Re: [auth48] *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https-12> for your review

[Warren Kumari <warren@kumari.net>]

LGTM

Thank you!
W


On Fri, Oct 27, 2023 at 5:44 PM, Lynne Bartholomew <lbartholomew@amsl.com>
wrote:

> Hi, Rob and Warren.
>
> Rob, thanks for the email, and sorry for the misdirect. We've updated <
> https://www.rfc-editor.org/auth48/rfc9460> to list Warren as the RAD.
>
> Warren, could you please review the 24 Oct. emails below (and the latest
> files, if you want) and let us know if you approve? At this point, we want
> to confirm that the reference mismatch ("N/A" in this document versus
> "[RFC-ietf-dnsop-svcb-https-12]" (to be changed to "[RFC9460]" after
> publication) on <https://www.iana.org/assignments/dns-svcb>) is
> acceptable.
>
> The latest files are posted here (please refresh your browser):
>
> https://www.rfc-editor.org/authors/rfc9460.txt
> https://www.rfc-editor.org/authors/rfc9460.pdf
> https://www.rfc-editor.org/authors/rfc9460.html
> https://www.rfc-editor.org/authors/rfc9460.xml
> https://www.rfc-editor.org/authors/rfc9460-diff.html https://www.
> rfc-editor.org/authors/rfc9460-rfcdiff.html https://www.rfc-editor.org/
> authors/rfc9460-auth48diff.html https://www.rfc-editor.org/authors/
> rfc9460-lastdiff.html https://www.rfc-editor.org/authors/
> rfc9460-lastrfcdiff.html
>
> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html https://www.
> rfc-editor.org/authors/rfc9460-xmldiff2.html https://www.rfc-editor.org/
> authors/rfc9460-alt-diff.html
>
> Thanks again!
>
> RFC Editor/lb
>
> On Oct 27, 2023, at 3:35 AM, Rob Wilton (rwilton) <rwilton@cisco.com>
> wrote:
>
> Hi Lynne, Warren,
>
> Having checked, the proposed change looks fine to me, but I'm not sure if
> we actually need Warren's approval instead (he is the RAD for this
> document).
>
> Regards,
> Rob
>
> -----Original Message-----
> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Tuesday, October
> 24, 2023 11:35 PM
> To: iana-matrix@iana.org
> Cc: Ben Schwartz <bemasc@meta.com>; Warren Kumari
> <warren@kumari.net>; tls-chairs@ietf.org; tjw.ietf@gmail.com; Rob Wilton
> (rwilton) <rwilton@cisco.com>; rfc-editor@rfc-editor.org; nygren@gmail.com;
> mbishop@evequefou.be; ietf@bemasc.net; dnsop-chairs@ietf.org; dnsop- ads@
> ietf.org; auth48archive@rfc-editor.org
> Subject: Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460
> <draft-ietf- dnsop-svcb-https-12> for your review
>
> Hi, Amanda. Thank you for the quick turnaround!
>
> RFC Editor/lb
>
> On Oct 24, 2023, at 11:05 AM, Amanda Baber via RT <iana-matrix@iana.org>
>
> wrote:
>
> Hi,
>
> We've updated the registration to read as follows:
>
> Number: 5
> Name: ech
> Meaning: RESERVED (held for Encrypted ClientHello) Change Controller: IETF
> Reference: [RFC-ietf-dnsop-svcb-https-12]
>
> Please see
> https://www.iana.org/assignments/dns-svcb
>
> Amanda
>
> On Tue Oct 24 16:19:04 2023, lbartholomew@amsl.com wrote:
>
> Hi, Ben, *IANA, and **Rob.
>
> IANA, please update <https://www.iana.org/assignments/dns-svcb/> per per
> Ben's note below.
>
> **Rob and Ben, please confirm that the reference mismatch ("N/A" in this
> document versus "[RFC-ietf-dnsop-svcb-https-12]" (to be changed to
> "[RFC9460]" after publication) on the IANA page) is acceptable.
>
> Thank you!
>
> RFC Editor/lb
>
> On Oct 24, 2023, at 8:36 AM, Ben Schwartz <bemasc@meta.com> wrote:
>
> The requested change in the IANA registry is:
>
> OLD
> RESERVED (will be used for ECH)
>
> NEW
> RESERVED (held for Encrypted ClientHello)
>
> --Ben SchwartzFrom: Lynne Bartholomew <lbartholomew@amsl.com> Sent:
> Monday, October 23, 2023 5:10 PM
> To: Ben Schwartz <bemasc@meta.com>
> Cc: Erik Nygren <nygren@gmail.com>; Mike Bishop
> <mbishop@evequefou.be>; Warren Kumari <warren@kumari.net>; iana-
> matrix-comment@iana.org <iana-matrix-comment@iana.org>; dnsop- ads@ietf.
> org <dnsop-ads@ietf.org>; Rob Wilton <rwilton@cisco.com>; Tim Wicinski <
> tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org <rfc- editor@rfc-editor.org>;
> ietf@bemasc.net <ietf@bemasc.net>; dnsop- chairs <dnsop-chairs@ietf.org>;
> auth48archive@rfc-editor.org
> <auth48archive@rfc-editor.org>; TLS Chairs <tls-chairs@ietf.org> Subject:
> Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460
> <draft-ietf-dnsop-svcb-https-12> for your review
> !-------------------------------------------------------------------
> |
> This Message Is From an External Sender
>
> |-------------------------------------------------------------------!
>
> Hi, Ben.
>
> Can you please clarify what that update to the document might be, using
> "OLD" and "NEW" text?
>
> Thank you!
>
> RFC Editor/lb
>
> On Oct 23, 2023, at 9:26 AM, Ben Schwartz <bemasc@meta.com> wrote:
>
> RFC-to-be 9460 does request a change to the "Meaning" field that has not
> yet been implemented on iana.org, so I think it's fair to say that the
> IANA registry is not "in sync" with that document, and an update is
> requested.
>
> --BenFrom: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Monday,
> October 23, 2023 12:22 PM
> To: Erik Nygren <nygren@gmail.com>; Mike Bishop
> <mbishop@evequefou.be>; Warren Kumari <warren@kumari.net>; Ben Schwartz <
> bemasc@meta.com>
> Cc: iana-matrix-comment@iana.org <iana-matrix-comment@iana.org>;
> dnsop-ads@ietf.org <dnsop-ads@ietf.org>; Rob Wilton
> <rwilton@cisco.com>; Tim Wicinski <tjw.ietf@gmail.com>; rfc- editor@
> rfc-editor.org <rfc-editor@rfc-editor.org>; ietf@bemasc.net<ietf@bemasc.
> net>; dnsop-chairs <dnsop- chairs@ietf.org>; auth48archive@rfc-editor.org
> <auth48archive@rfc- editor.org>; TLS Chairs <tls-chairs@ietf.org>
> Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to-be 9460
> <draft-ietf-dnsop-svcb-https-12> for your review
> !-------------------------------------------------------------------
> |
> This Message Is From an External Sender
>
> |-------------------------------------------------------------------
> !
>
> Hello, all.
>
> It is not clear to us whether or not further changes are required for this
> document.
> Currently (best viewed with a fixed-point font):
>
> +===========+=================+================+=========+======
> ====+
>
> |Number | Name | Meaning |Reference|Change
> |
> | | | |
> |Controller|
>
> +===========+=================+================+=========+======
> ====+
>
> ...
> +-----------+-----------------+----------------+---------
> +----------+
> |5 | ech | RESERVED |N/A |IETF
> |
> | | | (held for | |
> |
> | | | Encrypted | |
> |
> | | | ClientHello) | |
> |
> +-----------+-----------------+----------------+---------
> +----------+
>
> The corresponding IANA entry (which would normally match) on
> <https://www.iana.org/assignments/dns-svcb/ >: Number Name Meaning Change
> Controller Reference
> ...
> 5 ech RESERVED (will be used for ECH) IETF
> [RFC-ietf-dnsop-svcb-https-12]
>
> Please let us know if this mismatch is acceptable.
>
> Thank you.
>
> RFC Editor/lb
>
> On Oct 23, 2023, at 8:31 AM, Ben Schwartz <bemasc@meta.com> wrote:
>
> Given the large-scale rollout of ECH, and the fact that ECHConfig is
> internally versioned, there's simply no scenario in which we change this
> codepoint. "ech" is and will be codepoint 5.
>
> There are some process questions about which document owns that row during
> this awkward interim period, but the current registry contents look great
> [1] and I think our best strategy for now is to declare victory and move
> on.
>
> --Ben
>
> [1] https://www.iana.org/assignments/dns-svcb/dns-svcb.xhtml From: Erik
> Nygren <nygren@gmail.com>
>
> Sent: Monday, October 23, 2023 11:19 AM
> To: Mike Bishop <mbishop@evequefou.be>
> Cc: Warren Kumari <warren@kumari.net>; Lynne Bartholomew
> <lbartholomew@amsl.com>; iana-matrix-comment@iana.org <iana-
> matrix-comment@iana.org>; dnsop-ads@ietf.org<dnsop-ads@ietf.org>; Rob
> Wilton <rwilton@cisco.com>; Tim Wicinski
> <tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org <rfc-editor@rfc- editor.
> org>; ietf@bemasc.net<ietf@bemasc.net>; dnsop-chairs
> <dnsop-chairs@ietf.org>; Ben Schwartz <bemasc@meta.com>; auth48archive@
> rfc-editor.org <auth48archive@rfc-editor.org>; TLS Chairs <tls-chairs@
> ietf.org>
> Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to- be 9460
> <draft-ietf-dnsop-svcb-https-12> for your review This Message Is From an
> External Sender
>
> + TLS Chairs
>
> There are also implementations using this codepoint so if major changes
> are needed that don't fit into the versioning supported in ECHConfig then
> we might already need to switch to a new codepoint. As Mike mentioned, the
> TLS WG was also discussing requesting a SvcParam codepoint for this so we
> might be at the right point for that.
>
> On Mon, Oct 23, 2023, 5:05 PM Mike Bishop <mbishop@evequefou.be> wrote:
> This entry was originally used by this document; when that was extracted
> out, this document “Reserved” it for the future use of ECH to ensure the
> codepoint doesn’t get allocated elsewhere. I don’t see why we really care
> where the reservation points, so long as it’s reserved. It would be
> formally allocated when some ECH document is published to make use of it.
>
> Frankly, I think we’d also be fine to drop the reservation – there’s
> already an adopted document that requests the assignment of this codepoint,
> so as a practical matter I don’t think it will get stomped on.
>
> From: Warren Kumari <warren@kumari.net>
> Sent: Saturday, October 21, 2023 3:49 PM
> To: Lynne Bartholomew <lbartholomew@amsl.com> Cc: iana-matrix-comment@
> iana.org; Erik Nygren <nygren@gmail.com>; dnsop-ads@ietf.org; Rob Wilton <
> rwilton@cisco.com>; Tim Wicinski
> <tjw.ietf@gmail.com>; rfc-editor@rfc-editor.org; Mike Bishop
> <mbishop@evequefou.be>; ietf@bemasc.net; dnsop-chairs <dnsop- chairs@ietf.
> org>; Ben Schwartz <bemasc@meta.com>; auth48archive@rfc-editor.org
> Subject: Re: *[AD] Re: [IANA #1284364] [IANA] Re: AUTH48: RFC-to- be 9460
> <draft-ietf-dnsop-svcb-https-12> for your review
>
> On Fri, Oct 20, 2023 at 11:59 PM, Lynne Bartholomew
> <lbartholomew@amsl.com> wrote:
> Hi, Amanda, Erik, and *AD (Warren or Rob). Amanda, thank you for making
> the updates! All looks good (but we're asking the AD about the updated
> "ech" entry).
> Erik, thank you for your suggestion. * Warren or Rob, please see Erik's
> suggestion re. a reference for the "ech" entry, and let us know if that
> suggested update in this document and on
> <https://www.iana.org/assignments/dns-svcb > would be acceptable. Please
> see <https://www.rfc-
> editor.org/authors/rfc9460.html#table-1 > and IANA's note below.
>
> Erm, I think I got lost somewhere in the (many) levels of quoting…
> Doesn't that mean that the reference would be to a (currently in progress)
> draft? Is this OK? What if the draft significantly changes?
> W
>
> Thanks again! RFC Editor/lb On Oct 19, 2023, at 5:09 PM, Erik Nygren <
> nygren@gmail.com> wrote:
> Another option for the reference for "ech" would be to "draft-
> ietf-tls-svcb-ech-00" which is where that portion of the format
> specification has moved to and where the TLS WG is working on it. Thanks,
> Erik On Thu, Oct 19, 2023 at 8:01 PM Amanda Baber via RT
> <iana-matrix-comment@iana.org> wrote: Hi,
> We've completed these changes, but need to make a note about the second
> one:
> On Wed Oct 18 19:43:35 2023, lbartholomew@amsl.com wrote: Dear IANA, We
> are preparing this document for publication. Please make the following
> updates to the "Resource Record (RR) TYPEs" registry on
> <https://www.iana.org/assignments/dns-parameters/ >: OLD:
> General Purpose Service Binding
> Service Binding type for use with HTTP NEW:
> General-purpose service binding
> SVCB-compatible type for use with HTTP This is complete: https://www.iana.
> org/assignments/dns-parameters
> = = = = = Please make the following update to the "Service Parameter Keys
> (SvcParamKeys)" registry on
> <https://www.iana.org/assignments/dns-svcb/ >: OLD (column name):
> Format Reference NEW:
> Reference The Service Parameter Keys (SvcParamKeys) registry originally
> had the "Format Reference" field populated by the document and a
> "Reference" field added by IANA. Aside from the entry for "ech", which was
> filled in with "N/A", the former contained either a more detailed version
> of IANA's reference or the same reference.
> We've removed IANA's "Reference" field and changed the name of the "Format
> Reference" field to "Reference," but we've also replaced "N/A" with
> "[RFC-ietf-dnsop-svcb-https-12]" for "ech", so as to avoid leaving that
> entry unreferenced:
> https://www.iana.org/assignments/dns-svcb
> thanks,
> Amanda Thank you! RFC Editor/lb On Oct 18, 2023, at 12:31 PM, Lynne
> Bartholomew
> <lbartholomew@amsl.com> wrote:
> Hi, Ben. Great; thanks! RFC Editor/lb On Oct 18, 2023, at 12:26 PM, Ben
> Schwartz <bemasc@meta.com> wrote:
> Correct. On Oct 18, 2023, at 11:26 AM, Lynne Bartholomew
> <lbartholomew@amsl.com> wrote:
> Hi, Ben. Just to confirm -- 'replace the "Reference" column that IANA
> added' means 'change IANA's "Format Reference" column heading to
> "Reference"; correct? Thank you! RFC Editor/lb On Oct 18, 2023, at 11:17
> AM, Ben Schwartz <bemasc@meta.com> wrote: That's correct. This will
> replace the "Reference" column that IANA added for compliance with their
> usual processes.
> --Ben SchwartzFrom: Lynne Bartholomew <lbartholomew@amsl.com> Sent:
> Wednesday, October 18, 2023 1:34 PM
> To: Mike Bishop <mbishop@evequefou.be>
> Cc: Erik Nygren <nygren@gmail.com>; Ben Schwartz
> <bemasc@meta.com>; ietf@bemasc.net <ietf@bemasc.net>; rfc- editor@
> rfc-editor.org <rfc-editor@rfc-editor.org>; dnsop- ads@ietf.org<dnsop-ads@
> ietf.org>; dnsop-chairs@ietf.org <dnsop- chairs@ietf.org>;tjw.ietf@gmail.
> com <tjw.ietf@gmail.com>; auth48archive@rfc-editor.org<auth48archive@
> rfc-editor.org> Subject: Re: AUTH48: RFC-to-be 9460
> <draft-ietf-dnsop-svcb-https- 12> for your review
> !-------------------------------------------------------------------
> |
> This Message Is From an External Sender
> |-------------------------------------------------------------------
> ! Hi, Mike. So noted: https://www.rfc-editor.org/auth48/rfc9460 Before we
> ask IANA to make updates per changes made to this document, we first want
> to confirm that, per AUTH48 XML updates that you sent us on26 September, we
> also need to ask for the following change on <https://www.iana.org/
> assignments/dns-svcb/
>
> : OLD (column name):
>
> Format Reference NEW:
> Reference Please let us know about the above. We will wait to hear from
> you before proceeding.
> Thank you! RFC Editor/lb On Oct 17, 2023, at 12:52 PM, Mike Bishop <
> mbishop@evequefou.be> wrote:
> Approved -- thanks to everyone for their work on this.
> -----Original Message-----
> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Monday, October 16,
> 2023 11:30 AM
> To: Erik Nygren <nygren@gmail.com>
> Cc: Ben Schwartz <bemasc@meta.com>; Mike Bishop
> <mbishop@evequefou.be>; ietf@bemasc.net; rfc-editor@rfc- editor.org;
> dnsop-ads@ietf.org; dnsop-chairs@ietf.org; tjw.ietf@gmail.com;
> auth48archive@rfc-editor.org
> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb-https- 12> for
> your review
> Hi, Erik. Thank you for confirming your approval! RFC Editor/lb On Oct
> 15, 2023, at 6:45 AM, Erik Nygren <nygren@gmail.com> wrote:
> I just looked at the latest and it looks good to me. Thanks! Erik On Fri,
> Oct 13, 2023 at 5:53 PM Lynne Bartholomew
> <lbartholomew@amsl.com> wrote:
> Hi, Erik, Ben, and Mike. Ben and Mike, we have made further updates to
> this document per your notes below.
> The latest files are posted here (please refresh your browser): https://
> www.rfc-editor.org/authors/rfc9460.txt
> https://www.rfc-editor.org/authors/rfc9460.pdf
> https://www.rfc-editor.org/authors/rfc9460.html
> https://www.rfc-editor.org/authors/rfc9460.xml
> https://www.rfc-editor.org/authors/rfc9460-
> diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- rfcdiff.htmlhttps://
> www.rfc-editor.org/authors/rfc9460- auth48diff.html https://www.
> rfc-editor.org/authors/rfc9460- lastdiff.htmlhttps://www.rfc-editor.org/
> authors/rfc9460- lastrfcdiff.html
> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html https://www.
> rfc-editor.org/authors/rfc9460-
> xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- diff.html
> Erik and Ben, we have noted your approvals on the AUTH48 status page.
> Please note, however, that if you object to any subsequent updates to this
> document you will let us know:
> https://www.rfc-editor.org/auth48/rfc9460
> Thank you! RFC Editor/lb On Oct 12, 2023, at 2:05 PM, Mike Bishop
> <mbishop@evequefou.be> wrote:
> I’ve finished my final read-through. These are minor issues, and
> everything else looks fine.
> I caught a few uses of the first-person through the document. I suggest:
> • Section 1.3: “Our terminology…” => “Terminology in this document…”
> • Section 2.3: “We term this behavior "Port Prefix Naming" and use it in
> the examples throughout this document.” => “This document terms this
> behavior "Port Prefix Naming" and uses it in the examples throughout.”
> • Appendix A: “Here, we summarize…” => “The following summarizes…”
> • Appendix C: “…by providing an extensible solution that solves multiple
> problems we will overcome this inertia…” => “…an extensible solution that
> solves multiple problems will overcome this inertia…”
> There is a nested parenthetical in 2.3. I suggest the following: Current:
> (Parentheses are used to ignore a line break in DNS zone-file presentation
> format ([RFC1035], Section 5.1).)
> Proposed:
> (Parentheses are used to ignore a line break in DNS zone-file presentation
> format, per Section 5.1 of [RFC1035].) On Oct 11, 2023, at 10:51 AM, Ben
> Schwartz <bemasc@meta.com> wrote:
> The caption of Figure 10 is 'An alpn Value with ...'. I believe
> "alpn" should be quoted for consistency, resulting in
> 'An "alpn" Value with ...". Apart from that suggestion, I approve this
> version for publication.
> --Ben Schwartz On Oct 11, 2023, at 10:34 AM, Erik Nygren
> <nygren@gmail.com> wrote:
> Approved from my perspective! (Assuming no objections from Mike or Ben.)
> Best, Erik On Wed, Oct 11, 2023 at 12:11 PM Lynne Bartholomew
> <lbartholomew@amsl.com> wrote:
> Hi, Erik. We have updated this document per your note below. The latest
> files are posted here (please refresh your browser): https://www.
> rfc-editor.org/authors/rfc9460.txt
> https://www.rfc-editor.org/authors/rfc9460.pdf
> https://www.rfc-editor.org/authors/rfc9460.html
> https://www.rfc-editor.org/authors/rfc9460.xml
> https://www.rfc-editor.org/authors/rfc9460-diff.html https://www.
> rfc-editor.org/authors/rfc9460-
> rfcdiff.htmlhttps://www.rfc-editor.org/authors/rfc9460- auth48diff.html
> https://www.rfc-editor.org/authors/rfc9460- lastdiff.htmlhttps://www.
> rfc-editor.org/authors/rfc9460- lastrfcdiff.html
> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html https://www.
> rfc-editor.org/authors/rfc9460-
> xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- diff.html
> We will wait to hear from your coauthors regarding any subsequent changes
> before noting anyone's approval.
> Thank you! RFC Editor/lb On Oct 10, 2023, at 2:13 PM, Erik Nygren
> <nygren@gmail.com> wrote:
> I took a final reading pass through and the only thing that jumped out
> would be to change this:
> - "," and "\" characters instead of implementing the
> <tt>value-list</tt> escaping
> + "," and "\" characters in ALPN IDs instead of implementing the
> <tt>value-list</tt> escaping
> The current text is ambiguous as to whether those characters are
> prohibited in ALPN IDs or prohibited in value-list. It is clear that the
> intent is for them to only be prohibited in ALPN IDs so that value-list can
> contain commas, but inserting the "in ALPN IDs" would reduce risk of
> misreading.
> Everything else looks good. I believe Mike and Ben are making similar
> read-throughs. Thanks, Erik On Fri, Oct 6, 2023 at 4:30 PM Mike Bishop
> <mbishop@evequefou.be> wrote:
> Ben proposed this text on GitHub: In this document, this algorithm is
> referred to as "character- string decoding", because
> <xref target="RFC1035" sectionFormat="of" section="5.1"/> uses this
> algorithm to produce a <tt>&lt;character-string&gt;</tt>. (And a
> corresponding "the allowed input" => "some allowed inputs".) The attached
> XML incorporates this proposal, if that works for everyone.
> -----Original Message-----
> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Thursday, October
> 5, 2023 12:32 PM
> To: Erik Nygren <erik+ietf@nygren.org>; Ben Schwartz
> <bemasc@meta.com>
> Cc: Mike Bishop <mbishop@evequefou.be>;ietf@bemasc.net; rfc- editor@
> rfc-editor.org; dnsop-ads@ietf.org; dnsop-
> chairs@ietf.org; tjw.ietf@gmail.com; auth48archive@rfc- editor.org
> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- https-12> for
> your review
> Hi, Erik and Ben. Erik, thank you for the suggestion. Ben, is Erik's
> suggestion acceptable, and may we update accordingly? Thank you! RFC
> Editor/lb On Oct 5, 2023, at 6:12 AM, Erik Nygren
> <erik+ietf@nygren.org> wrote:
> What about "described in" (instead of just "in" or "per") ? So:
> -it is used to produce a <tt>&lt;character-string&gt;</tt> in
> +it is used to produce the <tt>&lt;character-string&gt;</tt> described in
> ? On Wed, Oct 4, 2023 at 11:58 AM Ben Schwartz
> <bemasc@meta.com> wrote:
> Re: "We made the additional update (changed "in" to "per") per your note
> for 1) below."
> I think we need to give that section another look. I believe that
> "per" may not be correct here.
> --Ben Schwartz From: Lynne Bartholomew <lbartholomew@amsl.com> Sent:
> Tuesday, October 3, 2023 12:29 PM
> To: Mike Bishop <mbishop@evequefou.be>
> Cc: ietf@bemasc.net<ietf@bemasc.net>;erik+ietf@nygren.org
> <erik+ietf@nygren.org>; rfc-editor@rfc-editor.org <rfc- editor@rfc-editor.
> org>; dnsop-ads@ietf.org <dnsop-ads@ietf.org>; dnsop-chairs@ietf.org
> <dnsop-
> chairs@ietf.org>;tjw.ietf@gmail.com<tjw.ietf@gmail.com>; auth48archive@
> rfc-editor.org <auth48archive@rfc-editor.org> Subject: Re: AUTH48:
> RFC-to-be 9460 <draft-ietf-dnsop-svcb- https-12> for your review
> !-------------------------------------------------------------------
> |
> This Message Is From an External Sender
> |-------------------------------------------------------------------
> ! Hi, Mike. Thank you for the latest updated XML file! We made the
> additional update (changed "in" to "per") per your note for
> 1) below.
> FYI that the new line breaks in the list in Section 1.2 constitute a bug (
> https://github.com/ietf-
> tools/xml2rfc/issues/1045). We hope that this issue will be resolved soon.
> The latest files are posted here (please refresh your browser):
> https://www.rfc-editor.org/authors/rfc9460.txt
> https://www.rfc-editor.org/authors/rfc9460.pdf
> https://www.rfc-editor.org/authors/rfc9460.html
> https://www.rfc-editor.org/authors/rfc9460.xml
> https://www.rfc-editor.org/authors/rfc9460-diff.html https://www.
> rfc-editor.org/authors/rfc9460-rfcdiff.html https://www.rfc-editor.org/
> authors/rfc9460-
> auth48diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- lastdiff.html
> https://www.rfc-editor.org/authors/rfc9460- lastrfcdiff.html
> https://www.rfc-editor.org/authors/rfc9460-xmldiff1.html https://www.
> rfc-editor.org/authors/rfc9460-xmldiff2.html https://www.rfc-editor.org/
> authors/rfc9460-alt-diff.html Thanks again! RFC Editor/lb On Sep 29, 2023,
> at 11:52 AM, Mike Bishop
> <mbishop@evequefou.be> wrote:
> 1) This is fine. 2) All reasonable, but we'd prefer to avoid nested
> parentheses. In the attached, we've changed this to
> "supported protocols" in 3.2 and moved the expansion back to
> 7.1. We also noted in reviewing the change to the title of Figure 1 that
> this URL was not quoted, so we've added those.
> -----Original Message-----
> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Thursday, September
> 28, 2023 11:48 AM
> To: Mike Bishop <mbishop@evequefou.be>
> Cc: ietf@bemasc.net;erik+ietf@nygren.org; rfc-editor@rfc- editor.org;
> dnsop-ads@ietf.org; dnsop-chairs@ietf.org; tjw.ietf@gmail.com;
> auth48archive@rfc-editor.org
> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop-svcb- https-12> for
> your review
> Hi, Mike. Thank you very much for the updated XML file! Thanks also for
> the detailed list of updates after your
> "late-arriving review from the DNS Directorate" note; your note informed
> us that we would not need to ask for AD approval for any of those updates;
> very helpful and much appreciated! A couple follow-up items for you: 1)
> "used to produce a
> <character-string> in Section 5.1 of
> [RFC1035]" reads a bit oddly. May we change it to "used to produce a
> <character-string> per Section 5.1 of [RFC1035]"?
> 2) Please note that per our style guidelines we made the following updates
> to your copy:
> * Moved the expansion of "ALPN" from Section 7.1 to Section
> 3.2.
> * Changed "Section 2.4.2 and Section 3" to "Sections 2.4.2 and 3" in
> Section 9.1.
> * Changed "At" to "at" in the title of Figure 1. The latest files are
> posted here: https://www.rfc-editor.org/authors/rfc9460.txt https://www.
> rfc-editor.org/authors/rfc9460.pdf
> https://www.rfc-editor.org/authors/rfc9460.html
> https://www.rfc-editor.org/authors/rfc9460.xml
> https://www.rfc-editor.org/authors/rfc9460-
> diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- rfcdiff.htmlhttps://
> www.rfc-editor.org/authors/rfc9460- auth48diff.htmlhttps://www.rfc-editor.
> org/authors/rfc9460- lastdiff.htmlhttps://www.rfc-editor.org/authors/
> rfc9460- lastrfcdiff.html
> https://www.rfc-editor.org/authors/rfc9460-
> xmldiff1.htmlhttps://www.rfc-editor.org/authors/rfc9460-
> xmldiff2.htmlhttps://www.rfc-editor.org/authors/rfc9460-alt- diff.html
> Again, many thanks for your help with this document! RFC Editor/lb On Sep
> 26, 2023, at 11:40 AM, Mike Bishop
> <mbishop@evequefou.be> wrote:
> Hi, Lynne -
> Please see attached an updated XML from our side, with the following
> changes in response to your questions.
> • We expanded "RR" in the document title. Please let us know any
> objections.
> We have adjusted the title to expand the initialism while avoiding nested
> parentheses.
> Original:
> Service Binding and Parameter Specification via the DNS
> (DNS SVCB and
> HTTPS Resource Records (RRs))
> Current:
> Service Binding and Parameter Specification via the DNS
> (SVCB and
> HTTPS Resource Records) 2. Please insert any keywords… We have added
> various relevant keywords. 3. Datatracker "idnits" output for the original
> approved document included the following warning … There are 2 instances of
> lines with non-RFC2606- compliant FQDNs
> These instances are false positives. 4. Section 1.1: We changed this
> section title, as it did not match the contents of the section. If this
> update is incorrect, perhaps some text is missing? If so, please clarify
> "goal" vs. "goals". We have accepted the new section title, and also
> corrected an obsolete reference to statements that were previously
> “mentioned above” but now appear later in the document. Original:
> (As mentioned above, this all
> applies equally to the HTTPS RR, which shares the same encoding, format,
> and high-level semantics.)
> Current:
> (As discussed in <xref target="svcb-compatible"/>, this all applies
> equally to the HTTPS RR, which shares the same encoding, format, and
> high-level semantics.) 5. Please review the "type" attribute of each
> sourcecode element…
> We have added types and converted “artwork” tags to
> “sourcecode” as appropriate. 6. Section 2.4.2: As it appears that
> "multiple" means "multiple RRs" (as opposed to "multiple RRSets"), we
> updated this sentence accordingly. If this is incorrect, please provide
> clarifying text.
> We have adjusted this to “multiple AliasMode RRs”. 7. Section
> 4.2: Is resolution of unknown RR types the only type of normal response
> construction, or should "i.e." ("that is") be "e.g."
> ("for example") here? Yes. For clarity, we’ve removed this use of
> “i.e.” entirely.
> 8. Section 4.3: Does "even if the contents are invalid" refer to the
> "MUST" clause, the "MAY" clause, or both? It refers to the “MAY” clause. To
> improve clarity, we’ve restructured this sentence and the following one.
> Original:
> Recursive resolvers <bcp14>MUST</bcp14> be able to convey SVCB records
> with unrecognized SvcParamKeys, and <bcp14>MAY</bcp14> treat the entire
> SvcParams portion of the record as opaque, even if the contents
> are invalid. Alternatively, recursive resolvers
> <bcp14>MAY</bcp14>
> report an error such as SERVFAIL to avoid returning a SvcParamValue that
> is invalid according to the SvcParam's specification.
> Current:
> Recursive resolvers <bcp14>MUST</bcp14> be able to convey SVCB records
> with unrecognized SvcParamKeys. Resolvers
> <bcp14>MAY</bcp14>
> accomplish this by treating the entire SvcParams portion of the record
> as opaque, even if the contents are invalid. If a recognized SvcParamKey
> is followed by a value that is invalid according to the
> SvcParam's specification, a recursive resolver
> <bcp14>MAY</bcp14>
> report an error such as SERVFAIL instead of returning the record.
> 9. Section 7.2: Should "this SvcParam" be
> "this SvcParamValue" here?
> Yes. (Corrected.) 10. Section 9.1: Please clarify the meaning of
> "Following of".
> We’ve clarified by reformulating this sentence and including references to
> the relevant sections where the behavior is defined.
> Original:
> Following of HTTPS AliasMode RRs and CNAME aliases is unchanged from SVCB.
> Current:
> The procedure for following HTTPS AliasMode RRs
> and CNAME aliases is unchanged from SVCB (as described in
> <xref target="alias-mode"/> and <xref target="client- behavior"/>). 11.
> Should the instances of "9443" be "8443" here? No, this distinction is
> intentional. 12. Section 9.4 and Table 1: Does "ECH" refer to citations for
> draft-ietf-tls-esni and not to
> "Encrypted ClientHello" in general, or does it refer to some
> (unknown) future specification related to ECH (in which case the text
> should be clarified)?
> For clarity, we’ve replaced “ECH” here with that reference, and expanded
> the acronym where it appears in the IANA instructions. The assignment is
> currently captured in draft-sbn-tls-svcb-ech- 00, which was extracted from
> this document. The TLS WG has adopted that document, and will need to
> decide whether to fold it into draft-ietf-tls-esni or advance it
> separately. 13. Section 9.6: Should 'HTTP URL' be '"http" URL'? … Also, we
> could not find any instances of
> "requestURL" in [WebSocket], any other published RFC, or
> [FETCH].
> We’ve replaced ‘HTTP URL” with the formal term defined in RFC 9110:
> “HTTP-related URI scheme”.
> Since we wrote this text, WHATWG has moved the definition of
> “requestURL” to a new document. We’ve fixed the problem by adding that
> reference here.
> Original:
> All HTTP connections to named origins are eligible to use HTTPS RRs,
> even when HTTP is used as part of another protocol or without an explicit
> HTTP URL. For example, clients that support HTTPS RRs and
> implement the altered WebSocket <xref target="RFC6455"/> opening handshake
> from the W3C Fetch specification <xref target="FETCH"/>
> <bcp14>SHOULD</bcp14> use HTTPS RRs for the
> <tt>requestURL</tt>.
> Current:
> All HTTP connections to named origins are eligible to use HTTPS RRs,
> even when HTTP is used as part of another protocol or without an explicit
> HTTP-related URI scheme (<relref target="RFC9110" section="4.2"/>). For
> example, clients that support HTTPS RRs and implement <xref
> target="RFC6455"/> using the altered opening handshake
> from <xref target="FETCH-WEBSOCKETS"/>
> <bcp14>SHOULD</bcp14> use HTTPS RRs for the
> <tt>requestURL</tt>. 14. Section 10.3: We had trouble following
> "various interpretations of RFCs" in the first sentence… We’ve replaced
> this vague statement by a reference to the BIND documentation for the
> behavior in question.
> Original:
> Note that some implementations may not allow A or AAAA records on names
> starting with an underscore due to various
> interpretations of RFCs.
> This could be an operational issue when the TargetName contains an
> Attrleaf label, as well as using a TargetName of "." when the owner name
> contains an Attrleaf label.
> Current:
> Some authoritative DNS servers may not allow A or AAAA records on names
> starting with an underscore (e.g., <xref
> target="BIND-CHECK-NAMES"/>).
> This could create an operational issue when the TargetName contains an
> Attrleaf label, or when using a TargetName of "." if the owner name
> contains an Attrleaf label.
> 15. Section 11: We do not see the word
> "stapling" or "staple" in RFC 6066. Please confirm that this citation will
> be clear to readers.
> We’ve adjusted this sentence to expand “OCSP” and mention
> “Certificate Status Request”, which is the formal name from RFC 6066.
> (We’ve preserved the term “stapling” because it is much more widely
> understood and commonly used than the formal name.) Original: Server
> operators implementing this standard
> <bcp14>SHOULD</bcp14> also
> implement TLS 1.3 <xref target="RFC8446"/> and Online Certificate Status
> Protocol (OCSP) Stapling <xref target="RFC6066"/>, both of which confer
> substantial performance and
> privacy benefits when used in combination with SVCB records. Current:
> Server operators implementing this standard
> <bcp14>SHOULD</bcp14> also
> implement TLS 1.3 <xref target="RFC8446"/> and Online Certificate Status
> Protocol (OCSP) Stapling (i.e., Certificate Status Request in
> <xref target="RFC6066" section="8" sectionFormat="of"/>), both of which
> confer substantial performance and privacy benefits when used in
> combination with SVCB records.</t> 16. Section 12: "unintended access"
> reads oddly here. If the suggested text is not correct, should the word
> "unintended" be removed? We’ve rephrased this in a way that avoids the word
> “unintended” and improves specificity.
> Original:
> If the attacker can influence the
> client's payload (e.g., TLS session ticket contents) and an internal
> service has a sufficiently lax parser, it's possible that the attacker
> could gain unintended access.
> Current:
> If the attacker can influence the
> client's payload (e.g., TLS session ticket contents) and an internal
> service has a sufficiently lax parser, the attacker could gain access
> to the internal service. 17. FYI, we have changed two instances of
> "Service Binding" to "service binding" because it written in lowercase
> where used generally in this document. We will ask IANA…
> We’ve changed the description in the IANA instructions to use the more
> precise term “SVCB-compatible” instead. (The original IANA instructions may
> predate this term.) 18. The following ACTION text indicates that the
> "Service Parameter Keys (SvcParamKeys)" registry should appear on the
> "Domain Name System (DNS) Parameters" page. However, the registry appears
> on a page under the heading
> "DNS Service Bindings (SVCB)"
> This disparity may have occurred because IANA reorganized their website
> after the original instructions were written. The current location of the
> registry correctly reflects the authors’ intent, and we have updated the
> draft to describe the new location. 19. Because the IANA registry does not
> include a
> "Meaning" column, we have updated the text as shown below. Please let us
> know if any updates are required.
> This change is correct. 20. Appendix A: Because Section 3.3 of RFC 1035
> says "<character-string> is treated as binary information, and can be up to
> 256 characters in length
> (including the length octet)", we updated this sentence to clarify the
> meaning of "same as". If this is incorrect, please provide text that
> clarifies the meaning of "same as". This change is not correct. We have
> adjusted the text to provide a clearer distinction between
> “<character-string>”
> (which is binary) and the textual representation used to generate it.
> Original:
> DNS zone files are capable of representing arbitrary octet sequences
> in basic ASCII text, using various delimiters and
> encodings. The
> algorithm for decoding these character strings is defined in
> <xref section="5.1" sectionFormat="of" target="RFC1035"/>. Current:
> DNS zone files are capable of representing arbitrary octet sequences
> in basic ASCII text, using various delimiters and
> encodings, according
> to an algorithm defined in <xref section="5.1" sectionFormat="of"
> target="RFC1035"/>. Original:
> In this document, this algorithm is referred to as
> "character-string decoding".
> The algorithm is the same as the guideline for
> <tt>&lt;character-string&gt;</tt> provided in <xref target="RFC1035"
> sectionFormat="of" section="3.3"/>, except that in this document the output
> length is not limited to 255 octets. Current:
> In this document, this algorithm is referred to as
> "character-string
> decoding", because it is used to produce a
> <tt>&lt;character-string&gt;</tt> in <xref target="RFC1035"
> sectionFormat="of" section="5.1"/>. Note that while the length of a
> <tt>&lt;character-string&gt;</tt> is limited to 255 octets, the
> character-string decoding algorithm can produce output of any length.</t>
> 21. Appendix C.4: We changed "the authoritative" at the end of this
> sentence to "the authoritative DNS server". This change is correct. 22.
> Appendix D.2: Do "target (root label)" and
> "target, root label" mean the same thing? If yes, should they both be
> expressed in the same way (i.e., either parentheses or comma)? Also, should
> "length: 2 bytes" be
> "length 2", per the format of all other "# length" and "; length" entries?
> Yes, these carry the same meaning. We have incorporated these changes to
> improve consistency.
> 23. The example.comline in Figure 8 extends beyond the 72- character
> limit.
> 24. Figure 8: The "example.com." line is too long… We have adjusted this
> figure as suggested to fit within the 72- character limit. 25. Figures 14
> and 15: Should "mandatory" be written in the same way in both titles (i.e.,
> either lowercase and quoted or initial-capitalized and unquoted)? No. In
> one case, it refers to an item that must be present; in the other it refers
> to the literal 9-character sequence “mandatory”. 26.
> "Acknowledgments and Related Proposals" reads oddly, in that the two ideas
> seem unrelated. "... proposed solutions ...challenge proposed" reads oddly
> as well. May we make a new Section 15
> ("Related Proposals") …
> ?
> We’ve reformulated this paragraph to make clear that the related proposals
> are mentioned by way of acknowledgement and gratitude. 27. Please review
> the "Inclusive Language" portion of the online Style Guide …
> We have reviewed this guidance but did not find any changes that could be
> made on this basis.
> 28. Please let us know if any changes are needed for the following
> [capitalization consistency issues] We have attempted to correct these
> issues to improve consistency. In the case of ALPN, we have clarified some
> uses as “ALPN protocol” or “ALPN ID”.
> ------------
> Additionally, we made several edits in response to a late- arriving review
> from the DNS Directorate, as Warren indicated. These are highlighted below,
> in no particular order.
> # Positive and negative DNSSEC (Section 4.1)
> Original:
> If the zone is signed, the server SHOULD also include positive or negative
> DNSSEC responses for these records in the Additional section.
> Current:
> If the zone is signed, the server SHOULD also include DNSSEC records
> authenticating the existence or nonexistence of these records in the
> Additional section.
> # Use of “origin” for concepts other than HTTP origins
> - In 1.1, “an origin within the DNS” => “a service identified by a domain
> name”
> - In 3.1, “origin’s SVCB record” => “service’s SVCB record”
> - In 7.3, “origin hostname” => “service name”
> - In 9.3, “origin endpoint” => “authority endpoint”
> - In 12, “origin” => “authoritative server”
> # Use of “delegation” outside the sense of DNS zone delegation
> - In 1, “delegating the origin” => “aliasing the origin”
> - In 1.1, “delegation of operational authority for an origin within
> the DNS to an alternate name.” => “extending operational authority for
> a service identified by a domain name to other instances with alternate
> names.” (overlap with previous set)
> - In 1.1, “apex delegation” => “apex aliasing”
> - In 3.2, “It allows the service to delegate the apex domain.” =>
> “It allows a service on an apex domain to use aliasing.”
> - In Figure 1 (caption), “Is Delegated to” => “Is Available At”
> # Inconsistency of terms for list and sorting in Section 3
> - “enumerating the priority-ordered endpoints” =>
> “enumerating and ordering the available endpoints”
> - Addition of “Sort the records by ascending SvcPriority.” to step 4.
> - “known endpoints” => “available endpoints”
> - “priority list” => “list of endpoints”
> - “the resolved list” => “this list”
> # Vague performance statements
> In 2.4.2, removed “which would likely improve performance”
> # No such thing as empty RRset
> Original:
> If the SVCB RRset contains no compatible RRs, the client will generally
> act as if the RRset is empty.
> Current:
> Incompatible RRs are ignored (see step 5 of the procedure defined in <xref
> target="client-behavior"/>).
> ------------
> Finally, with regard to the changes from our previous e- mail: The
> attached file incorporates your proposed changes. We have made one
> adjustment, where <tt> was already being used around a hostname which is
> now quoted. The
> combination is probably not necessary; for consistency, we can align on
> quotes.
> Original:
> When using the generic SVCB RR type with aliasing, zone owners
> <bcp14>SHOULD</bcp14> choose alias target names that indicate the scheme
> in use (e.g., <tt>"foosvc.example.net"</tt> for
> <tt>"foo://"</tt> schemes). This will help to avoid confusion when
> another scheme needs to be added to the configuration. When multiple
> port numbers are in use, it may be helpful to repeat the prefix labels in
> the alias target name (e.g.,
> <tt>"_1234._foo.svc.example.net"</tt>). Current: When using the generic
> SVCB RR type with aliasing, zone owners
> <bcp14>SHOULD</bcp14> choose alias target names that indicate the scheme
> in use (e.g., "foosvc.example.net" for "foo" schemes). This
> will help to avoid confusion when another scheme needs to be added to
> the configuration. When multiple port numbers are in use, it may be
> helpful to repeat the prefix labels in the alias target name
> (e.g., "_1234._foo.svc.example.net"). We have also removed the
> “://”, which is not properly part of the scheme. -----Original
> Message-----
> From: Lynne Bartholomew <lbartholomew@amsl.com> Sent: Friday, September
> 22, 2023 2:39 PM
> To: Mike Bishop
> <mbishop@evequefou.be>;ietf@bemasc.net;erik+ietf@nygren.org Cc:
> rfc-editor@rfc-editor.org;dnsop-ads@ietf.org;dnsop- chairs@ietf.org;tjw.
> ietf@gmail.com;
> auth48archive@rfc-editor.org
> Subject: Re: AUTH48: RFC-to-be 9460 <draft-ietf-dnsop- svcb- https-12>
> for your review Hi, Mike and coauthors.
> Mike, apologies for our confusion with the emails
> yesterday. We have updated this document per your notes below. Please see
> our "[rfced]" notes inline. Also, apologies for an issue regarding an
> update to Section 14.4. The updated section is now correct. We also removed
> a duplicate question regarding Figure 8.
> The latest files are posted here. Please refresh your browser to view the
> latest updates and the updated list of questions: https://www.rfc-editor.
> org/authors/rfc9460.txt
> https://www.rfc-editor.org/authors/rfc9460.pdf
> https://www.rfc-editor.org/authors/rfc9460.html
> https://www.rfc-editor.org/authors/rfc9460.xml
> https://www.rfc-editor.org/authors/rfc9460-
> diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- rfcdiff.htmlhttps://
> www.rfc-editor.org/authors/rfc9460- auth48diff.html
> https://www.rfc-editor.org/authors/rfc9460-alt-
> diff.htmlhttps://www.rfc-editor.org/authors/rfc9460- xmldiff1.htmlhttps://
> www.rfc-editor.org/authors/rfc9460- xmldiff2.htmlhttps://www.rfc-editor.
> org/authors/rfc9460-alt- diff.htmlThank you, and again, apologies for our
> confusion. RFC Editor/lb
> On Sep 20, 2023, at 1:33 PM, Mike Bishop
> <mbishop@evequefou.be> wrote:
> A couple points from the copy-edits I wanted to discuss as we go through
> these….
> Under SVC Query Names, I see this change:
> Original: When querying the SVCB RR, a service is translated into a QNAME
> by
> prepending the service name with a label indicating the scheme, prefixed
> with an underscore, resulting in a domain name like
> "_examplescheme.api.example.com.".
> Current: When querying the SVCB RR, a service is translated into a QNAME
> by
> prepending the service name with a label indicating the scheme, prefixed
> with an underscore, resulting in a domain name like
> "_examplescheme.api.example.com."
> In this instance, however, the literal domain name ends with a period.
> Given the general rule in American English that the period goes inside the
> quotation marks and not outside, the absence of the explicit exterior
> period might cause some readers to apply that rule and not expect the
> actual domain name to contain the trailing dot; hence the separate period
> in the original.
> Could we revert this change, or is there a different way we could word
> this to avoid any confusion?
> [rfced] Reverted. Thank you for the explanation. Under AliasMode, quotes
> were added to offset
> “https://example.com ”, but similar quotes were not added around
> “foo://example.com:8080”. Should all URIs be quoted, if this one is?
> [rfced] We added quotes to URIs listed in text. Please review and let us
> know if any of the new quotes are incorrect (e.g., we added quotes for
> 'owner of
> "example.com"' because we found 'the operator of
> "https://example.com "', but is this update correct?). Regarding the
> hyphenation of “SVCB-optional” and “SVCB- reliant”: Original: A client is
> called "SVCB-optional" if it can connect without the use
> of ServiceMode records, and "SVCB-reliant" otherwise. Current: A client is
> called "SVCB optional" if it can connect without the use
> of ServiceMode records; otherwise, it is called "SVCB reliant". These
> terms are used primarily as adjectives before a noun (and therefore
> hyphenated) and in a few instances with a verb in between. It seems unclear
> not to
> hyphenate the definition of the terms when that’s
> primarily how they’re used, for ease of searching. For uniformity, could
> we hyphenate these terms throughout? If I understand the rule correctly, a
> compound adjective is
> *generally* not hyphenated when not before a noun, but some are.
> (The same applies to “SVCB-compatible” later.) [rfced] We restored the
> hyphens.
> Updated list of questions:
> 1) <!-- [rfced] We expanded "RR" in the document title. Please let us know
> any objections.
> Original:
> Service binding and parameter specification via the DNS
> (DNS SVCB and
> HTTPS RRs)
> Currently:
> Service Binding and Parameter Specification via the DNS
> (DNS SVCB and
> HTTPS Resource Records (RRs)) -->
> 2) <!-- [rfced] Please insert any keywords (beyond those that appear
> in the
> title) for use on <https://www.rfc-editor.org/search >. -->
> 3) <!-- [rfced] Datatracker "idnits" output for the original approved
> document included the following warning. Please let us know if any changes
> are needed as related to this warning:
> == There are 2 instances of lines with non-RFC2606- compliant FQDNs in the
> document. -->
> 4) <!-- [rfced] Section 1.1: We changed this section title, as it did not
> match the contents of the section. If this update is incorrect, perhaps
> some text is missing? If so, please clarify
> "goal" vs.
> "goals".
> Original (excerpts from this section are included for context):
> 1.1. Goals of the SVCB RR
> The goal of the SVCB RR is to allow clients to resolve a single additional
> DNS RR in a way that:
> ...
> Additional goals specific to HTTPS RRs and the HTTP use- cases include:
> Currently:
> 1.1. Goals -->
> 5) <!-- [rfced] Please review the "type" attribute of each sourcecode
> element in the XML file to ensure correctness. If the current list of
> preferred values for "type"
> (https://www.rfc-editor.org/materials/sourcecode-types.txt
> ) does not contain an applicable type, please let us know. Also, it is
> acceptable to leave the "type" attribute not set. In addition, review each
> artwork element. Specifically, should any artwork element be tagged as
> sourcecode (e.g.,
> "dns-rr", "pseudocode", or "test-vectors" for some or all of the figures
> in the appendices)? -->
> 6) <!-- [rfced] Section 2.4.2: As it appears that
> "multiple" means "multiple RRs" (as opposed to "multiple RRSets"), we
> updated this sentence accordingly. If this is incorrect, please provide
> clarifying text.
> Original (the previous sentence is included for context): In AliasMode,
> the SVCB record aliases a service to a TargetName. SVCB RRSets SHOULD only
> have a single resource record in AliasMode.
> If multiple are present, clients or recursive resolvers SHOULD pick one at
> random.
> Currently:
> If multiple
> RRs are present, clients or recursive resolvers SHOULD pick one at random.
> -->
> 7) <!-- [rfced] Section 4.2: Is resolution of unknown RR types the only
> type of normal response construction, or should "i.e."
> ("that is") be "e.g." ("for example") here? Original: Whether the
> recursive resolver is aware of SVCB or not, the normal
> response construction process (i.e. unknown RR type resolution under
> [RFC3597]) generates the Answer section of the response.
> -->
> 8) <!-- [rfced] Section 4.3: Does "even if the contents are invalid"
> refer to the "MUST" clause, the "MAY" clause, or both? Original: Recursive
> resolvers MUST be able to convey SVCB records with unrecognized
> SvcParamKeys, and MAY treat the entire SvcParams portion of the record as
> opaque, even if the contents are invalid.
> (A) Perhaps (both):
> Recursive resolvers MUST be able to convey SVCB records with unrecognized
> SvcParamKeys and MAY treat the entire SvcParams portion of the record as
> opaque, even if the contents are invalid.
> (B) Or possibly (only the "MAY" clause): Recursive resolvers MUST be able
> to convey SVCB records with unrecognized SvcParamKeys, and the resolvers
> MAY treat the entire SvcParams portion of the record as opaque even if the
> contents are invalid.
> (C) Or to be specific (instead of rely only on the comma): Recursive
> resolvers MUST be able to convey SVCB records with unrecognized
> SvcParamKeys, and the resolvers MAY treat the entire SvcParams portion of
> the record as opaque even if the contents
> (of that portion) are invalid. -->
> 9) <!-- [rfced] Section 7.2: Should "this SvcParam" be
> "this
> SvcParamValue" here? We ask because we see two instances of
> "SvcParamValue MUST NOT contain escape sequences" later in this document.
> Original:
> To enable simpler parsing, this SvcParam MUST NOT contain escape
> sequences. -->
> 10) <!-- [rfced] Section 9.1: Please clarify the meaning of
> "Following of".
> Original:
> Following of HTTPS AliasMode RRs and CNAME aliases is unchanged from
> SVCB. -->
> 11) <!--[rfced] Should the instances of "9443" be "8443" here? Original:
> Alt-Svc: h2="alt.example:443",
> h2="alt2.example:443", h3=":8443" The client would retrieve the following
> HTTPS records: alt.example. IN HTTPS 1 . alpn=h2,h3 foo=...
> alt2.example. IN HTTPS 1
> alt2b.example. alpn=h3 foo=...
> _8443._https.example.com. IN HTTPS
> 1 alt3.example. (
> port=9443 alpn=h2,h3 foo=... )
> [...]
> *
> HTTP/3 to alt3.example:9443 -->
> 12) <!-- [rfced] Section 9.4 and Table 1: Does "ECH" refer to citations
> for draft-ietf-tls-esni and not to "Encrypted ClientHello"
> in general, or does it refer to some (unknown) future specification
> related to ECH (in which case the text should be
> clarified)?
> Please note that we could not find any indication in draft-ietf- tls-esni
> that the parameter in question will be reserved for it.
> Original:
> Clients MUST NOT use an HTTPS RR response unless the client supports
> TLS Server Name Indication (SNI) and indicates the origin name in the
> TLS ClientHello (which might be encrypted via a future specification
> such as ECH).
> ...
> | 5 | ech | RESERVED |N/A
> |IETF |
> | | | (will be | |
> |
> | | | used for | |
> |
> | | | ECH) | |
> | -->
> 13) <!-- [rfced] Section 9.6:
> Should 'HTTP URL' be '"http" URL'? We ask because we do not see
> 'HTTP URL' used anywhere else in this document or in this cluster of
> documents (https://www.rfc-
> editor.org/cluster_info.php?cid=C461 ).
> Also, we could not find any instances of "requestURL" in
> [WebSocket],
> any other published RFC, or [FETCH]. However, we see
> "Request-URI"
> in [WebSocket]. Will the use of "requestURL" be clear to readers?
> Original:
> All HTTP connections to named origins are eligible to use HTTPS RRs,
> even when HTTP is used as part of another protocol or without an explicit
> HTTP URL. For example, clients that support HTTPS RRs and
> implement the altered WebSocket [WebSocket] opening handshake from the
> W3C Fetch specification [FETCH] SHOULD use HTTPS RRs for the requestURL.
> -->
> 14) <!-- [rfced] Section 10.3: We had trouble following
> "various
> interpretations of RFCs" in the first sentence, as it appears to indicate
> that the RFCs themselves are being interpreted. Also, the
> second sentence does not parse. Would the "Perhaps" text below be helpful?
> If not, please provide clarifying text.
> Original ("an TargetName" has been fixed): Note that some implementations
> may not allow A or AAAA records on names starting with an underscore due to
> various
> interpretations of
> RFCs. This could be an operational issue when the TargetName contains
> an attrleaf label, as well as using an TargetName of "." when the owner
> name contains an attrleaf label.
> Perhaps:
> Note that some implementations may not allow A or AAAA records on names
> that start with an underscore, due to various interpretations in
> other RFCs. This could be an operational issue when the TargetName
> contains an Attrleaf label, as well as when a TargetName of "." is
> used when the owner name contains an Attrleaf label. --> 15) <!--
> [rfced] Section 11: We do not see the word
> "stapling" or
> "staple" in RFC 6066. Please confirm that this citation will be clear
> to readers.
> Original:
> Server operators implementing this standard SHOULD also implement TLS
> 1.3 [RFC8446] and OCSP Stapling [RFC6066], both of which confer
> substantial performance and privacy benefits when used in combination
> with SVCB records. -->
> 16) <!-- [rfced] Section 12: "unintended access" reads oddly here.
> If the suggested text is not correct, should the word
> "unintended"
> be removed? Please provide alternative text if you'd like to rephrase.
> Original:
> If the attacker can influence the client's payload (e.g. TLS session
> ticket contents), and an internal service has a sufficiently lax parser,
> it's possible that the attacker could gain
> unintended access.
> Suggested:
> If the attacker can influence the client's payload (e.g., TLS session
> ticket contents) and an internal service has a
> sufficiently lax
> parser, it's possible that, as an unintended consequence, the attacker
> could gain access. -->
> 17) <!-- [rfced] FYI, we have changed two instances of
> "Service Binding"
> to "service binding" because it written in lowercase where used generally
> in this document. We will ask IANA to update
> <https://www.iana.org/assignments/dns-parameters/ > accordingly, unless
> you let us know you prefer otherwise. Original:
> * Meaning: General Purpose Service Binding Current: Meaning:
> General-purpose service binding
> Original:
> * Meaning: Service Binding type for use with HTTP Current: Meaning:
> Service binding type for use with HTTP
> -->
> 18) <!-- [rfced] The following ACTION text indicates that the
> "Service Parameter Keys (SvcParamKeys)" registry should appear on the
> "Domain Name System (DNS) Parameters" page. However, the registry appears
> on a page under the heading "DNS Service Bindings
> (SVCB)"
> (see https://www.iana.org/assignments/dns-svcb/ ). Please review and
> let us know if the location of the "DNS Service Bindings
> (SVCB)"
> registry is correct.
> Original:
> ACTION: create this registry, on a new page entitled "DNS Service Bindings
> (SVCB)" under the "Domain Name System (DNS) Parameters" category. -->
> 19) <!-- [rfced] Section 14.4: Because the "Underscored and Globally
> Scoped DNS Node Names" IANA registry does not include a
> "Meaning"
> column, we have updated the table as shown below. Please let us know
> if any other updates are required.
> Original (to avoid the issue of double dashes and XML comments, the
> bottom line of the table is not included):
> Per [Attrleaf], please add the following entry to the DNS Underscore
> Global Scoped Entry Registry:
>
> +=========+============+=================+=================+
>
> | RR TYPE | _NODE NAME | Meaning | Reference
> |
>
> +=========+============+=================+=================+
>
> | HTTPS | _https | HTTPS SVCB info | (This
> document) |
> Table 2
> Currently:
> Per [Attrleaf], the following entry has been added to the DNS
> "Underscored and Globally Scoped DNS Node Names" registry:
> +=========+============+===========+
> | RR Type | _NODE NAME | Reference |
> +=========+============+===========+
> | HTTPS | _https | RFC 9460 |
> Table 2 -->
> 20) <!-- [rfced] Appendix A: Because Section 3.3 of RFC 1035 says
> "<character-string> is treated as binary information, and can be up to
> 256 characters in length (including the length octet)", we updated
> this sentence to clarify the meaning of "same as". If this is incorrect,
> please provide text that clarifies the meaning of "same as".
> Original:
> The algorithm is the same as used by
> <character-string> in RFC 1035, although the output length in this
> document is not limited to 255 octets.
> Currently:
> The algorithm is the same as the
> guideline for <character-string> in [RFC1035], except that in this
> document the output length is not limited to 255 octets.
> -->
> 21) <!-- [rfced] Appendix C.4: We changed "the authoritative" at the end
> of this sentence to "the authoritative DNS server". If this
> is incorrect, please clarify the meaning of "the authoritative". Original:
> Recursive resolvers that implement the specification would, upon receipt
> of a ServiceMode query, emit both a ServiceMode and an AliasMode query to
> the authoritative.
> Currently:
> Recursive resolvers that implement the specification would, upon receipt
> of a ServiceMode query, emit both a ServiceMode query and an
> AliasMode query to the authoritative DNS server. --> 22) <!--
> [rfced] Appendix D.2: Do "target (root label)" and
> "target, root label" mean the same thing? If yes, should they both be
> expressed in the same way (i.e., either parentheses or comma)? Also,
> should "length: 2 bytes" be "length 2", per the format of all
> other "# length" and "; length" entries? Original: 00 ; target (root
> label)
> ...
> \x00 # target, root label
> ...
> \x00\x02 # length: 2 bytes
> ...
> \x00\x05 # length 5
> ...
> \x00\x09 # length 9
> ...
> \x00\x20 # length 32
> ...
> \x00\x10 # length 16 -->
> 23) <!-- [rfced] Figure 8: The "example.com." line is too long and
> yields the following warning:
> Warning: Too long line found (L2319), 4 characters longer than 72
> characters:
> example.com. SVCB 1example.com.
> ipv6hint="2001:db8:122:344::192.0.2.33"
> We see a similar type of line at the top of Figure 7, although that
> line uses parentheses before and after the line break around
> "ipv6hint". Would it be syntactically correct to format this line
> (i.e., with parentheses and line breaks) per Figure 7? Original: example.
> com. SVCB 1example.com.
> ipv6hint="2001:db8:122:344::192.0.2.33"
> Possibly:
> example.com. SVCB 1example.com. (
> ipv6hint="2001:db8:122:344::192.0.2.33"
> ) -->
> 24) <!-- [rfced] Figures 14 and 15: Should "mandatory" be written in the
> same way in both titles (i.e., either lowercase and quoted or
> initial-capitalized and unquoted)?
> Original:
> Figure 14: A mandatory SvcParam is missing ...
> Figure 15: The "mandatory" S
>
>