Re: nearing completion for HTTPS RR type (and SVCB RR type)

Mark Andrews <> Fri, 26 June 2020 08:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8ED8E3A11C2 for <>; Fri, 26 Jun 2020 01:04:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.649
X-Spam-Status: No, score=-2.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0OlnPK-2cDty for <>; Fri, 26 Jun 2020 01:04:08 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 652A93A11C3 for <>; Fri, 26 Jun 2020 01:04:07 -0700 (PDT)
Received: from lists by with local (Exim 4.92) (envelope-from <>) id 1jojHx-0007vm-7K for; Fri, 26 Jun 2020 08:00:45 +0000
Resent-Date: Fri, 26 Jun 2020 08:00:45 +0000
Resent-Message-Id: <>
Received: from www-data by with local (Exim 4.92) (envelope-from <>) id 1jojHu-0007tv-2v for; Fri, 26 Jun 2020 08:00:42 +0000
Received: from ([]) by with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1jnsUs-0008Sq-4w for; Tue, 23 Jun 2020 23:38:34 +0000
Received: from ([2001:4f8:0:2::2b]) by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <>) id 1jnsUp-0007Bj-Nl for; Tue, 23 Jun 2020 23:38:33 +0000
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0EBC33AB003; Tue, 23 Jun 2020 23:38:19 +0000 (UTC)
Received: from (localhost []) by (Postfix) with ESMTPS id 0100D16005A; Tue, 23 Jun 2020 23:38:19 +0000 (UTC)
Received: from localhost (localhost []) by (Postfix) with ESMTP id E0DF416007D; Tue, 23 Jun 2020 23:38:18 +0000 (UTC)
Received: from ([]) by localhost ( []) (amavisd-new, port 10026) with ESMTP id GRBt_xph60YZ; Tue, 23 Jun 2020 23:38:18 +0000 (UTC)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id E9A1D16005A; Tue, 23 Jun 2020 23:38:17 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.5\))
From: Mark Andrews <>
In-Reply-To: <>
Date: Wed, 24 Jun 2020 09:38:14 +1000
Cc: Martin Thomson <>,
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <>
To: Tommy Pauly <>
X-Mailer: Apple Mail (2.3445.9.5)
Received-SPF: pass client-ip=2001:4f8:0:2::2b;;
X-W3C-Hub-Spam-Status: No, score=-4.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1jnsUp-0007Bj-Nl b2a1e2c651913264ec2cf3613444274e
X-caa-id: 72277e269a
Subject: Re: nearing completion for HTTPS RR type (and SVCB RR type)
Archived-At: <>
X-Mailing-List: <> archive/latest/37830
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

One doesn’t need an early allocation for interop testing.  Just pick 2 private type values.  BIND uses SVBC/65481 and HTTPS/65482 which matches what dnspython is doing for their testing.  If the record format changes pick 2 new private values and discard the old ones.  Use “TBA (use 65XXXX for pre allocation testing)” in the draft so everyone is in sync with a particular WIRE FORMAT.  The final allocation can be made by IANA when the document is with the RFC editor.

I’ve done this a number of times with multiple RR types.

> On 24 Jun 2020, at 00:29, Tommy Pauly <> wrote:
> Thanks for filing issues on the GitHub, Martin!
> Regarding the done-ness and implementations, I agree that this certainly isn’t as mature as QUIC. The key thing at this time is getting the wire format stable enough to do the RR type early allocation, which will enable broader interop and deployment testing. Seeing implementations ship prior to publishing the RFC here is an important step, as you indicate.
> Tommy
>> On Jun 23, 2020, at 2:25 AM, Martin Thomson <> wrote:
>> Hi Erik,
>> Thanks for passing this along.  I think that this is - as you say - almost done, but not perhaps in the same way that QUIC is almost done.  It's pretty good for a -00 draft, but I found a fairly large number of issues in my review.  Those were mostly editorial or quite minor, but it suggests that maybe another round of edits would be good.
>> I don't quite see the same decoupling from Alt-Svc that I was expecting based on your note.  I think that the balance there is about right, but I would frame this as a parallel mechanism to Alt-Svc that is deliberately compatible.
>> As for implementation, we have plans to implement as a client.  They are not concrete plans, however, so don't ask about dates.  I expect that more feedback will be forthcoming as that happens; if you believe that this can ship before then, then I would hope that you would be able to get some experience with client implementations in lieu of what we can provide.
>> I also think that the requirements for recursive resolvers are such that experience with implementation there is similarly necessary.
>> On Thu, Jun 18, 2020, at 12:48, Erik Nygren wrote:
>>> We're hoping to start WGLC in DNSOP sometime in the next month or two
>>> for the HTTPS RR type (formerly "HTTPSSVC", along with SVCB).
>>> We submitted an early code point allocation request for the DNS RR types.
>>> As such, now would be a good time to take another read through.
>>> Remaining issues are tracked here (and can be discussed here,
>>> in dnsop, or in the issue tracker as appropriate):
>>> The most relevant to the HTTP WG are:
>>> * Consider SVCB-Used header 
>>> <>
>>> * Parameter to indicate no HSTS-like behavior 
>>> <>
>>> * Consider a way to indicate some keys as "mandatory" 
>>> <> 
>>> Note that the current draft decouples itself fully from Alt-Svc.
>>> That there are a few areas for future improvement to Alt-Svc
>>> that came out of discussion here, but are not covered in the current draft.
>>> The latest authors' draft (for pull requests) is at:
>>> and latest published is at:
>>> Best, Erik
>>> ---------- Forwarded message ---------
>>> From: <>
>>> Date: Fri, Jun 12, 2020 at 4:18 PM
>>> Subject: New Version Notification for draft-ietf-dnsop-svcb-https-00.txt
>>> To: Benjamin Schwartz <>om>, Erik Nygren 
>>> < <>>, Mike Bishop 
>>> <>
>>> A new version of I-D, draft-ietf-dnsop-svcb-https-00.txt
>>> has been successfully submitted by Ben Schwartz and posted to the
>>> IETF repository.
>>> Name: draft-ietf-dnsop-svcb-https
>>> Revision: 00
>>> Title: Service binding and parameter specification via the DNS (DNS 
>>> SVCB and HTTPS RRs)
>>> Document date: 2020-06-12
>>> Group: dnsop
>>> Pages: 39
>>> URL: 
>>> Status:
>>> Htmlized: 
>>> <>svcb-https-00 <>
>>> Htmlized: 
>>> <>Consider a "mandatory" key range <>s <>vcb-https <>
>>> Abstract:
>>> This document specifies the "SVCB" and "HTTPS" DNS resource record
>>> (RR) types to facilitate the lookup of information needed to make
>>> connections for origin resources, such as for HTTPS URLs. SVCB
>>> records allow an origin to be served from multiple network locations,
>>> each with associated parameters (such as transport protocol
>>> configuration and keys for encrypting the TLS ClientHello). They
>>> also enable aliasing of apex domains, which is not possible with
>>> CNAME. The HTTPS RR is a variation of SVCB for HTTPS and HTTP
>>> origins. By providing more information to the client before it
>>> attempts to establish a connection, these records offer potential
>>> benefits to both performance and privacy.
>>> TO BE REMOVED: This proposal is inspired by and based on recent DNS
>>> usage proposals such as ALTSVC, ANAME, and ESNIKEYS (as well as long
>>> standing desires to have SRV or a functional equivalent implemented
>>> for HTTP). These proposals each provide an important function but
>>> are potentially incompatible with each other, such as when an origin
>>> is load-balanced across multiple hosting providers (multi-CDN).
>>> Furthermore, these each add potential cases for adding additional
>>> record lookups in addition to AAAA/A lookups. This design attempts
>>> to provide a unified framework that encompasses the key functionality
>>> of these proposals, as well as providing some extensibility for
>>> addressing similar future challenges.
>>> TO BE REMOVED: This document is being collaborated on in Github at:
>>> [1]. The most recent
>>> working version of the document, open issues, etc. should all be
>>> available there. The authors (gratefully) accept pull requests.
>>> Please note that it may take a couple of minutes from the time of submission
>>> until the htmlized version and diff are available at
>>> The IETF Secretariat

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: