> RFC Editor > > >>>>>>>>>>>> -------------------------------------- > > >>>>>>>>>>>> RFC9460 (draft-ietf-dnsop-svcb-https-12) > > >>>>>>>>>>>> Title : Service Binding and Parameter > > >>>>>>>>>>>> Specification via the DNS (DNS SVCB and HTTPS Resource > > >>>>>>>>>>>> Records (RRs)) > > >>>>>>>>>>>> Author(s) : B. Schwartz, M. Bishop, E. Nygren > > >>>>>>>>>>>> WG Chair(s) : Suzanne Woolf, Benno Overeinder, Tim > > >>>>>>>>>>>> Wicinski > > >>>>>>>>>>>> Area Director(s) : Warren Kumari, Robert Wilton > > >>>>>>>>>>> <rfc9460.xml> > > >>>>>>>>>> > > >>>>>>>>>> <rfc9460.xml> > > >>>>>>>>> > > >>>>>>>> > > >>>>>>> > > >>>>>> > > >>>>> > > >>> > > >> > >
- [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-dnsop… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… rfc-editor
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Warren Kumari
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Tim Wicinski
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Erik Nygren
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Ben Schwartz
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Lynne Bartholomew
- [auth48] [IANA] Re: AUTH48: RFC-to-be 9460 <draft… Lynne Bartholomew
- [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Erik Nygren
- [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUT… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Warren Kumari
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Mike Bishop
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Erik Nygren
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Ben Schwartz
- [auth48] * [IANA] **[AD] Re: AUTH48: RFC-to-be 94… Lynne Bartholomew
- Re: [auth48] * [IANA] **[AD] Re: AUTH48: RFC-to-b… Ben Schwartz
- [auth48] [IANA #1284364] [IANA] Re: AUTH48: RFC-t… Amanda Baber via RT
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Lynne Bartholomew
- Re: [auth48] [IANA #1284364] [IANA] Re: AUTH48: R… Rob Wilton (rwilton)
- [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUT… Lynne Bartholomew
- Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re:… Warren Kumari
- Re: [auth48] *[AD] Re: AUTH48: RFC-to-be 9460 <dr… Lynne Bartholomew
- Re: [auth48] AUTH48: RFC-to-be 9460 <draft-ietf-d… Mike Bishop