IETF Logo Mail Archive

[TLS] Re: Mahesh Jethanandani's No Objection on draft-ietf-tls-svcb-ech-07: (with COMMENT)

Ben Schwartz <bemasc@meta.com> Wed, 07 May 2025 14:45 UTC

Return-Path: <prvs=12224865cc=bemasc@meta.com>
X-Original-To: tls@mail2.ietf.org
Delivered-To: tls@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 65B5D25F429D; Wed, 7 May 2025 07:45:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.793
X-Spam-Level:
X-Spam-Status: No, score=-2.793 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=meta.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0CXUHPAzYOJQ; Wed, 7 May 2025 07:45:46 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) by mail2.ietf.org (Postfix) with ESMTP id 92EF725F4282; Wed, 7 May 2025 07:45:46 -0700 (PDT)
Received: from pps.filterd (m0109334.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 547EdkJe015963; Wed, 7 May 2025 07:45:45 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=s2048-2021-q4; bh=944X2eQe326TKIi+MznC qq9Ejq6xDncTtv9AIkN3sSY=; b=Zm8/rQXX2V3yxd+qN/SNd4YbxPmltx7VbCAk gScW6b1X3vh8lq5kYnTu2uXf9OHRWCAoiBzs6RPQOJcANj4wgV3xZL3UbKeGB7b6 Vm+EO3cujaSG7pXDTMPmIQrMGAgYyykrlSwYFemxRdq8/d0xGWAbrc9rvTb20WTt zaVp3DsjW2Bo59LYNQ5FAniSTJEy0W6mwaSG3Ek6pR3wJPmnoJn/HjAaDyS/jSJG 0Sq2G0XwEdHQD6EqBeWS5kI5umkK7ngPP2XpZD89kK5VLpuiOvdONl8jw8hR7Tss RJfxq6nAR05nKEji/FFOfqx+7NZltyAYpeHz0QFVwXf7gaarJA==
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2046.outbound.protection.outlook.com [104.47.57.46]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 46g29a2pdt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 07 May 2025 07:45:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZZbQvYGq5lfo0CyQXeLQRmN3HzVsez9XQawqu6fqSJJqnwtfYT0ozST5VTNp4RdWV7iGYlKj+ZXMOfLH28qtU4QxZgA1WBC7ss2MzYIOcGnHQBSR0aeurffn3kaMNkj0DhwQKJUEzM3T8Ik7QXui8Swhl4YtI/lHPsdFSGkhlcE9tMh6m0K1RarAS60feS0V4Uq4wKlWgcrDzZx5h+YWAW2163PuP500GEG2Q25S9/CuiO+8rcAR01uYv0rPXCwBctP+h4u+pHZ58ljxupC9JzZQvzzRgLckmPUxtREDjXRRntHWCGdKna6EfC/vfMn9T7JYLIgDQsAc56bjPhDLzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rC4Brl9Xq0/OvNBO9kOgfOYh/4rgVDCUdgGRiiTtQdY=; b=pyBls7VHUDvN52ZtxpQRq401+M46nVE1mD9V02FNlziP+5XtHxxw3dXwUDvCN4852INS0BKFZLN/ehOXRkMzXJEj+C2Oz8RHopkDouTy6Qjv7ovb7THx3LELrYF3oUxn0ZnZurpXWBKAP4wxgwB/Q1wwIolaOV0HCpA/G3q9yf0LQdjZC6b9xHqvgWOKDIC2VdvfXQDHWrOf7zqe0UhA9PZgK3xTwS2pkkPbV9svT8bShff7BWylcPdCh2cI/zb5jI6/UX1ghBYTsVE4GvhSRtp/PyQCHbnXmiE2aGHcEh/dN2Rw9mTv7pa+a/wvAEUw43a3hk3J3IrXUsHsVVaUoQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meta.com; dmarc=pass action=none header.from=meta.com; dkim=pass header.d=meta.com; arc=none
Received: from SA1PR15MB4370.namprd15.prod.outlook.com (2603:10b6:806:191::8) by CH4PR15MB6632.namprd15.prod.outlook.com (2603:10b6:610:22a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8678.31; Wed, 7 May 2025 14:45:40 +0000
Received: from SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb]) by SA1PR15MB4370.namprd15.prod.outlook.com ([fe80::b6dd:72cc:243a:babb%7]) with mapi id 15.20.8699.022; Wed, 7 May 2025 14:45:40 +0000
From: Ben Schwartz <bemasc@meta.com>
To: The IESG <iesg@ietf.org>, Mahesh Jethanandani <mjethanandani@gmail.com>
Thread-Topic: Mahesh Jethanandani's No Objection on draft-ietf-tls-svcb-ech-07: (with COMMENT)
Thread-Index: AQHbvqJqJYhtCi4tHk2ZbC/scWiaCrPHPEhx
Date: Wed, 07 May 2025 14:45:40 +0000
Message-ID: <SA1PR15MB4370D056623D94EDEED53104B388A@SA1PR15MB4370.namprd15.prod.outlook.com>
References: <174654826590.676686.17201509696918263408@dt-datatracker-58d4498dbd-6gzjf>
In-Reply-To: <174654826590.676686.17201509696918263408@dt-datatracker-58d4498dbd-6gzjf>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA1PR15MB4370:EE_|CH4PR15MB6632:EE_
x-ms-office365-filtering-correlation-id: b07907a9-29b6-41bf-0d7b-08dd8d75d643
x-fb-source: Internal
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|10070799003|1800799024|376014|38070700018|13003099007|8096899003|7053199007;
x-microsoft-antispam-message-info: bV45qojED4GX0zTWDDT9w4imGMCbsVoAuCnOh2v7R+DiBojpOB26ZvqnYM99tDtaTGS+SmJytlrtyPANPpldUezUizQGJ0IScvzTqKnCOAWyXPLjrjR1FJnEkXlxEfIByMd85V1wrEM5apQbFob4pMQJMypKd0kmRUHriKKxXKMCN3mYpv6bnDS59+/R98jokC7kz6dTwrAD1OL2JhHWTMJsmN+jlig61Kzsaeg87Kj+0/gLpTCZpbheQk2216zT2f4tv+N0FKlwLsknkmU7BASdBFllWK328RIJ470kHl5pF7jFK9ANJ3gFK6on6BtzNPo5mjje5sTc3IJvgZlaRU5kOtZwP2Pff2bx2PNZNMUMbKI5X+D1qJwlzLuJWjk61Ng7slzZFblkbsLfgmuTtrEtJrVJ1pJb/EuzeIdspBYg/umiq/onUH4WL4p3Cmw0ksYxlIwEhZ/4G26RtN/m+g2RTl+Z4JsYJQqFlj0XhQ3nWtGiSmewr0tn0y2s0RFu/M4H/Nkk4YNQPMiQRCBTCD73j0apKKrXjKzCyPvwNSI/k++eRj3fc90w0DP2KS9UMfsbgsMZHwbOuxyegfHPJEaYuKGyabHvNcP6xvA9ljc0+KakXx4JXyytc6bBlwcb2XHhQrntnMfADEHT8vTJjp93BYBWa3ui0DdF0Ygq3eDWzo1CGV1qHLmgVmb9IL8oAbYxy7kMMxmlevVtDqxgOdHyWg16eSmAWOi/Qets/bswaIVCcC0+9VlMbXQzFtaQqu8XA0su6MxSvWoEGztrV7XsQXHkjfWi1WxDZLvNeIS3jiySePFlRAZcJnh3SGuawpNrJZHF1E2VCCZwHUh6NhYFu9jsDhnLl4Ger3VstLQACYNZCYd3m/rnRZJ7OOgdcqHPQhtkWrIqdzRbjq4N38zdHXuFu5x0pvRYPOCBmrDMLHzo+2vsqE5939u02o8T3ezDWB1zDpuFToDsjnmx/lonnQcsTihJUj6ZnnL7xyUEfcOoCmdgtWm0IFGjFpExaRcKEtTf+I1vwiJqz7QT1vK/5OHzxGS6hOsNAo55I5UCrN5ePkxYXy7xFDRyfiJ1cZhYBrMPnDDeHDdjuF0clHP+WW/2NE6V7XwMGp/rbisnhzqJTlSXtaPTTvPu28bsQmvQl/vtvYc3UKARy3wAxTYWbEcDURwSl6SeGUG92eR1jzgLk3rEMY6ZVSUpHgZRVI0dyhcmjnDkAsddJSKkX4H033k0WVH8y4L/Kc2nbBev8LKX16sQGwkTmBDvcRvEPjdSNONnKRp+UKOfv/Am4NuQL3TSi+5hD26++YONqw3mDFGaPRFgl599jeHLHRJSoS01YtfOTXaOC3ad2jdc1QSYkq294emic+qtWMVA7J8aRLjQrf4S9pGFaTs9cDRbzQI04UPWomimrfnFQFY1s1GIKVHBoicrBngs+ESj8P4KiBXxgxK7ieEYi+jwjCUitCopgf1nLHeymi419tNDuE0xSmoQdnu9xe3MQ4RPoGw=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR15MB4370.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(10070799003)(1800799024)(376014)(38070700018)(13003099007)(8096899003)(7053199007);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OhHGkElaB4QjxMNYAg1V+YqSAsPh+Keg/ea7rrr85ctGdWRHfTKhFIhiqa6UCS26chi2OVzN76IOQxSNufEgHEvjq+EKcNl6Rh2m9+XJljuq6tKdCBPfU1/+lGwMYU5Jzr2J2WZlNqiipmZUbgyKXt7nR9UGhzxEOFazxdBxgCT0vFobLXamabwE2d1WBMtuXd4bSJqATYT0RJrVbHSeGeZlFTOPgG7Ge6bDDOxsL9AuoqiB7yIW6+iMG/ZSUqErbW+r5pQ2egARYJAtoQSjYHldGAcbwABlaHfX8IduvNH9szb9mJycMqdTnPeAXmM6K8T8fLuDHTG2h2GTRT5caV5bjXdxFoz+L9I21DVURFgckk0Bzz0WJL5hW6jUcGzbV8LvPfO3A2UxKQ7f3FPep6ZnmfVz7A3ZxwLrDRv8o+BDEUmekjbAeDcMvdTklZIe1GdHkrOPbOd3COdP8PF+hs0Hbr4ZxnldaRAL7Wcm4H2D+MvstnzQ9K6O3s7fveX2q/FixpEx9ecKkS401tCL1NflMMJON0BAT0Xc3/u+U+zGjM4Wh4fYSSURT9EBBUDUmZl1ZaZVx6nCLI344aR2gmt1m/0ulYd2zjJ4boA/cugzbjg3KGt4A2Cndw44nhjYqyAELNUOkFRZkkuJPQ7PCrF4ISksl2gqbSI/crgUUYsQ1evcVOEkAWKrDS+1lImpc/umAtf7++TKxUEZmkLQGrbYfiZqN2kvoiFnmxPlI9xsSb5JJmknETLRWsKxH9RxoO6FBsD7X7LnUdKdWC4avgqI7OI48mw9wN5bjc3lDZ2Cg4OSPuZ6vP2LOHIZV1HcedBs41Ir5Z78m7qZSp8tl56S6JQxguLhSwy76W77XbIkuHDCef1tXEWtA9a4q1iqOH06pDYUj9D8O/qeCplJceR6rNaFgWA6JHGYctNnefQxi86PJoStE70YAKCH9Q3F0y3g9x3cqAcbLGAm23ne+Ad8cBzJ5r/zbiQpR6D1/vgM5Ssdl7ECbnbmMNeJMj8VS+Y3y++DBP3bsR3yaKAcGWjtW8kUGb+Q9NzRg/fMwuhYOMwZFnKtb8J0tUllDKBsKney1xIgmdt86r1+Th1BMzz/KksHU1McT1ieowT9f2MYwVQrYkOpRg8VtSrWdbYopjhH2OUDu3ST84ITtNzV9zTO16yrOJhN+lDneucZEkFzLZ77ElsxMISrF/EqdFUSjD8iywXUERnUJ74im8lw/oUAeHPjq/47B+b3UJ52J0Z4SHwfCFghowBHuf06vkAy6MHkCXOTRzyjZsN4LlHrzweldfEbgkWFafzjBs2d9VK9EZMZ5oZQ7iU3RzBKooQ9WAXzeUfXtVbx1TCa7bwSFOBdEc7ebMlOP2nVbBZUidt2jnFucrUFPuUGTzWAkMlyMWAMAAfzWRzZ2o0BNcNjUbY3E/N+/Iqhv3QdJg1XeEF9Whe3gEVp1Oj9zM//0xELzr3jdYyFXG8Gznti16TqcK53/gpvzV+oG/vUOe0bLyeBq0FcF3nvd86taInDxzVWHAtMR4jOaCUcJ3sNUv8gz6g11wVgvYbLZOrwGyDDZvF47Le/PpGbstxZIP+Q+JzIXmP163QjFrhysvHvW40+nw==
Content-Type: multipart/alternative; boundary="_000_SA1PR15MB4370D056623D94EDEED53104B388ASA1PR15MB4370namp_"
MIME-Version: 1.0
X-OriginatorOrg: meta.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA1PR15MB4370.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b07907a9-29b6-41bf-0d7b-08dd8d75d643
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 May 2025 14:45:40.1682 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ulcvkcbv/ibHbd/qu9iVFc82jNv5qTkjl25+6PThHZ5LkitrEQ/w+awQYU2Tphep
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH4PR15MB6632
X-Proofpoint-ORIG-GUID: 3oR5R3nKHGOvxJOF3xy_chZXIHmKzWJo
X-Authority-Analysis: v=2.4 cv=Xv36OUF9 c=1 sm=1 tr=0 ts=681b7218 cx=c_pps a=eKE3A02riAhCxcKrmNn0fw==:117 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=dt9VzEwgFbYA:10 a=48vgC7mUAAAA:8 a=BivtZg0fAAAA:8 a=4u75t0x3PiKBh_RtuOAA:9 a=CjuIK1q_8ugA:10 a=8PwHbGcRpikA:10 a=c-F6OdOKOGUA:10 a=nKdpq75Ijq38Oa7OoYsA:9 a=NrNS_7wyotbicQLX:21 a=frz4AuCg-hUA:10 a=_W_S_7VecoQA:10 a=6hzDGdwgND3JRs1QQWkJ:22
X-Proofpoint-GUID: 3oR5R3nKHGOvxJOF3xy_chZXIHmKzWJo
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNTA3MDEzOCBTYWx0ZWRfXx1UlOK/I7Caq CwIz7ub9/2EvDj/Z/+F/4IzoEBYhLeqZWMbx9HQwS+UhQHCMToTGo5fkoIQDr7sKvZAs6NGor03 YZ/aBMd61VDUHBAeVs1+8ZRgPqRjHBmSQ8+DGAXaLuykKcV1AcqDOLvbIdTmY3bS92eRZEzfh7x FPXGbiIVA+/8s0ePTCAijDyEyGhuxiqf5ZfjnFRBi0VW7MsOel2RuV8Y0RkS7sdlyAxG8vDDMMU zfCMdrx/maZYz6+yqe3tfW71aB4PZs14d4AHBi4aHXqY5G+kaJXkQ7Tn6dRQ511egSA+tEdchy+ P4sR46rpvDCxdEldZ8SYSdFWudF5Lr9A2fqj4pMdbFEbkCs38YBtyRnY5xPzTP/Z7CbKOxy0ClJ 1Zo3HU6D/Lon00lV6qm2zUC9ZzdVnUaFG4u4+pT+HFGmYb064rOvpTtgbKmDvw9aCa0ayaQ9
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-05-07_04,2025-05-06_01,2025-02-21_01
Message-ID-Hash: HMZQGRRI42ISLT5VMFTPEGPVLFZG7WAC
X-Message-ID-Hash: HMZQGRRI42ISLT5VMFTPEGPVLFZG7WAC
X-MailFrom: prvs=12224865cc=bemasc@meta.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-tls.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-tls-svcb-ech@ietf.org" <draft-ietf-tls-svcb-ech@ietf.org>, "tls-chairs@ietf.org" <tls-chairs@ietf.org>, "tls@ietf.org" <tls@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [TLS] Re: Mahesh Jethanandani's No Objection on draft-ietf-tls-svcb-ech-07: (with COMMENT)
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_wteVJ1VZpTtdIamVHMiUGR_nNY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Owner: <mailto:tls-owner@ietf.org>
List-Post: <mailto:tls@ietf.org>
List-Subscribe: <mailto:tls-join@ietf.org>
List-Unsubscribe: <mailto:tls-leave@ietf.org>

This draft defines part of a DNS record.  Can you point me to an example of an IETF document that discusses logging or monitoring for other DNS records?  If there is a convention I'm happy to follow it, but I'm not aware of the IETF making any such recommendations in the past.

There are some standards defined for recording protocol data, such as C-DNS (RFC 8618) and PCAP (draft-ietf-opsawg-pcap).  These naturally capture ECH-related data without modification.  Other logging systems such as QLOG (draft-ietf-quic-qlog-quic-events) don't currently record details of DNS or TLS, so ECH would not affect them.

There is a draft in the TLS working group for logging of session keys, specifically including ECH keys [1].  That seems potentially relevant to any use of ECH, not only uses that rely on DNS as discussed in this draft, so I don't see the need for a reference here.

--Ben Schwartz

[1] https://www.ietf.org/archive/id/draft-ietf-tls-keylogfile-04.html#name-secret-labels-for-ech
________________________________
From: Mahesh Jethanandani via Datatracker <noreply@ietf.org>
Sent: Tuesday, May 6, 2025 12:17 PM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tls-svcb-ech@ietf.org <draft-ietf-tls-svcb-ech@ietf.org>; tls-chairs@ietf.org <tls-chairs@ietf.org>; tls@ietf.org <tls@ietf.org>; sean@sn3rd.com <sean@sn3rd.com>; sean@sn3rd.com <sean@sn3rd.com>
Subject: Mahesh Jethanandani's No Objection on draft-ietf-tls-svcb-ech-07: (with COMMENT)

Mahesh Jethanandani has entered the following ballot position for
draft-ietf-tls-svcb-ech-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://urldefense.com/v3/__https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/__;!!Bt8RZUm9aw!-WaFR3Ft5MPZ3GuMwbTpK1O4HPG2pT-e9NtReLt_E412-mVLFWoETFiAj3xC4JS2s17oKnLPra0$
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ietf-tls-svcb-ech/__;!!Bt8RZUm9aw!-WaFR3Ft5MPZ3GuMwbTpK1O4HPG2pT-e9NtReLt_E412-mVLFWoETFiAj3xC4JS2s17o5Jlk9qA$



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I want to thank Linda Dunbar for her OPSDIR review. In particular, she brings
up this point in her review:

>> Additionally, diagnosing ECH failures can be difficult due to the lack of
>> fallback and visibility. The draft should recommend logging and monitoring
>> strategies to help operators detect misconfigurations.

> I don't believe we have any relevant recommendations for logging or
monitoring.  Any such logging would likely not be related to the DNS records,
so those recommendations would be in draft-ietf-tls-esni or a later draft.

I can understand Linda's concern. This document in particular, talks about how
the client learns ECH configuration for the server and what its behavior should
be given the ECH configuration. Implementors will therefore be looking at this
document and not a later draft on what information should be logged. Is there
no guidance that this document can provide in that regard?

v2.40.3 | Report a Bug | By Email | System Status