Closed magicalo closed 3 years ago
The purpose of the SVCB record information in the "opportunistic" scenario is getting extra metadata about the resolvers. This is particularly important or useful for DoH, where the URI path and HTTP authority would not otherwise be known. The client could guess, but it may not be able to form a valid HTTP request.
The DoT ports, etc, could also be different, but that's often less useful.
Issue migrated to the DDR repo: https://github.com/ietf-wg-add/draft-ietf-add-ddr/issues/9
Can you clarify why dns://resolver.arpa would matter in an Opportunistic scenario, or at least in a subset of Opportunistic options.
Couldn't a DNS client simply attempt DoH on the same IP address(es) as Do53 (ideally in parallel) and if the certificate returned during the DoH exchanges meets the criteria (matching IPs listed in the SAN, cert validation, etc.) then it would simply attempt the upgrade, never having to consider/engage dns://resolver.arpa
Maybe I have misunderstood this section or the role dns://resolver.arpa would play here. Could you clarify please.