> On 23 Jul 2020, at 10:46, Wellington, Brian 
> <bwelling=40akamai....@dmarc.ietf.org> wrote:
> 
> I attempted to start implementing support for SVCB and HTTPS, and discovered 
> that the data being served by Cloudflare does not conform to the current spec.
> 
> Assuming my decoder is correct, the response below decodes to:
> 
> 1 . alpn=h3-29,h3-28,h3-27,h2 echconfig=aBIaLmgSGy4= 
> ipv6hint=2606:4700::6812:1a2e,2606:4700::6812:1b2e
> 
> and does not include a “mandatory” parameter.  But section 6.5 of 
> draft-ietf-dnsop-svcb-https, which is talking about the “mandatory” key, says:
> 
>       This SvcParamKey is always automatically mandatory,
> 
> which implies that there MUST be a “mandatory” parameter.  Is this an 
> oversight in the Cloudflare implementation, or is the Cloudflare 
> implementation not implementing the current version?

Please read the entire sentence.  "This SvcParamKey is always automatically 
mandatory, and MUST NOT appear in its own value list.”  It’s saying if 
“mandatory" is there you must process the record as if it starts with 
“mandatory=mandatory,” but the value of 0 MUST NOT be included in the list.

> Thanks,
> Brian
> 
>> On Jul 16, 2020, at 8:13 AM, Alessandro Ghedini <alessan...@ghedini.me> 
>> wrote:
>> 
>> Hello,
>> 
>> Just a quick note that we have started serving "HTTPS" DNS records from
>> Cloudflare's authoritative DNS servers. Our main use-case right now is
>> advertising HTTP/3 support for those customers that enabled that feature (in
>> addition to using Alt-Svc HTTP headers).
>> 
>> If anyone is interested in trying this out you can query pretty much all 
>> domains
>> served by Cloudflare DNS for which we terminate HTTP.
>> 
>> For example:
>> 
>>  % dig blog.cloudflare.com type65
>> 
>> ; <<>> DiG 9.16.4-Debian <<>> blog.cloudflare.com type65
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17291
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;blog.cloudflare.com.                IN      TYPE65
>> 
>> ;; ANSWER SECTION:
>> blog.cloudflare.com. 300     IN      TYPE65  \# 76 
>> 000100000100150568332D32390568332D32380568332D3237026832 
>> 0004000868121A2E68121B2E00060020260647000000000000000000 
>> 68121A2E26064700000000000000000068121B2E
>> 
>> Cheers
>> 
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dnsop&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=Ei0lUqjTt2OhRnRqJeO1XDCHQqnH1FdINDMcPEhCC1g&s=WQn55KFIZ5LGfsj-QGNSS31WGhpI-GuXpJEmhibwNuo&e=
>>  
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to