Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS

Ben Schwartz <bemasc@google.com> Thu, 23 July 2020 14:22 UTC

MIME-Version: 1.0
References: <20200716151356.GA60024@wakko.flat11.house> <9975DA88-525A-4FC3-9517-70E128A4776D@akamai.com> <099D8D6A-FBBD-4A5A-B1A9-C67CF83DD3DF@apple.com> <E5679D36-1C01-4534-BDFA-836B1FD5A33D@akamai.com> <CAHbrMsDWwahCWoDtQRHQOb5ThGZHuVaOU+e3zkd=H-CZF1s3wg@mail.gmail.com> <e82c0023-478a-4507-10dc-4f2c6deb68ba@nic.cz> <1398296D-D020-4652-8BA9-27C16D378578@isc.org> <CAKW6Ri5vEp1tShjMJfF0rptcum3gqSEey6eky6mQ8yDz7wKXmA@mail.gmail.com>
In-Reply-To: <CAKW6Ri5vEp1tShjMJfF0rptcum3gqSEey6eky6mQ8yDz7wKXmA@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 23 Jul 2020 10:22:00 -0400
Message-ID: <CAHbrMsDfYT8p+bnyTvTmEKLR1ohjoaWxrk02Q7Yab7begMiC1w@mail.gmail.com>
To: Dick Franks <rwfranks@gmail.com>
Cc: Mark Andrews <marka@isc.org>, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000004554a305ab1c95b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/coPezzDgwQa9OLUiS7ROExmT6Mc>
Subject: Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS
Precedence: list

On Thu, Jul 23, 2020 at 4:41 AM Dick Franks <rwfranks@gmail.com> wrote:

>
> Apart from "mandatory" itself, which cannot avoid being mandatory, what
> distinguishes an "automatically mandatory" key from any other optional key
> not listed in key0?
>

Consider "port".  This key is "automatically mandatory" for HTTPS, because
a client who ignores the "port" key will not be able to connect using an RR
that contains the "port" key.  (They would connect to the wrong port.)

In contrast, consider "echconfig".  This key is a normal, optional key
(unless listed in "mandatory"), because ECH is an optional extension to
TLS, so clients who ignore "echconfig" can still connect using RRs that
contain an "echconfig" SvcParam.

Attachment: smime.p7s

[DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Tim Wicinski
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Wellington, Brian
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Tommy Pauly
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Wellington, Brian
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Tim Wicinski
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Ben Schwartz
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Wellington, Brian
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Wellington, Brian
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Petr Špaček
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Dick Franks
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Brian Dickson
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Jared Mauch
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Ben Schwartz
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Ben Schwartz
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews

Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS

Attachment: smime.p7s