Re: [DNSOP] I-D Action: draft-ietf-dnsop-svcb-https-04.txt

[Tommy Pauly <tpauly@apple.com>]

> On Mar 17, 2021, at 6:04 PM, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote:
> 
> Release notes for this revision:
>       *  Simplify the IANA instructions (pure First Come First Served)
>       *  Recommend against publishing chains of >8 aliases
>       *  Clarify requirements for using SVCB with a transport proxy
>       *  Adjust guidance for Port Prefix Naming
>       *  Minor editorial updates
> 
> I'm only aware of one outstanding issue: a proposal to change the name of the "echconfig" key to "ech".  This key corresponds to a value that is an "ECHConfigList", which is a collection of "ECHConfig" structs, and some implementers have reported that the singular/plural name-value mismatch created confusion.  This issue is discussed in detail here: https://github.com/MikeBishop/dns-alt-svc/pull/299 <https://github.com/MikeBishop/dns-alt-svc/pull/299>.
> 
> This name has no effect on queries, responses, or zone transfers, but it does appear in zone files.  Zone files will not be portable between implementations that use different names.  This is true whether we "burn" the current codepoint and allocate a new one, or simply rename the current codepoint.  However, using a new codepoint would allow updated implementations to support both names, facilitating zone file portability in one direction.  It would also be possible to support the old name with special-case name aliasing logic.
> 
> In my view, the temporary portability benefit is too small to justify the permanent registry pollution of a deprecated codepoint, especially because ECH itself is not yet finalized, and there are no deployments except for standards development purposes.  However, others have disagreed.  We'll need to reach consensus before making any changes here.

Personally, I’d prefer to see the name change, and not burn a codepoint, as long as we’re not breaking any zone files.

I think the question is: does anyone have a zone that has actually deployed the echconfig parameter? I see many responses with SVCB/HTTPS records, but none with the echconfig in practice. If someone is aware of a production deployment that can’t move, please speak up!

Tommy

> 
> --Ben
> 
> On Wed, Mar 17, 2021 at 1:11 PM <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> wrote:
> 
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Domain Name System Operations WG of the IETF.
> 
>         Title           : Service binding and parameter specification via the DNS (DNS SVCB and HTTPS RRs)
>         Authors         : Ben Schwartz
>                           Mike Bishop
>                           Erik Nygren
>         Filename        : draft-ietf-dnsop-svcb-https-04.txt
>         Pages           : 48
>         Date            : 2021-03-17
> 
> Abstract:
>    This document specifies the "SVCB" and "HTTPS" DNS resource record
>    (RR) types to facilitate the lookup of information needed to make
>    connections to network services, such as for HTTPS origins.  SVCB
>    records allow a service to be provided from multiple alternative
>    endpoints, each with associated parameters (such as transport
>    protocol configuration and keys for encrypting the TLS ClientHello).
>    They also enable aliasing of apex domains, which is not possible with
>    CNAME.  The HTTPS RR is a variation of SVCB for HTTPS and HTTP
>    origins.  By providing more information to the client before it
>    attempts to establish a connection, these records offer potential
>    benefits to both performance and privacy.
> 
>    TO BE REMOVED: This document is being collaborated on in Github at:
>    https://github.com/MikeBishop/dns-alt-svc <https://github.com/MikeBishop/dns-alt-svc> [1].  The most recent
>    working version of the document, open issues, etc. should all be
>    available there.  The authors (gratefully) accept pull requests.
> 
> 
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/ <https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/>
> 
> There are also htmlized versions available at:
> https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-04 <https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-04>
> https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-04 <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-04>
> 
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-svcb-https-04 <https://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-svcb-https-04>
> 
> 
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org <http://tools.ietf.org/>.
> 
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/ <ftp://ftp.ietf.org/internet-drafts/>
> 
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org <mailto:DNSOP@ietf.org>
> https://www.ietf.org/mailman/listinfo/dnsop <https://www.ietf.org/mailman/listinfo/dnsop>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop