Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt
Ben Schwartz <bemasc@google.com> Thu, 18 March 2021 01:04 UTC
Return-Path: <bemasc@google.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88E0C3A19B0 for <dnsop@ietfa.amsl.com>; Wed, 17 Mar 2021 18:04:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id orls6gWaumgc for <dnsop@ietfa.amsl.com>; Wed, 17 Mar 2021 18:04:49 -0700 (PDT)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FA8C3A19AE for <dnsop@ietf.org>; Wed, 17 Mar 2021 18:04:49 -0700 (PDT)
Received: by mail-wm1-x32d.google.com with SMTP id b2-20020a7bc2420000b029010be1081172so2348998wmj.1 for <dnsop@ietf.org>; Wed, 17 Mar 2021 18:04:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3UTjW8zmCQxydNwoNz8ATngRoK+Dwlb9lJfAZ5w7Zaw=; b=gSSoLTn03GUFXz39j7Fw7yVhQ/NeZV7pLelTp3bSJT7U5MRb2/aBc46ug2aLMsJbU9 eir6OxhoIBUhPiByFni4+FINzoszP1ahV7sgZSDZipqodydAW6M1lJ+gHJTostG/qdHN RJze8ysSdAoMpsaD62zmomzt5NJit01NZSm2ONtRMukPMyRYCAhDGFFgJlulD+Kjcne1 pFoOd2acAxymbzQgtdNyR5Hb64bh8a3xYmQE8nCs/jYRA/851voZt/6Yi1jhyVXO/ACt iiesB85821ynUbby+NwPpYaUvTh728OfEXMViTy7UPfuna6/Uh7nZaF2ibFfexDFqvAT spVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3UTjW8zmCQxydNwoNz8ATngRoK+Dwlb9lJfAZ5w7Zaw=; b=qsbzhl1rL2x/8njsYgVJNiIUX9165XVzajdPQahp7i5+rj1zthPMJRLBufbLjYedHS QfZRzGeU4KKmPCtyfRube2xFctCPDo+0x8jVQeSApburyMTuIj6Kmyn7fzqNKhcWb0PU gi52QRu3XqQPlXoxGZg6PnRL6DqRLGGQ44FzJnLlKhTyUs5/5+rBYJY5PJfqMhe5uSve GSXosXB0AZ/tALTnsqu5N49G6awNtxqNNAE8wHXPQA9XxFlc6P69ho5A7TIdMV5/Ty76 po+xxgRKqwSrmwabVmZDsdNVlVvjglOiVdNGYVw4mI9GNn5YnBcv9NT1IyCs/VLpAxkO 7g/g==
X-Gm-Message-State: AOAM5324fU2Ww33Ew3YN6hIZxGoyFI9y5HpsEzFkXG0b/lhjG1bmv7Zi 19FnchOj21LSp6V951960nm+3yzrJHvPEB4RBT1fn755cKk0oA==
X-Google-Smtp-Source: ABdhPJyWZMAaIW/8Vjmh8mjGDXZCEP0L9ba5k2+HHKuXagm5psdu2091YAfAFtZoKVJP8iy+/nAJK6suseva4a1IHro=
X-Received: by 2002:a1c:ba88:: with SMTP id k130mr1209087wmf.42.1616029486476; Wed, 17 Mar 2021 18:04:46 -0700 (PDT)
MIME-Version: 1.0
References: <161600103837.12472.4123883592260330100@ietfa.amsl.com>
In-Reply-To: <161600103837.12472.4123883592260330100@ietfa.amsl.com>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 17 Mar 2021 21:04:34 -0400
Message-ID: <CAHbrMsA3NzpY9RFNhWsvYgQ0hqcqEDuMUrw7HmGBJZ1+uaLtNA@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Cc: i-d-announce@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000084f0fe05bdc52f85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iAe0ZC9d4m88M8rr4TyO0bxt8Ow>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2021 01:04:52 -0000
Release notes for this revision:
* Simplify the IANA instructions (pure First Come First Served)
* Recommend against publishing chains of >8 aliases
* Clarify requirements for using SVCB with a transport proxy
* Adjust guidance for Port Prefix Naming
* Minor editorial updates
I'm only aware of one outstanding issue: a proposal to change the name of
the "echconfig" key to "ech". This key corresponds to a value that is an
"ECHConfigList", which is a collection of "ECHConfig" structs, and some
implementers have reported that the singular/plural name-value mismatch
created confusion. This issue is discussed in detail here:
https://github.com/MikeBishop/dns-alt-svc/pull/299.
This name has no effect on queries, responses, or zone transfers, but it
does appear in zone files. Zone files will not be portable between
implementations that use different names. This is true whether we "burn"
the current codepoint and allocate a new one, or simply rename the current
codepoint. However, using a new codepoint would allow updated
implementations to support both names, facilitating zone file portability
in one direction. It would also be possible to support the old name with
special-case name aliasing logic.
In my view, the temporary portability benefit is too small to justify the
permanent registry pollution of a deprecated codepoint, especially because
ECH itself is not yet finalized, and there are no deployments except for
standards development purposes. However, others have disagreed. We'll
need to reach consensus before making any changes here.
--Ben
On Wed, Mar 17, 2021 at 1:11 PM <internet-drafts@ietf.org> wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Domain Name System Operations WG of the
> IETF.
>
> Title : Service binding and parameter specification via
> the DNS (DNS SVCB and HTTPS RRs)
> Authors : Ben Schwartz
> Mike Bishop
> Erik Nygren
> Filename : draft-ietf-dnsop-svcb-https-04.txt
> Pages : 48
> Date : 2021-03-17
>
> Abstract:
> This document specifies the "SVCB" and "HTTPS" DNS resource record
> (RR) types to facilitate the lookup of information needed to make
> connections to network services, such as for HTTPS origins. SVCB
> records allow a service to be provided from multiple alternative
> endpoints, each with associated parameters (such as transport
> protocol configuration and keys for encrypting the TLS ClientHello).
> They also enable aliasing of apex domains, which is not possible with
> CNAME. The HTTPS RR is a variation of SVCB for HTTPS and HTTP
> origins. By providing more information to the client before it
> attempts to establish a connection, these records offer potential
> benefits to both performance and privacy.
>
> TO BE REMOVED: This document is being collaborated on in Github at:
> https://github.com/MikeBishop/dns-alt-svc [1]. The most recent
> working version of the document, open issues, etc. should all be
> available there. The authors (gratefully) accept pull requests.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/
>
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-04
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-04
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-svcb-https-04
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
- [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-0… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Ben Schwartz
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Tommy Pauly
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Mark Andrews
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… libor.peltan
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Pieter Lexis
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Willem Toorop
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Miek Gieben
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Pieter Lexis
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Willem Toorop
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Ben Schwartz
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Pieter Lexis
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Peter van Dijk
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Ben Schwartz
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Dick Franks
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Willem Toorop
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Mark Andrews
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Ben Schwartz
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Willem Toorop
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-htt… Pieter Lexis