[dns-operations] R53 Introduces service Binding (SVCB), HTTPS, TLSA, and Secure Shell fingerprint (SSHFP) records
Ask Bjørn Hansen
ask at develooper.com
Thu Oct 31 04:10:45 UTC 2024
> On Oct 30, 2024, at 18:27, Doug Barton via dns-operations <dns-operations at dns-oarc.net> wrote:
>
> What I'm most curious about is whether HTTPS is going to get broader support from the browsers now that AWS is on board?
>
> I lived through several rounds of the ALIAS vs. SRV wars, and remain disappointed in all sides of that argument. The need is obviously there, and the AliasMode for HTTPS seems like it will meet that need, if it's universally supported.
>
> It's still not enabled by default in the latest Firefox without DOH, for example. It seems that Chrome and Safari support it on desktop, and that mobile support is also strong. Am I missing anything?
My understanding is that Chrome only supports the flags to use TLS, HTTP/2 and HTTP/3; not the “use this target” data; but it’s been a while since I checked.
In particular if your domain isn’t in the HSTS preload lists then using this as a signal to the clients to connect securely can be very helpful.
On macOS/iOS/etc you get the “full functionality”; depending on your client base it can be a meaningful improvement over anycast IPs (or the proprietary “alias” type features).
Ask
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20241030/79fe1182/attachment.html>
More information about the dns-operations
mailing list