> On 23 Jul 2020, at 10:46, Wellington, Brian > <bwelling=40akamai....@dmarc.ietf.org> wrote: > > I attempted to start implementing support for SVCB and HTTPS, and discovered > that the data being served by Cloudflare does not conform to the current spec. > > Assuming my decoder is correct, the response below decodes to: > > 1 . alpn=h3-29,h3-28,h3-27,h2 echconfig=aBIaLmgSGy4= > ipv6hint=2606:4700::6812:1a2e,2606:4700::6812:1b2e > > and does not include a “mandatory” parameter. But section 6.5 of > draft-ietf-dnsop-svcb-https, which is talking about the “mandatory” key, says: > > This SvcParamKey is always automatically mandatory, > > which implies that there MUST be a “mandatory” parameter. Is this an > oversight in the Cloudflare implementation, or is the Cloudflare > implementation not implementing the current version?
Please read the entire sentence. "This SvcParamKey is always automatically mandatory, and MUST NOT appear in its own value list.” It’s saying if “mandatory" is there you must process the record as if it starts with “mandatory=mandatory,” but the value of 0 MUST NOT be included in the list. > Thanks, > Brian > >> On Jul 16, 2020, at 8:13 AM, Alessandro Ghedini <alessan...@ghedini.me> >> wrote: >> >> Hello, >> >> Just a quick note that we have started serving "HTTPS" DNS records from >> Cloudflare's authoritative DNS servers. Our main use-case right now is >> advertising HTTP/3 support for those customers that enabled that feature (in >> addition to using Alt-Svc HTTP headers). >> >> If anyone is interested in trying this out you can query pretty much all >> domains >> served by Cloudflare DNS for which we terminate HTTP. >> >> For example: >> >> % dig blog.cloudflare.com type65 >> >> ; <<>> DiG 9.16.4-Debian <<>> blog.cloudflare.com type65 >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17291 >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;blog.cloudflare.com. IN TYPE65 >> >> ;; ANSWER SECTION: >> blog.cloudflare.com. 300 IN TYPE65 \# 76 >> 000100000100150568332D32390568332D32380568332D3237026832 >> 0004000868121A2E68121B2E00060020260647000000000000000000 >> 68121A2E26064700000000000000000068121B2E >> >> Cheers >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dnsop&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=Ei0lUqjTt2OhRnRqJeO1XDCHQqnH1FdINDMcPEhCC1g&s=WQn55KFIZ5LGfsj-QGNSS31WGhpI-GuXpJEmhibwNuo&e= >> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
