Re: [DNSOP] HTTPS/SVCB on Cloudflare DNS

Wed, 22 Jul 2020 17:47:13 -0700 

I attempted to start implementing support for SVCB and HTTPS, and discovered 
that the data being served by Cloudflare does not conform to the current spec.

Assuming my decoder is correct, the response below decodes to:

1 . alpn=h3-29,h3-28,h3-27,h2 echconfig=aBIaLmgSGy4= 
ipv6hint=2606:4700::6812:1a2e,2606:4700::6812:1b2e

and does not include a “mandatory” parameter.  But section 6.5 of 
draft-ietf-dnsop-svcb-https, which is talking about the “mandatory” key, says:

        This SvcParamKey is always automatically mandatory,

which implies that there MUST be a “mandatory” parameter.  Is this an oversight 
in the Cloudflare implementation, or is the Cloudflare implementation not 
implementing the current version?

Thanks,
Brian

> On Jul 16, 2020, at 8:13 AM, Alessandro Ghedini <alessan...@ghedini.me> wrote:
> 
> Hello,
> 
> Just a quick note that we have started serving "HTTPS" DNS records from
> Cloudflare's authoritative DNS servers. Our main use-case right now is
> advertising HTTP/3 support for those customers that enabled that feature (in
> addition to using Alt-Svc HTTP headers).
> 
> If anyone is interested in trying this out you can query pretty much all 
> domains
> served by Cloudflare DNS for which we terminate HTTP.
> 
> For example:
> 
>   % dig blog.cloudflare.com type65
> 
>  ; <<>> DiG 9.16.4-Debian <<>> blog.cloudflare.com type65
>  ;; global options: +cmd
>  ;; Got answer:
>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17291
>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
>  ;; OPT PSEUDOSECTION:
>  ; EDNS: version: 0, flags:; udp: 4096
>  ;; QUESTION SECTION:
>  ;blog.cloudflare.com.                IN      TYPE65
> 
>  ;; ANSWER SECTION:
>  blog.cloudflare.com. 300     IN      TYPE65  \# 76 
> 000100000100150568332D32390568332D32380568332D3237026832 
> 0004000868121A2E68121B2E00060020260647000000000000000000 
> 68121A2E26064700000000000000000068121B2E
> 
> Cheers
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_dnsop&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=bPfM-kVBGNE2d_r6kVQw1V-urTv21fSHLYeFhReKf5w&m=Ei0lUqjTt2OhRnRqJeO1XDCHQqnH1FdINDMcPEhCC1g&s=WQn55KFIZ5LGfsj-QGNSS31WGhpI-GuXpJEmhibwNuo&e=
>  

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to