Recent searches
Search options
@nygren@hachyderm.ioWoohoo! #IETF #RFC9460 has been published: "Service Binding and Parameter Specification via the #DNS (#SVCB and #HTTPS Resource Records)". https://www.rfc-editor.org/rfc/rfc9460.html
Thank you to everyone has supported and contributed to this over the past almost nine years since the initial seeds were planted during discussions at a TLS 1.3 interim meeting.
SVCB has potential to have substantial impact across a wide range of Internet protocols. I'm thrilled to see how many drafts are already building on it.
www.rfc-editor.orgRFC 9460: Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)
This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR)
types to facilitate the lookup of information needed to make connections
to network services, such as for HTTP origins. SVCB records
allow a service to be provided from multiple alternative endpoints,
each with associated parameters (such as transport protocol
configuration), and are extensible to support future uses
(such as keys for encrypting the TLS ClientHello). They also
enable aliasing of apex domains, which is not possible with CNAME.
The HTTPS RR is a variation of SVCB for use with HTTP (see RFC 9110, "HTTP Semantics").
By providing more information to the client before it attempts to
establish a connection, these records offer potential benefits to
both performance and privacy.
@nygren This is coming up a lot in reference to using certain DNS implementations to MS Frontdoor where you essentially need CNAME Domain.org to msfrontdoor.azure.whatever which isn’t allowed in classic configurations.