Keeping in mind that I am unpersuaded there is anything for DNSOP to do here.
It appears that Will Bartlett <[email protected]> said: > 1. >Is SVCB appropriate here? We're not doing service binding in the traditional >sense (ALPN negotiation, ECH, etc.) � we'd either be >using TargetName purely for delegation (Option B) or embedding >application-layer metadata in custom SvcParams (Option A). Is this a >reasonable use of SVCB, or a misuse of the record type? Given that this problem is basically due to the limited capabilities of people running corporate web servers, it would not be a good idea to assume their DNS department can handle SVCB. >TXT vs SVCB pragmatics. TXT at an underscore-prefixed name (� la DMARC _dmarc, >MTA-STS _mta-sts) is universally supported by >registrars today. SVCB support is still limited. Given that a goal is broad >deployability (including small organizations managing >DNS through commodity registrars), does the group have a view on whether new >protocols should prefer SVCB over TXT for simple >delegation, or is TXT still the practical choice? An underscore prefixed TXT record is probably the least bad option here. > 3. >Naming convention. Is _web-identity.<domain> an appropriate underscore name? >Any conflicts or conventions we should be aware of? >Should we register in the Underscored and Globally Scoped DNS Node Names >registry (RFC 8552)? It takes five minutes and costs nothing once you have a reference you can point to, so sure. > 4. >Embedding data in DNS vs delegation. Option A puts application data (URL >paths) directly in DNS records, avoiding an HTTP fetch. Is >there precedent or guidance for/against this pattern? We're aware of the >65535-byte practical limit on DNS responses, but the data >here is small (two short paths). My inclination would be just to put the hostname into the record so you don't have to worry about encoding the funky characters that might be in a URL. You need a fixed known prefix on the record contents so lookups don't get confused by domains that wildcard everything, e.g. _web-identity.examp1e.com TXT "webident;idp.example.com" R's, John PS: > * Spec: https://fedidcg.github.io/FedCM/ 404 when I try to look at it
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
