| rfc9848v1.txt | rfc9848.txt | |||
|---|---|---|---|---|
| skipping to change at line 105 ¶ | skipping to change at line 105 ¶ | |||
| protocols (including DTLS [RFC9147] and QUIC version 1 [RFC9001]) | protocols (including DTLS [RFC9147] and QUIC version 1 [RFC9001]) | |||
| unless otherwise specified. | unless otherwise specified. | |||
| In wire format, the value of the parameter is an ECHConfigList | In wire format, the value of the parameter is an ECHConfigList | |||
| (Section 4 of [ECH]), including the redundant length prefix. In | (Section 4 of [ECH]), including the redundant length prefix. In | |||
| presentation format, the value is the ECHConfigList in Base 64 | presentation format, the value is the ECHConfigList in Base 64 | |||
| encoding (Section 4 of [RFC4648]). Base 64 is used here to simplify | encoding (Section 4 of [RFC4648]). Base 64 is used here to simplify | |||
| integration with TLS server software. To enable simpler parsing, | integration with TLS server software. To enable simpler parsing, | |||
| this SvcParam MUST NOT contain escape sequences. | this SvcParam MUST NOT contain escape sequences. | |||
| ech="AEj+DQBEAQAgACAdd+scUi0IYFsXnUIU7ko2Nd9+F8M26pAGZVpz/KrWPgAEAAEAAWQ | This example uses line wrapping per [RFC8792]. | |||
| VZWNoLXNpdGVzLmV4YW1wbGUubmV0AAA=" | ||||
| ech="AEj+DQBEAQAgACAdd+scUi0IYFsXnUIU7ko2Nd9+F8M26pAGZVpz/KrWPgAEAAE\ | ||||
| AAWQVZWNoLXNpdGVzLmV4YW1wbGUubmV0AAA=" | ||||
| Figure 1: ECH SvcParam with a public_name of "ech-sites.example.net" | Figure 1: ECH SvcParam with a public_name of "ech-sites.example.net" | |||
| 4. Requirements for Server Deployments | 4. Requirements for Server Deployments | |||
| When publishing a record containing an "ech" parameter, the publisher | When publishing a record containing an "ech" parameter, the publisher | |||
| MUST ensure that all IP addresses of TargetName correspond to servers | MUST ensure that all IP addresses of TargetName correspond to servers | |||
| that have access to the corresponding private key or are | that have access to the corresponding private key or are | |||
| authoritative for the public name. (See Sections 6.1.7 and 8.1.1 of | authoritative for the public name. (See Sections 6.1.7 and 8.1.1 of | |||
| [ECH] for requirements related to the public name.) Otherwise, | [ECH] for requirements related to the public name.) Otherwise, | |||
| skipping to change at line 204 ¶ | skipping to change at line 206 ¶ | |||
| www 300 IN A 192.0.2.1 | www 300 IN A 192.0.2.1 | |||
| AAAA 2001:db8::1 | AAAA 2001:db8::1 | |||
| HTTPS 1 . ech=ABC... | HTTPS 1 . ech=ABC... | |||
| Figure 2: Simple Example Zone with the Same Configuration on the | Figure 2: Simple Example Zone with the Same Configuration on the | |||
| Apex and Web Domain | Apex and Web Domain | |||
| The example above is compatible with clients that do or do not | The example above is compatible with clients that do or do not | |||
| support HTTPS records. | support HTTPS records. | |||
| $ORIGIN heterogeneous.example. ; Example zone with two pools of servers | $ORIGIN heterogeneous.example. ; Example zone with 2 pools of servers | |||
| pool1 300 IN A 192.0.2.1 | pool1 300 IN A 192.0.2.1 | |||
| AAAA 2001:db8:1::a | AAAA 2001:db8:1::a | |||
| pool2 300 IN A 192.0.2.2 | pool2 300 IN A 192.0.2.2 | |||
| AAAA 2001:db8:2::a | AAAA 2001:db8:2::a | |||
| service 300 IN SVCB 1 pool1 ech=ABC... | service 300 IN SVCB 1 pool1 ech=ABC... | |||
| SVCB 1 pool2 ech=DEF... | SVCB 1 pool2 ech=DEF... | |||
| A 192.0.2.1 | A 192.0.2.1 | |||
| A 192.0.2.2 | A 192.0.2.2 | |||
| AAAA 2001:db8:1::a | AAAA 2001:db8:1::a | |||
| AAAA 2001:db8:2::a | AAAA 2001:db8:2::a | |||
| skipping to change at line 393 ¶ | skipping to change at line 395 ¶ | |||
| [CLINIC] Miller, B., Huang, L., Joseph, A., and J. Tygar, "I Know | [CLINIC] Miller, B., Huang, L., Joseph, A., and J. Tygar, "I Know | |||
| Why You Went to the Clinic: Risks and Realization of HTTPS | Why You Went to the Clinic: Risks and Realization of HTTPS | |||
| Traffic Analysis", Lecture Notes in Computer Science, vol. | Traffic Analysis", Lecture Notes in Computer Science, vol. | |||
| 8555, pp. 143-163, DOI 10.1007/978-3-319-08506-7_8, 2014, | 8555, pp. 143-163, DOI 10.1007/978-3-319-08506-7_8, 2014, | |||
| <https://doi.org/10.1007/978-3-319-08506-7_8>. | <https://doi.org/10.1007/978-3-319-08506-7_8>. | |||
| [RFC7838] Nottingham, M., McManus, P., and J. Reschke, "HTTP | [RFC7838] Nottingham, M., McManus, P., and J. Reschke, "HTTP | |||
| Alternative Services", RFC 7838, DOI 10.17487/RFC7838, | Alternative Services", RFC 7838, DOI 10.17487/RFC7838, | |||
| April 2016, <https://www.rfc-editor.org/info/rfc7838>. | April 2016, <https://www.rfc-editor.org/info/rfc7838>. | |||
| [RFC8792] Watsen, K., Auerswald, E., Farrel, A., and Q. Wu, | ||||
| "Handling Long Lines in Content of Internet-Drafts and | ||||
| RFCs", RFC 8792, DOI 10.17487/RFC8792, June 2020, | ||||
| <https://www.rfc-editor.org/info/rfc8792>. | ||||
| [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure | [RFC9001] Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure | |||
| QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, | QUIC", RFC 9001, DOI 10.17487/RFC9001, May 2021, | |||
| <https://www.rfc-editor.org/info/rfc9001>. | <https://www.rfc-editor.org/info/rfc9001>. | |||
| [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The | [RFC9147] Rescorla, E., Tschofenig, H., and N. Modadugu, "The | |||
| Datagram Transport Layer Security (DTLS) Protocol Version | Datagram Transport Layer Security (DTLS) Protocol Version | |||
| 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022, | 1.3", RFC 9147, DOI 10.17487/RFC9147, April 2022, | |||
| <https://www.rfc-editor.org/info/rfc9147>. | <https://www.rfc-editor.org/info/rfc9147>. | |||
| Authors' Addresses | Authors' Addresses | |||
| End of changes. 3 change blocks. | ||||
| 3 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||