Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS
Ben Schwartz <bemasc@google.com> Thu, 23 July 2020 14:22 UTC
Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D64C3A088F for <dnsop@ietfa.amsl.com>; Thu, 23 Jul 2020 07:22:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.6
X-Spam-Level:
X-Spam-Status: No, score=-17.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7TKnD9cciV2S for <dnsop@ietfa.amsl.com>; Thu, 23 Jul 2020 07:22:16 -0700 (PDT)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACC453A0881 for <dnsop@ietf.org>; Thu, 23 Jul 2020 07:22:16 -0700 (PDT)
Received: by mail-wm1-x32f.google.com with SMTP id c80so5143863wme.0 for <dnsop@ietf.org>; Thu, 23 Jul 2020 07:22:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BoIITwQbLfTSvqZAhFsVlVDPLkpXmzHr1iGAqpU9gIY=; b=NkpmGAHrEpie0aqNewxin8sdYua493as02I5/eyKPsIeheCoYbVgx8b2e1Aj+3IZvm VAkImE839a2xhgy+stypxKooKMF6JPKN1tp0PN+GhSmFoYaiEwMb6uSySJih6hWYCtQG 38EfgyHihURh72Yiwc8A6Uh0pKqlxlTTuyX2GWSNWkFl/aVrGlk//pgJHo79KHILhk02 paW9mlETDKscHsUILHBi9z4LjSrQf0CX6QPGrJm0lV6sFZAEJfs7jYVaNxfj9MMP2KLk 0VJtRvNCSi+oR6f1Arj4caO/SLCGkkHfWRouxC4Uy5qWWGaJtxb1ezY387sw8wLBjAEK kzPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BoIITwQbLfTSvqZAhFsVlVDPLkpXmzHr1iGAqpU9gIY=; b=mvuglDPHde3Kn9RuPdWb1WZshI9IIwBD6/AvEneAqQsYLCglNi+AvJbSrVYzLQwLpe 1V7U1adK+tZU231rdaa96oTGDl8geB1yzUpUE3O+HeUPJHhzUT2FCKx0Pgf6krDAGApk +ThnQuYBTyV7jDoe/6TP/NRDoHuYJy4UzuA/24HoiggMk8f9TnTKTNKfW6Y96LApVCsH JLXR1uMBsDGkXzIudDnYigOS6cSzMRNqrjBB/FDvREZx+vHibIrCmBydQbn5UWJiXJhG 19DobglYS6e6YrZGeJIyQL7RRA3QPjMxE5lgxtkdErkBDeZABrxj6yy8M5jvAjQ/zCm5 DUCQ==
X-Gm-Message-State: AOAM531kH8pjzTvdOuaORWnWzqxstFLTolg47Q+O+snuM+A9GOM5oLEC 7gej2Nw8wCAwStPaDyxBuhkNIgySGhVB7ASJNycEnQ==
X-Google-Smtp-Source: ABdhPJx7+ZtilwwbotBpMWwNUBaMrxKvTxPj2MIRAc/NIo3TveTxcz5h8UppGtIUfWqk66T9GCQWIzDrrqJJdfSXUeU=
X-Received: by 2002:a1c:6246:: with SMTP id w67mr4273348wmb.42.1595514134876; Thu, 23 Jul 2020 07:22:14 -0700 (PDT)
MIME-Version: 1.0
References: <20200716151356.GA60024@wakko.flat11.house> <9975DA88-525A-4FC3-9517-70E128A4776D@akamai.com> <099D8D6A-FBBD-4A5A-B1A9-C67CF83DD3DF@apple.com> <E5679D36-1C01-4534-BDFA-836B1FD5A33D@akamai.com> <CAHbrMsDWwahCWoDtQRHQOb5ThGZHuVaOU+e3zkd=H-CZF1s3wg@mail.gmail.com> <e82c0023-478a-4507-10dc-4f2c6deb68ba@nic.cz> <1398296D-D020-4652-8BA9-27C16D378578@isc.org> <CAKW6Ri5vEp1tShjMJfF0rptcum3gqSEey6eky6mQ8yDz7wKXmA@mail.gmail.com>
In-Reply-To: <CAKW6Ri5vEp1tShjMJfF0rptcum3gqSEey6eky6mQ8yDz7wKXmA@mail.gmail.com>
From: Ben Schwartz <bemasc@google.com>
Date: Thu, 23 Jul 2020 10:22:00 -0400
Message-ID: <CAHbrMsDfYT8p+bnyTvTmEKLR1ohjoaWxrk02Q7Yab7begMiC1w@mail.gmail.com>
To: Dick Franks <rwfranks@gmail.com>
Cc: Mark Andrews <marka@isc.org>, IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000004554a305ab1c95b1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/coPezzDgwQa9OLUiS7ROExmT6Mc>
Subject: Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 14:22:19 -0000
On Thu, Jul 23, 2020 at 4:41 AM Dick Franks <rwfranks@gmail.com> wrote: > > Apart from "mandatory" itself, which cannot avoid being mandatory, what > distinguishes an "automatically mandatory" key from any other optional key > not listed in key0? > Consider "port". This key is "automatically mandatory" for HTTPS, because a client who ignores the "port" key will not be able to connect using an RR that contains the "port" key. (They would connect to the wrong port.) In contrast, consider "echconfig". This key is a normal, optional key (unless listed in "mandatory"), because ECH is an optional extension to TLS, so clients who ignore "echconfig" can still connect using RRs that contain an "echconfig" SvcParam.
- [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Tim Wicinski
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Wellington, Brian
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Tommy Pauly
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Wellington, Brian
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Tim Wicinski
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Ben Schwartz
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Wellington, Brian
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Wellington, Brian
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Petr Špaček
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Dick Franks
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Brian Dickson
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Jared Mauch
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Ben Schwartz
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Ben Schwartz
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Alessandro Ghedini
- Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS Mark Andrews