Hey Eric! On Thu, Sep 23, 2021 at 10:36 PM Eric Orth <erico...@chromium.org> wrote:
> Contact emails > > erico...@chromium.org > > Explainer > > None > > Specification > > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-07 > > Summary > > Query DNS for HTTPS records (alongside traditional A and AAAA queries). > When a website has deployed an HTTPS DNS record and Chrome receives it, > Chrome will always connect to the website via HTTPS. > > Design doc for all Chrome DNS HTTPS plans: > https://docs.google.com/document/d/1k461sRbddjDGj7Q8f-ZKHZvmB-ENUWSdX_3Fpp2dmXQ > > This feature covers just the basic query and HTTP->HTTPS upgrade part of > those plans, and only for simpler cases that do not require followup DNS > queries by the Chrome DNS stack. > > > Blink component > > Internals>Network>DNS > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3ENetwork%3EDNS> > > TAG review > > Not applicable. No direct changes to web platform APIs. Change is to > underlying DNS infrastructure, following an IETF spec, with only indirect > web-facing side effects. > This seems like an overly narrow take on the feature: it seems like this needs to be wired up to Fetch in order to explain how the DNS assertion turns into a decision about how to connect to sites (similar to HSTS's integration <https://fetch.spec.whatwg.org/#:~:text=Set%20request%E2%80%99s%20current%20URL%E2%80%99s%20scheme%20to%20%22https%22>), and that upgrade will have web-visible impacts. Can I assume that you'll be following the same algorithm (e.g. shifting from 80 to 443 by switching the protocol, but not altering non-standard ports)? TAG review status > > Not applicable > > Risks > > Interoperability and Compatibility > > Not directly part of the web API surface; only has indirect behavior > implications on the web platform in the form of the HTTP->HTTPS redirect > triggered by DNS signals. > > HTTPS DNS records are a feature of DNS. The spec is a draft of the IETF > DNSOP working group, and while not yet a published RFC, it is widely > considered stable and ready for implementation. IANA has designated HTTPS > as DNS resource record type 65. > > > Gecko: No signal > > WebKit: Safari has been querying HTTPS DNS records since late 2020. > Unclear if Safari has yet implemented HTTP->HTTPS redirect behavior of such > records. > It would be helpful to ask both Gecko and WebKit developers for more clear signals as described in https://bit.ly/blink-signals. > > Web developers: No signals > Are there any folks lined up to use this? Presumably there are if Safari is already making these queries? > Debuggability > > No specific DevTools support. Changes not directly part of the web API > surface. Chrome is not generally used as a development tool for changing > DNS records besides testing/developing the indirect behavior effects on > visiting websites. > We represent HSTS to developers in devtools. Presumably we'd want to do the same for this mechanism, and signal in some way to developers _why_ a particular request was upgraded? > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > ? > > No > > Flag name > > None > > Requires code in //chrome? > > False > > Tracking bug > > https://crbug.com/1206455 > > Launch bug > > https://crbug.com/1206460 > > Estimated milestones > > Desktop 96 > > Android 96 > > Link to entry on the Chrome Platform Status > > https://www.chromestatus.com/feature/5485544526053376 > > This intent message was generated by Chrome Platform Status > <https://www.chromestatus.com/>. > > -- > You received this message because you are subscribed to the Google Groups > "net-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to net-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAMOjQcEJF4%3D7zU16oki_m0vYqfX2_%2BXgH2Fxf51RnMv9ipx63w%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/net-dev/CAMOjQcEJF4%3D7zU16oki_m0vYqfX2_%2BXgH2Fxf51RnMv9ipx63w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3DdQYtpcTrCt7L1n1GQwwGVTDr3nyyqz2Ek2div4aam2vQ%40mail.gmail.com.
