Brian I agree on clarity, and their git repo has been more recently updated. I've been poking the authors on some better examples in the spec as well.
https://github.com/MikeBishop/dns-alt-svc On Wed, Jul 22, 2020 at 9:20 PM Wellington, Brian <bwelling= 40akamai....@dmarc.ietf.org> wrote: > ok. So, what this means is that keys listed in the “mandatory” parameter > must be included as parameters, and are required to be understood by > clients. The set of “automatically mandatory” keys are required to be > understood by clients, but are not required in the RR. > > I’m a native English speaker, and have been working with DNS for over 20 > years. If I’m having trouble understanding this, perhaps the spec should > be a bit clearer. > > Brian > > On Jul 22, 2020, at 5:56 PM, Tommy Pauly < > tpauly=40apple....@dmarc.ietf.org> wrote: > > > > On Jul 22, 2020, at 5:46 PM, Wellington, Brian < > bwelling=40akamai....@dmarc.ietf.org> wrote: > > I attempted to start implementing support for SVCB and HTTPS, and > discovered that the data being served by Cloudflare does not conform to the > current spec. > > > Assuming my decoder is correct, the response below decodes to: > > 1 . alpn=h3-29,h3-28,h3-27,h2 echconfig=aBIaLmgSGy4= > ipv6hint=2606:4700::6812:1a2e,2606:4700::6812:1b2e > > and does not include a “mandatory” parameter. But section 6.5 of > draft-ietf-dnsop-svcb-https, which is talking about the “mandatory” key, > says: > > This SvcParamKey is always automatically mandatory, > > which implies that there MUST be a “mandatory” parameter. Is this an > oversight in the Cloudflare implementation, or is the Cloudflare > implementation not implementing the current version? > > > The Cloudflare record does conform correctly. > > The “mandatory” key does NOT need to be included. "automatically > mandatory” keys do not need to be included. Mandatory just indicates which > non-automatically-mandatory keys included in the record are required to be > understood by clients, or else clients should reject them. > > Thanks, > Tommy > > > Thanks, > Brian > > On Jul 16, 2020, at 8:13 AM, Alessandro Ghedini <alessan...@ghedini.me> > wrote: > > Hello, > > Just a quick note that we have started serving "HTTPS" DNS records from > Cloudflare's authoritative DNS servers. Our main use-case right now is > advertising HTTP/3 support for those customers that enabled that feature > (in > addition to using Alt-Svc HTTP headers). > > If anyone is interested in trying this out you can query pretty much all > domains > served by Cloudflare DNS for which we terminate HTTP. > > For example: > > % dig blog.cloudflare.com > <https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.cloudflare.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=nNoSqGOSRERL8dkjB1QlOCBdkhp_1Yb6O4xqQcLg5E4&s=MkQQ3lsMEBID-6LoFx65__PgsMVCbXLT2Xp5Xxwb1l4&e=> > type65 > > ; <<>> DiG 9.16.4-Debian <<>> blog.cloudflare.com > <https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.cloudflare.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=nNoSqGOSRERL8dkjB1QlOCBdkhp_1Yb6O4xqQcLg5E4&s=MkQQ3lsMEBID-6LoFx65__PgsMVCbXLT2Xp5Xxwb1l4&e=> > type65 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17291 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;blog.cloudflare.com > <https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.cloudflare.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=nNoSqGOSRERL8dkjB1QlOCBdkhp_1Yb6O4xqQcLg5E4&s=MkQQ3lsMEBID-6LoFx65__PgsMVCbXLT2Xp5Xxwb1l4&e=> > . IN TYPE65 > > ;; ANSWER SECTION: > blog.cloudflare.com > <https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.cloudflare.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=nNoSqGOSRERL8dkjB1QlOCBdkhp_1Yb6O4xqQcLg5E4&s=MkQQ3lsMEBID-6LoFx65__PgsMVCbXLT2Xp5Xxwb1l4&e=> > . 300 IN TYPE65 \# 76 > 000100000100150568332D32390568332D32380568332D3237026832 > 0004000868121A2E68121B2E00060020260647000000000000000000 > 68121A2E26064700000000000000000068121B2E > > Cheers > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf..org_mailman_listinfo_dnsop&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=Ei0lUqjTt2OhRnRqJeO1XDCHQqnH1FdINDMcPEhCC1g&s=WQn55KFIZ5LGfsj-QGNSS31WGhpI-GuXpJEmhibwNuo&e= > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dnsop&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=Ei0lUqjTt2OhRnRqJeO1XDCHQqnH1FdINDMcPEhCC1g&s=WQn55KFIZ5LGfsj-QGNSS31WGhpI-GuXpJEmhibwNuo&e=> > > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dnsop&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=nNoSqGOSRERL8dkjB1QlOCBdkhp_1Yb6O4xqQcLg5E4&s=80-OG9hSCfXT4Zbc93tA5Bd0FdLj0hAknhjLjvAfDww&e=> > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop