[art] Re: Domain Connect Protocol

kowalik@denic.de Wed, 23 October 2024 08:39 UTC

Return-Path: <kowalik@denic.de>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11FC6C1CAF4D for <art@ietfa.amsl.com>; Wed, 23 Oct 2024 01:39:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=denic.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xrgOrmeqfbP7 for <art@ietfa.amsl.com>; Wed, 23 Oct 2024 01:39:52 -0700 (PDT)
Received: from mout-b-210.mailbox.org (mout-b-210.mailbox.org [IPv6:2001:67c:2050:102:465::210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3A39C1CAE80 for <art@ietf.org>; Wed, 23 Oct 2024 01:39:50 -0700 (PDT)
Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-210.mailbox.org (Postfix) with ESMTPS id 4XYMt92YW4zDtjk for <art@ietf.org>; Wed, 23 Oct 2024 10:39:45 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denic.de; s=MBO0001; t=1729672785; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=eSQVyZNjS/npMLyvph5qLGz/WtRLPpL38szoWPGt+qE=; b=gBP+pPR+eYp2G33FUT66o31d3jIZsXVjJQWHsbyeDkBcoG1mU6L8SvDhIp+hvTEpAYEfPY a+qHQSnNW08RGi86zkiy0Ix1xJLRRowb1xRZclJLt9wP4K01uRiew7QgPGkIrUyeYQgrFE mCscenFgZXMSPnTG0lWpPh8qz9SpB7glae7JQnhDypjNR2z38QmWarjq/48Y6g0vyUN72f Mf4AuwlqG7zL/OjnbwMiCBIeCMRvYXNO8dCgCFRa71+EusfjZoSiFuyODKEOj7wIlZD/Lt 7pUo1o5SeB1uLGFaf5ME8L1Tv09NmnxgfScClL8po3/S4lNccVGzqqQnqFpNOA==
Message-ID: <10cb6bf2-90a5-4038-993b-5e7c5d765031@denic.de>
Date: Wed, 23 Oct 2024 10:39:44 +0200
MIME-Version: 1.0
From: kowalik@denic.de
To: art@ietf.org
References: <CAN8C-_L9zCYe6sHuhQoiGJGTrC7WFku2dA6QQAhVteZw9MmXjA@mail.gmail.com> <a79dcf80-5b39-41c3-aaf4-f20049d65f02@cs.tcd.ie>
Content-Language: en-GB, de-DE
In-Reply-To: <a79dcf80-5b39-41c3-aaf4-f20049d65f02@cs.tcd.ie>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms070101060903020308080504"
X-MBO-RS-META: emtff7be4mtk85o8stgq18w1zcndo99i
X-MBO-RS-ID: c52b3acffe0824bb6e1
Message-ID-Hash: 7RRKPUP5AKJG65TALSPBBH5DZ3YBLTXD
X-Message-ID-Hash: 7RRKPUP5AKJG65TALSPBBH5DZ3YBLTXD
X-MailFrom: kowalik@denic.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-art.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [art] Re: Domain Connect Protocol
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/vRdGHlMGi8PTnjKyg_m7n0Q_nQg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Owner: <mailto:art-owner@ietf.org>
List-Post: <mailto:art@ietf.org>
List-Subscribe: <mailto:art-join@ietf.org>
List-Unsubscribe: <mailto:art-leave@ietf.org>

Hi Stephen,

Answers inline.

On 21.10.24 21:27, Stephen Farrell wrote:
>
> Hiya,
>
> I had a quick scan and have a couple of initial questions:
>
> I'm working on [1] so wonder if/how those may be related, any
> idea? If not, should they be?

They are in a sense that they address the same problem of one party 
wanting to put an update to the DNS outside of its realm.

Domain connect solves it by pushing the updates from the party (service 
provider) to the DNS operator. It can be one time or permanent (with 
OAuth). It also addresses the whole process of DNS operator discovery, 
authorisation flow and standard API.

draft-ietf-tls-wkech seems to approach it by DNS operator pulling the 
data from the other party. It's OK for a server operator not willing to 
expose any API and seems to me a complementary approach to domain 
connect for this specific situation. I don't see any obvious overlap or 
common parts between the two drafts.

I understand the link between ZF and backend is configured out-of-band. 
Domain connect defines a way to have fully automated setup process. 
Maybe here an extension of domain connect could 
complement draft-ietf-tls-wkech through pseudo-records, similar as 
redirects are also specified in the extension part.

>
> I'm also not clear on the status of this - is this a case of
> wanting to get something long-used under IETF change control
> or something else?

Yes, to get something long-used under IETF change control is the goal.

Kind Regards,

Pawel