-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I’ve noticed that an increasing amount of invaluable functionality, such as SRV
and soon SVCB records, relies on services being registered with IANA as
described in RFC 6335. I’ve also noticed that, in practice, a considerable
amount of usage reli
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
My thinking is that people are reluctant to engage with the process for
experimental or extremely niche applications, for better or for worse. Or
simply because it is meant for personal or internal use: if a company initially
wants to use it on th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
BCP 222 sets out guidelines for using underscored DNS node names, which are
important for any record that should not be mistakenly interpreted as an actual
host. However, it doesn’t seem to set aside a name for private use, which would
be particul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
In this example, there are two services provided by one endpoint, for a total
of three domain names.
Using "target.example." for the HTTPS record would incorrectly assert that it
provides an HTTPS service for itself. It would also prevent that dom
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I don’t expect ECH to be the only security improvement enabled by SVCB, and the
specification itself is designed to allow additions like that without being
baked in from the start.
Any issues posed by adding ECH later are indicative of issues with
