-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdraft-ietf-tls-wkech-05.txt
896 lines (565 loc) · 32.4 KB
/
draft-ietf-tls-wkech-05.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
TLS S. Farrell
Internet-Draft Trinity College Dublin
Intended status: Experimental R. Salz
Expires: 8 January 2025 Akamai Technologies
B. Schwartz
Meta Platforms, Inc.
7 July 2024
A well-known URI for publishing ECHConfigList values.
draft-ietf-tls-wkech-05
Abstract
We define a well-known URI at which an HTTP origin can inform an
authoritative DNS server, or other interested parties, about its
Service Bindings. The data can include Encrypted ClientHello (ECH)
configurations, allowing the origin, in collaboration with DNS
infrastructure elements, to publish and rotate its own ECH keys.
Note
This note is to be removed before publishing as an RFC.
The source for this draft is in https://github.com/sftcd/wkesni/
Issues and PRs are welcome there too.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 8 January 2025.
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved.
Farrell, et al. Expires 8 January 2025 [Page 1]
Internet-Draft Well-Known URI for ECH July 2024
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Example uses of the well-known URI for ECH . . . . . . . . . 4
3.1. Shared-mode deplpoyment. . . . . . . . . . . . . . . . . 4
3.2. Split-mode, multi-CDN deplpoyment. . . . . . . . . . . . 5
4. The origin-svcb well-known URI . . . . . . . . . . . . . . . 7
5. The JSON structure for origin service binding info . . . . . 7
6. Zone Factory behaviour . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
9.1. Well-known endpoint registration . . . . . . . . . . . . 12
9.2. JSON Service Binding Info . . . . . . . . . . . . . . . . 13
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
10.1. Normative References . . . . . . . . . . . . . . . . . . 14
10.2. Informative References . . . . . . . . . . . . . . . . . 15
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
1. Introduction
Encrypted ClientHello (ECH) [I-D.ietf-tls-esni] for TLS1.3 [RFC8446]
defines a confidentiality mechanism for server names and other
ClientHello content in TLS. Many applications will require
publication of ECHConfigList data structures in the DNS, where an
ECHConfigList structure contains a list of ECHConfig values. Each
ECHConfig value contains the public component of a key pair that will
typically be periodically (re-)generated by a web server. Many web
infrastructures will have an API that can be used to dynamically
update the DNS RR values containing ECHConfigList values. Some
deployments, however, will not, and those deployments could benefit
from a mechanism like the one defined here.
Note that this is not intended for universal deployment, but rather
for cases where the web server doesn't have write access to the
relevant zone file (or equivalent). That zone file will eventually
include an HTTPS or SVCB RR [RFC9460] containing the ECHConfigList in
Farrell, et al. Expires 8 January 2025 [Page 2]
Internet-Draft Well-Known URI for ECH July 2024
an "ech=" SvcParamKey. [I-D.ietf-tls-svcb-ech] This mechanism is
extensible to deliver other kinds of information about the origin,
that can be of use in these circumstances, but is mainly intended to
provide the functionality necessary for ongoing management of ECH
keys.
We use the term "zone factory" (ZF) for the entity that does have
write access to the zone file. We assume the ZF can also make HTTPS
requests to the web server with the ECH keys. We define a well-known
URI [RFC8615] on the web server that allows the ZF to poll for
changes to ECHConfigList values. For example, if a web server
generates new ECHConfigList values hourly and publishes those at the
well-known URI, the ZF can poll that URI. When the ZF sees new
values, it can check if those work, and if they do, then update the
zone file and re-publish the zone.
If ECH is being operated in split-mode then the web server (backend)
can similarly poll the ECH client-facing server at the well-known URI
and then create it's own value to publish for the ZF to read. ECH
split-mode is defined in [I-D.ietf-tls-esni] and some examples are
shown below (Section 3).
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
We define or re-use the following terms:
Zone factory (ZF): an entity that has write-access to the DNS
Client-Facing Server: the web server that has an ECH private value.
This processes the outer ClientHello and attempts ECH decryption.
The name of client-facing server will typically be the public_name
value used in an ECHConfig.
Backend: the web server that will process the inner ClientHello.
Note that even if client-facing server and backend are on the same
web server, they almost certainly have different DNS names.
Shared-mode: this is where client-facing and backend servers are the
same web server.
Split-mode: this refers to the case where the client-facing server
Farrell, et al. Expires 8 January 2025 [Page 3]
Internet-Draft Well-Known URI for ECH July 2024
only does ECH decryption but the TLS session is between the client
and backend, which will typically be on a different host to
client-facing server
regeninterval: the number of seconds after which the value retrieved
after acessing a well-known URI may be changed.
3. Example uses of the well-known URI for ECH
Some example deployments are described here.
3.1. Shared-mode deplpoyment.
+--------------------+
| |
TLS | 2001:DB8::1111 | Client-
Client <----------->| | facing
| cfs.example.com | server
| backend.example.com|
+--------------------+
^ ^
(1) ZF reads | | (2) ZF checks
.well-known V V ECHConfig
+--------------------+
| |
| zf.example.net | Zone Factory (ZF)
| |
+--------------------+
|
| (3) ZF publishes new HTTPS RR
V
+--------------------+
| |
| ns.example.net | Authoritative DNS
| |
+--------------------+
Figure 1: Shared-Mode Topology with Zone Factory and DNS
The shared-mode ECH server generates new ECHConfigList values every
"regeninterval" seconds via some regular, automated process (e.g., a
cronjob). ECHConfigList values are "current" for an hour, and remain
usable for three hours from the time of generation. The automated
process updates the ECHConfigList values in a JSON resource (see
Figure 3) at the well-known URI, https://backend.example.com/.well-
known/origin-svcb.
These steps then occur:
Farrell, et al. Expires 8 January 2025 [Page 4]
Internet-Draft Well-Known URI for ECH July 2024
1. On the ZF, another regularly executed job uses an HTTP client to
retrieve this JSON resource from backend.example.com. The data
MUST be fetched via HTTPS and the certificate validity MUST be
verified.
2. The ZF next attempts to connect to backend.example.com using
these ECH values and confirms that they are working.
3. The ZF observes that the JSON resource has a regeninterval of
3600 seconds, and chooses a DNS TTL of 1800. It updates the DNS
zone file for backend.example.com and re-publishes the zone
containing the new ECHConfigList values instead of the old.
When "regeninterval" seconds have passed, the ZF attempts to refresh
its cached copy of the JSON resource. If the resource has changed,
it repeats this process.
3.2. Split-mode, multi-CDN deplpoyment.
The following diagram, and this entire section, is a place-holder
just to have something on which to base discussion, and will change.
Farrell, et al. Expires 8 January 2025 [Page 5]
Internet-Draft Well-Known URI for ECH July 2024
+--------------------+
| REAL |
| backend.example.com|
| |
+--------------------+
^^ ^^
|| VPN ||
VV VV
+--------------------+ +--------------------+
| | | |
TLS | 2001:DB8::1111 | | 2001:DB8::FFFF | Client-
Client <-->|backend.example.com | | backend.example.com| facing
| cfs.cdn1.example | | cfs.cdn2.example | servers
+--------------------+ +--------------------+
^ ^
(1) ZF reads | | (2) ZF checks
.well-known V V ECHConfig
+--------------------+
| |
| zf.example.net | Zone Factory (ZF)
| |
+--------------------+
|
| (3) ZF publishes new HTTPS RR
V
+--------------------+
| |
| ns.example.net | Authoritative DNS
| |
+--------------------+
Figure 2: Shared-Mode Topology with Zone Factory and DNS
In this topology, the overall process is as in the previous section,
but with the following differences:
1. There are two client-facing servers (in different CDNs) for the
one "REAL" backend server that hosts the actual web resources.
2. ECH split-mode is assumed to be supported by both CDNs.
3. The "REAL" backend.example.com content is hosted on some
machine(s) accessible from the client-facing servers via a VPN.
4. The ZF notes that backend.example.com has multiple AAAA RR values
published, so queries for the .well-known at each of those. In
this case the values received differ.
Farrell, et al. Expires 8 January 2025 [Page 6]
Internet-Draft Well-Known URI for ECH July 2024
5. The ZF next attempts to connect to each CFS using the relevant
ECH values and confirms that they are all working.
6. Note tha the ZF is not aware that ECH split-mode is in use.
4. The origin-svcb well-known URI
If the backend wants to convey information to the Zone Factory, it
publishes the JSON content defined in Section 5 at:
https://backend.example.com/.well-known/origin-svcb
The well-known URI defined here MUST be an https URL and therefore
the ZF can verify the correct backend is being accessed.
If no new ECHConfig value verifies (as per Section 6), then the zone
factory MUST NOT modify the zone.
5. The JSON structure for origin service binding info
{
"regeninterval": 3600,
"endpoints": [{
"priority": 1,
"target": "cdn.example.",
"params": {
"ech": "AD7+DQA65wAgAC..AA=="
}
}, {
"priority": 1,
"params": {
"port": 8413,
"ech": "AD7+DQA65wAgAC..AA=="
}
}]
}
Figure 3: Sample JSON for ECH without aliases
{
"regeninterval": 108000,
"endpoints": [{
"alias": "cdn1.example.com",
}]
}
Figure 4: Sample JSON with aliasing
Farrell, et al. Expires 8 January 2025 [Page 7]
Internet-Draft Well-Known URI for ECH July 2024
The JSON file at the well-known URI MUST contain an object with two
keys: "regeninterval", whose value is a number, and "endpoints" whose
value is an array of objects. All other keys MUST be ignored.
The "regeninterval" must be a positive integer and specifies the
number of seconds between key generation actions at the origin, i.e.
a replacement ECHConfigList may be generated this often. This is
used by the ZF to generate DNS TTL values and to determine when to
next poll the origin for updates.
More precise expiration times are common (e.g., the "notAfter" field
in certificate lifetime validity, discussed in Section 4.1.2.5 of
[RFC5280]), but are too stringent for this use-case. The ZF cannot
afford to fail open (by removing the HTTPS records) or fail closed
(by removing the IP addresses), but it can safely "stretch" the
lifetime of the HTTPS records because of ECH's "retry_configs"
behavior. Since we have to accept this stretching, it makes sense to
avoid an explicit expiration time and instead speak about the
intended update frequency. This also make it clear the origin must
tolerate some amount of version skew, and gives operational
flexibility to avoid unreasonable update frequencies.
The "endpoints" key is an array of objects.
* An empty endpoints array means that all HTTPS records that the ZF
has published for the origin should be deleted.
* An endpoints array with one element can be one of three things:
1. An empty object, which the ZF should take to be an HTTPS
record with inferred SvcPriority, a TargetName equal to ".",
and no ECH support. This can can be useful as a simple way to
make use of the HTTPS RR type's HSTS behavior.
2. A ServiceMode entry, containing at least one key from the JSON
HTTP Origin Info registry (see IANA Considerations
(Section 9), below).
3. An AliasMode entry that points to another DNS name that must
be resolved.
* If the endpoints array has more than one element, every item
SHOULD be a ServiceMode entry, due to restrictions on the use of
multiple AliasMode records (see , Section 2.4.2 [RFC9460]).
This format is designed to allow full use of the capabilities of
HTTPS records [RFC9460] in natural JSON while minimizing the risk of
invalid configurations.
Farrell, et al. Expires 8 January 2025 [Page 8]
Internet-Draft Well-Known URI for ECH July 2024
The following keys are defined for ServiceMode entries:
target: The value is a string containing a fully qualified domain
name, corresponding to the HTTPS record's TargetName. The default
value is ".".
priority: The value is a positive integer corresponding to the
SvcPriority. If omitted, the ZF MAY infer numerically increasing
SvcPriority from the order of the endpoints array.
params: A JSON Dictionary representing the SVCB SvcParams. Each key
in the dictionary is a string containing a registered SvcParamKey
name (e.g., "ipv6hint") or a SvcParamKey in generic form (e.g.,
"key65528"). The default value is "{}".
* For single-valued SvcParams (e.g., "ech"), the value is a JSON
String. A JSON String is a sequence of Unicode codepoints,
while a SvcParam's presentation value is a sequence of octets,
so each value octet is stored as a single Unicode codepoint
[ISOMORPHIC-DECODE]. In almost all cases, this is equivalent
to the ordinary string representation of the presentation
value.
* For list-valued SvcParams (e.g., "alpn"), the value is a JSON
Array of Strings. Each String represents an octet sequence, as
in the single-value case.
The following key is defined for AliasMode entries.
alias: The value MUST be a DNS name that could be used as the
TargetName of an HTTPS resource record. This indicates that the
backend is hosted on the same endpoints as this target, and is
equivalent to an HTTPS AliasMode record. The ZF might implement
this directive by publishing an AliasMode record, publishing a
CNAME record, copying HTTPS records from the target zone, or
fetching https://cfs.example.com/.well-known/origin-svcb (if it
exists).
These definitions, taken with the ZF behaviour (Section 6) specified
below, provide the following important properties:
* Origins can express any useful configuration that is representable
by HTTPS records, including multiple endpoints representing
different ports, providers, etc.
Farrell, et al. Expires 8 January 2025 [Page 9]
Internet-Draft Well-Known URI for ECH July 2024
* Origins that simply alias to a single target can indicate this
without copying the ECHConfig and other parameters, avoiding the
maintenance burden of staying synchronized with the target's key
rotations and configuration updates.
6. Zone Factory behaviour
If the ZF is unable to convert the JSON into a DNS zone fragment
(e.g., due to an unrecognized SvcParamKey), or if the resulting zone
fails validation checks, the ZF MUST NOT update the DNS. Such
failures will not be directly visible to the client-facing server, so
ZF implementations will need to provide some form of reporting so
that the situation can be resolved. Note that this can lead to
inconsistent behavior for a single origin served by multiple ZFs.
A ZF MAY apply additional processing according to its own policy,
such as adjusting TTL values and correcting common misconfigurations.
ZF SHOULD check that ECH with the presented endpoints succeeds with
the backend before publication. In order to make such checks, the ZF
SHOULD attempt to access the well-known URI defined here while
attempting ECH.
A bespoke TLS client is likely needed for this check, that does not
require the ECHConfigList value to have already been published in the
DNS. The TLS client also needs to allow checking for the success or
failure of ECH.
If more than one ECHConfig is present in an ECHConfigList, then the
ZF SHOULD explode the ECHConfigList value presented into "singleton"
values with one public key in each, and then test each of those
separately.
If ipv4hints or ipv6hints are present, and if those are not the same
values as are published in A/AAAA RRs for the backend, then the ZF
SHOULD check that webPKI based authentication of the backend works at
all of the relevant addresses.
ZF SHOULD publish all the endpoints that are presented in the JSON
file that pass the checks above.
ZF SHOULD set a DNS TTL less than regeninterval, i.e. short enough so
that any cached DNS resource records are likely to have expired
before the JSON object's content is likely to have changed. The ZF
MUST attempt to refresh the JSON object and regenerate the zone
before this time. This aims to ensure that ECHConfig values are not
used longer than intended by backend.
Farrell, et al. Expires 8 January 2025 [Page 10]
Internet-Draft Well-Known URI for ECH July 2024
7. Security Considerations
This document defines a way to publish SVCB/HTTPS RR values. If the
wrong values were published in the DNS, then TLS clients using ECH
might suffer a privacy leak, or degraded service due to overuse of
ECH retry_configs.
Similarly, a ZF that also has write access to A/AAAA RRs for a
backend, SHOULD NOT publish HTTPS RRs that contain ipv4hints or
ipv6hints that are in conflict with the correct A/AAAA values unless
those have been verified (via webPKI) as belonging to the same
backend.
When considering the content of SVCB/HTTPS RRs, the general argument
for the security of this scheme is that, this scheme has the backend
server authenticate the JSON structure that is mapped directly to the
SVCB/HTTPS RR, to eventually be used by TLS clients when interacting
with the backend server, via the client-facing server.
ECH split-mode security also requires that the backend server acquire
SvcParamKey values from the client-facing server via some
authenticated means. If the backend server acquires the JSON data
from the well-known URL and it is properly authenticated via HTTPS
from the client-facing server's public_name then that satisfies this
requirement.
The system described here depends on the webPKI for authentication of
entities and results in publication of new SVCB/HTTPS RRs. The
webPKI itself, however, often depends on the DNS to demonstrate
control over a DNS name, e.g. when using the ACME protocol [RFC8555]
with the HTTP-01 challenge type. A temporary breach of a backend
server that allows the attacker to contol the JSON content described
here could be used to bootsrap more long-lasting control over the
backend's DNS name if the attacker were to request new certificates
during the time when the attacker's chosen values were published in
the DNS, and if the ACME server doing the validation solely depended
on content from the backend's HTTPS RR, e.g. preferring ipv6hints
over the AAAA for the backend. It would seem prudent for ACME
servers to be cautious if using ipv4hints and ipv6hints, e.g.
flagging divergence between those values and A/AAAA RRs.
Although the .well-known URL defined here may well be publicly
accessible, general HTTP clients SHOULD NOT attempt to use this
resource in lieu of HTTPS records queries through their preferred DNS
server for the following reasons:
* The bootstrap connection would not be able to use ECH, so it would
reveal all the information that ECH seeks to protect.
Farrell, et al. Expires 8 January 2025 [Page 11]
Internet-Draft Well-Known URI for ECH July 2024
* The origin could serve the user with a uniquely identifying
configuration, potentially resulting in an unexpected tracking
vector.
The .well-known URI chosen here means that services running on
different ports of the same backend are trusting the service running
on the default port (443) for that backend to provide correct
endpoint information.
As described, in mutlti-CDN and simlar scenarios, a ZF might only
test ECH success against one of the CDNs unless the ZF can make use
of the ipv4hints and/or ipv6hint values, or the ZF has out of band
information about the different addresses at which
backend.example.com can be accessed.
8. Acknowledgements
Thanks to Niall O'Reilly, Martin Thomson and David Black for reviews.
Stephen Farrell's work on this specification was supported in part by
the Open Technology Fund.
9. IANA Considerations
IANA is requested to take two actions: registering a new well-known
URI in the registry at https://www.iana.org/assignments/well-known-
uris/well-known-uris.xhtml#well-known-uris-1 and creating a new
registry for defining items in the JSON object found at that
endpoint.
9.1. Well-known endpoint registration
IANA is requested to add the following entry to the Well-Known URIs
table:
Farrell, et al. Expires 8 January 2025 [Page 12]
Internet-Draft Well-Known URI for ECH July 2024
+---------------------+---------------------------+
| Column | Value |
+---------------------+---------------------------+
| URI Suffix | origin-svcb |
+---------------------+---------------------------+
| Change Controller | IETF |
+---------------------+---------------------------+
| Reference | {This RFC} |
+---------------------+---------------------------+
| Status | permanent |
+---------------------+---------------------------+
| Related Information | Must be fetched via HTTPS |
+---------------------+---------------------------+
| Date Registered | {When registered} |
+---------------------+---------------------------+
| Date Modified | |
+---------------------+---------------------------+
Table 1: Additional Well-Known entry
Items in curly braces should be replaced with their actual values.
9.2. JSON Service Binding Info
If approved, this specification requests the creation of an IANA
registry named "JSON Service Binding Info" with a Standards Action
registration policy. The request is to put the table in a new file
"json-svcb.xml" in the existing "dns-svcb" registry group. The table
has three columns:
Name: the name of the top-level field being added
Reference: the document that defines the semantics of the field
Notes: any short additional information the registrant wishes to add
The table should be populated with the following two entries, where
Items in curly braces should be replaced with their actual values,
and the "Notes" column is empty.
Farrell, et al. Expires 8 January 2025 [Page 13]
Internet-Draft Well-Known URI for ECH July 2024
+---------------+------------+-------+
| Name | Reference | Notes |
+---------------+------------+-------+
| endpoints | {This RFC} | |
+---------------+------------+-------+
| regeninterval | {This RFC} | |
+---------------+------------+-------+
Table 2: Initial values for the
registry
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<https://www.rfc-editor.org/info/rfc5280>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers
(URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019,
<https://www.rfc-editor.org/info/rfc8615>.
[RFC9460] Schwartz, B., Bishop, M., and E. Nygren, "Service Binding
and Parameter Specification via the DNS (SVCB and HTTPS
Resource Records)", RFC 9460, DOI 10.17487/RFC9460,
November 2023, <https://www.rfc-editor.org/info/rfc9460>.
Farrell, et al. Expires 8 January 2025 [Page 14]
Internet-Draft Well-Known URI for ECH July 2024
[I-D.ietf-tls-esni]
Rescorla, E., Oku, K., Sullivan, N., and C. A. Wood, "TLS
Encrypted Client Hello", Work in Progress, Internet-Draft,
draft-ietf-tls-esni-18, 4 March 2024,
<https://datatracker.ietf.org/doc/html/draft-ietf-tls-
esni-18>.
[I-D.ietf-tls-svcb-ech]
Schwartz, B. M., Bishop, M., and E. Nygren, "Bootstrapping
TLS Encrypted ClientHello with DNS Service Bindings", Work
in Progress, Internet-Draft, draft-ietf-tls-svcb-ech-02,
23 May 2024, <https://datatracker.ietf.org/doc/html/draft-
ietf-tls-svcb-ech-02>.
10.2. Informative References
[RFC8555] Barnes, R., Hoffman-Andrews, J., McCarney, D., and J.
Kasten, "Automatic Certificate Management Environment
(ACME)", RFC 8555, DOI 10.17487/RFC8555, March 2019,
<https://www.rfc-editor.org/info/rfc8555>.
[ISOMORPHIC-DECODE]
WHATWG, "WHATWG definition of Isomorphic Decode",
<https://infra.spec.whatwg.org/#isomorphic-decode>.
Appendix A. Change Log
This section is to be removed before publishing as an RFC.
The -00 WG draft replaces draft-farrell-tls-wkesni-03.
Version 01 changed from a special-purpose design, carrying only
ECHConfigs and port numbers, to a more general approach based on
Service Bindings.
Version 02 is just a keep-alive
Version 03 reflects some local implementation experience with -02
Version 04 matches a proof-of-concept bash script implementation and
results of IETF-117 discussion.
Version 05 responds to early artart and dnsop reviews, and some list
discussion/github issues.
Authors' Addresses
Farrell, et al. Expires 8 January 2025 [Page 15]
Internet-Draft Well-Known URI for ECH July 2024
Stephen Farrell
Trinity College Dublin
Dublin
2
Ireland
Phone: +353-1-896-2354
Email: [email protected]
Rich Salz
Akamai Technologies
Email: [email protected]
Benjamin Schwartz
Meta Platforms, Inc.
Email: [email protected]
Farrell, et al. Expires 8 January 2025 [Page 16]