Re: [DNSOP] post-dispatch dispatching a draft...

Sean Turner <> Tue, 02 April 2024 16:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B26E5C151095 for <>; Tue, 2 Apr 2024 09:51:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4Ywcyau6EoZD for <>; Tue, 2 Apr 2024 09:51:40 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::f2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by (Postfix) with ESMTPS id 0E097C151099 for <>; Tue, 2 Apr 2024 09:51:39 -0700 (PDT)
Received: by with SMTP id 6a1803df08f44-69185f093f5so37247226d6.3 for <>; Tue, 02 Apr 2024 09:51:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; t=1712076698; x=1712681498;; h=message-id:in-reply-to:to:references:date:subject:mime-version :content-transfer-encoding:from:from:to:cc:subject:date:message-id :reply-to; bh=kB7xFVvgNy5VH3di1HQU9Rji/KRp4i41wGiVt0gLL4I=; b=ii5kGGDQSMqt/Q+0sGLQcDpgnr45kHqYItdhFBeY5vKbZiSVfmzPiAsVPeqUmu1DZQ MIYambL7GnCd25hTL2LLR/PqjI90dpcYrU+jS2bP+gV/wcR2CHE0YQUOsX5LGRSHUOXB 9wKnK3Fr+L2JDD93LFzG4y/n3LtOVLJTC7uMI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20230601; t=1712076698; x=1712681498; h=message-id:in-reply-to:to:references:date:subject:mime-version :content-transfer-encoding:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kB7xFVvgNy5VH3di1HQU9Rji/KRp4i41wGiVt0gLL4I=; b=j/d//xT/edoxBM52cNi2kTIFH+X4/cKebbm10eG3U7i8HhQ/JrM+JsLN/g5jAZdg2h ufj3xFjCGA3AnF3hSgRijf/UjL6vLVIuYiw16mrjOHlNsoAU6HznEvdmecEd60XRFDj5 Y76fbdTEvEXi/3t02RYnwliBKmu1hfSy41l0/hZ6kVEcN0vSSyw1LgyxYJdIJWjpHCHc TXX8qut19qhzkabS9ndZc5hxYdA+Tpi/3GzFReVMS954rYQjykTTDtGMgUTql/eD81z2 UHk8ajeINpwMnd2wRRe6BT6VLMwlT2P776ak5WaNTuwTzpIkQkL7bRsVfSK1tibgmcdQ UbjQ==
X-Gm-Message-State: AOJu0YynawToDnW7eV40Dwxcs+VDjzW16zxv0JAtt0XlipBO1TMHNy86 NstMycskfiKtWNnnYw0IpdZe1mhQhmORzba+EG02WJWEe7LXHAAsXjo2PpAmjXMxxpTXAA6ad+o q
X-Google-Smtp-Source: AGHT+IGfG04RFx8IS+wFeh0zQpcfr/BoOyX9bdYGdaPEEJf/SAdLLek8/uizTZjC6uLR09/8zQm9Hw==
X-Received: by 2002:a05:6214:500a:b0:699:cd2:f8f1 with SMTP id jo10-20020a056214500a00b006990cd2f8f1mr7727056qvb.27.1712076698194; Tue, 02 Apr 2024 09:51:38 -0700 (PDT)
Received: from ( []) by with ESMTPSA id oo14-20020a056214450e00b00690c9256676sm5681316qvb.49.2024. for <> (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Apr 2024 09:51:37 -0700 (PDT)
From: Sean Turner <>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Date: Tue, 02 Apr 2024 12:51:37 -0400
References: <> <>
In-Reply-To: <>
Message-Id: <>
X-Mailer: Apple Mail (2.3654.
Archived-At: <>
Subject: Re: [DNSOP] post-dispatch dispatching a draft...
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Apr 2024 16:51:44 -0000

Hi! Eventually, draft-farrell-tls-wkesni became:
It would be great if input/review from DNSOP came in ;)


> On May 17, 2022, at 22:50, Warren Kumari <> wrote:
> On Tue, May 17, 2022 at 11:39 AM, Stephen Farrell <> wrote:
> Hi all, 
> At IETF 113 a draft of mine [1] was presented (slides [2]) at the dispatch session. Part of the upshot there was to check with dnsop if people felt asking for adoption here would be the right plan for this draft. 
> The draft is concerned with (re-)publishing ECHConfigList values in SVCB/HTTPS RRs as the keys for ECH are rotated, but in the context where the ECH private key holder and the DNS publishing entities differ. As an FYI, ECH interop servers operated by Cloudflare and by me rotate such keys hourly so some new automation is needed for cases where one does not have some kind of dynamic DNS API available.
> <no hats, personal view only, objects in rear-view mirror may be closer than they appear, etc/>
> 'k,  so about the only terms I recognize from the above are 'DNS' and 'RR' - the rest are deep TLS arcana…. to my mind that makes it seem much more like it should be adopted in something like TLS, with some input / review from DNSOP / HTTPBIS…
> W
> P.S: Yeah, yeah, ok, I also recognized the others, but my point is that the document is much more (to my mind) related to TLS and well-known URIs and similar, and that the DNS bit is much more secondary...
> To be clear: my own opinion is that adopting this in dnsop would not be a good plan, but that asking the TLS WG would be the right plan instead. That said though, even if this were adopted by TLS, I think it'd benefit from input from dnsop (and httpbis), once the adopted form of the draft had taken would could be a near-final overall shape. And who knows, maybe I'm wrong and this'd be better handled here. 
> So - do people here consider it'd be useful to try for a call for adoption for this in dnsop, or do you agree with me that doing that in the tls wg would be better? 
> Thanks, 
> S.
> PS: If it's useful and there's time I'd be fine with asking the above again at the upcoming interim. 
> [1] 
> [2] 
> _______________________________________________ 
> DNSOP mailing list