Hi all,
At IETF 113 a draft of mine [1] was presented (slides [2]) at the dispatch session. Part of the upshot there was to check with dnsop if people felt asking for adoption here would be the right plan for this draft. The draft is concerned with (re-)publishing ECHConfigList values in SVCB/HTTPS RRs as the keys for ECH are rotated, but in the context where the ECH private key holder and the DNS publishing entities differ. As an FYI, ECH interop servers operated by Cloudflare and by me rotate such keys hourly so some new automation is needed for cases where one does not have some kind of dynamic DNS API available. To be clear: my own opinion is that adopting this in dnsop would not be a good plan, but that asking the TLS WG would be the right plan instead. That said though, even if this were adopted by TLS, I think it'd benefit from input from dnsop (and httpbis), once the adopted form of the draft had taken would could be a near-final overall shape. And who knows, maybe I'm wrong and this'd be better handled here. So - do people here consider it'd be useful to try for a call for adoption for this in dnsop, or do you agree with me that doing that in the tls wg would be better? Thanks, S. PS: If it's useful and there's time I'd be fine with asking the above again at the upcoming interim. [1] https://datatracker.ietf.org/doc/draft-farrell-tls-wkesni/[2] https://datatracker.ietf.org/meeting/113/materials/slides-113-dispatch-a-well-known-url-for-publishing-echconfiglists-00
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
