Re: [calsify] [Tzdist-bis] tzdist and IANA
Daniel Migault <daniel.migault@ericsson.com> Thu, 18 July 2019 02:14 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83F63120623; Wed, 17 Jul 2019 19:14:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.558
X-Spam-Level:
X-Spam-Status: No, score=-1.558 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.091, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vw5HViTs6CDn; Wed, 17 Jul 2019 19:13:59 -0700 (PDT)
Received: from mail-vs1-f65.google.com (mail-vs1-f65.google.com [209.85.217.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56309120617; Wed, 17 Jul 2019 19:13:59 -0700 (PDT)
Received: by mail-vs1-f65.google.com with SMTP id a186so16376608vsd.7; Wed, 17 Jul 2019 19:13:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6OhN1bHxzi4EPFagrR5dwjygi9hamdrsUWDx+pdR41M=; b=IIia3xIlwOetL9cTTLirq/vg2+CSpkWucbmoHM8QCyCyFoBlUIH6+GyQ2RRSGT1Ms7 0FHeu+q/R6Ue/YN+FC+sV3jrlLTpPee1Y00Fk8HYaWXWNu++3z5Ki4l+JQXMznEA3Nod GEjEC3UyrIAx3vx/47vXEGU6NV0/ZewuNcAmfXA1mM378D6u579fpepFBhqM8Av2gERo hLA9FBY2BclAR3UWVEYWYIZIyD53FMKlbzGFdBEHgXaPuRsLqnuza2vl0hYEVLs/Zarg UgcMkkPhECaY71pnj+QiVZpjPc+7OhJpHKf2TG4DvZ180DcvTiEzebAhL1zYW2+g9tPT dZnA==
X-Gm-Message-State: APjAAAWtza/mVipZ5WOh/jPA7Kppmx3i/uEWIw47pEOXeCsgMl7zA3n7 AqocDYzr/FSQSYlgh9Yn/+4owGwF7GXGhkwPY6Y=
X-Google-Smtp-Source: APXvYqzI3rWMqXJdB6/r9SVO83Irhl+8hKDGl9gfIDDkjWLAhBmEjGdCJFJF5AZCHZeuPxKm4h7oif6jAIfi/eRfCr8=
X-Received: by 2002:a67:fb0d:: with SMTP id d13mr27881225vsr.69.1563416038394; Wed, 17 Jul 2019 19:13:58 -0700 (PDT)
MIME-Version: 1.0
References: <CADZyTkkNuenOTx77cB8vFzWaSjp_fqtEgaYd00t5e2+Kk6MtRA@mail.gmail.com> <47038bd0-210a-4dbc-173c-15bfa89ac54f@cs.ucla.edu> <6a50708d-5fac-1da9-56b3-ed1cea793752@fastmail.com> <6b1616e3-bfc0-a22a-2aa9-11033c525ff3@cs.ucla.edu>
In-Reply-To: <6b1616e3-bfc0-a22a-2aa9-11033c525ff3@cs.ucla.edu>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Wed, 17 Jul 2019 22:13:47 -0400
Message-ID: <CADZyTkms=skOgqfoDxTF6TSZBsWbfaCmfPBWCG0E9qb4-qA0Uw@mail.gmail.com>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: Ken Murchison <murch@fastmail.com>, tzdist-bis@ietf.org, IETF-Calsify <calsify@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009acdec058deb29eb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/N15oEY81Hll1-pGgfa2VsgL7fhM>
Subject: Re: [calsify] [Tzdist-bis] tzdist and IANA
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 02:14:02 -0000
If I understand correctly the suggestion is to have tzdist server uploading the tzdata from IANA and client connecting to these tzdist servers. While some local network may have a local tzdist server, I would have expected that we could end up in having a global tzdist service that could be used by default by any client - let say tzdist.org. of course tzdist.org could be operated by multiple operators, and one of these could be the IANA. I am wondering if that is something in line with the latest messages. Retrieving the tzdb from IANA for example by a tzdist server is already something that can be done via FTP HTTP for the full tzdb or incrementally via rsynch. If IANA is operating a tzdist server, we could use a request with a "changedsince" parameter. Using the mechanism defined by tzdist seems to me appropriated as the root zone is distributed using a distribution master. My understanding is that we define an efficient way to do that in tzdist. Is that correct ? If the iana is not expected to serve client, I am wondering how the difference between clients and secondary would be made. Do we expect specific prmary/secondary relation being pre-agreed ? I understand Paul's suggestion as a generic suggestion that client generally should retrieve the full tzdb rather than a specific tz, in which case, this request should be optimised. As I understand it the privacy concern is more associated to the information leaked to the tzdist server as I assume that all exchanges would be performed over TLS. One concern I have regarding the use of TLS is that it protects the channel to the tzdist server, but I am not sure how the client can effectively check the data is in accordance to the one distributed by IANA. I am also wondering if we should not look at mechanisms that authenticate the data. This could in return prevent the need to use TLS. Yours, Daniel On Wed, Jul 17, 2019 at 8:40 PM Paul Eggert <eggert@cs.ucla.edu> wrote: > Ken Murchison wrote: > > > "Clients" of the IANA TZDIST server would either be primary or secondary > servers > > and would be fetching ALL changed zones. There should be no end-user > clients > > talking to an IANA TZDIST server. > > True, I was worried more about privacy between clients and the secondary > servers. > > > There is no way to serve up raw tzdata via TZDIST > > Yes, and part of the proposal would be to improve TZDIST so that clients > can > obtain the entire tzdb efficiently. For secure clients there should be > little > reason to request just a subset of tzdb when the entire database is so > small. > > _______________________________________________ > calsify mailing list > calsify@ietf.org > https://www.ietf.org/mailman/listinfo/calsify >
- [calsify] tzdist and IANA Daniel Migault
- Re: [calsify] tzdist and IANA Michael Douglass
- Re: [calsify] tzdist and IANA Ken Murchison
- Re: [calsify] tzdist and IANA David Thewlis
- Re: [calsify] [Tzdist-bis] tzdist and IANA Paul Eggert
- Re: [calsify] [Tzdist-bis] tzdist and IANA Ken Murchison
- Re: [calsify] [Tzdist-bis] tzdist and IANA Paul Eggert
- Re: [calsify] [Tzdist-bis] tzdist and IANA Daniel Migault
- Re: [calsify] [Tzdist-bis] tzdist and IANA Michael Douglass
- Re: [calsify] [Tzdist-bis] tzdist and IANA Eliot Lear
- Re: [calsify] [Tzdist-bis] tzdist and IANA Eliot Lear
- Re: [calsify] [Tzdist-bis] tzdist and IANA Martin Burnicki
- Re: [calsify] [Tzdist-bis] tzdist and IANA Martin Burnicki
- Re: [calsify] [Tzdist-bis] tzdist and IANA Daniel Migault
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Steve Crocker
- Re: [calsify] [Tzdist-bis] tzdist and IANA Daniel Migault
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Tony Finch
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Michael Douglass
- Re: [calsify] [tz] [Tzdist-bis] tzdist and IANA -… Thomas Peterson
- Re: [calsify] [Tzdist-bis] [tz] tzdist and IANA -… Michael Douglass
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Eliot Lear
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Paul Eggert
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Ken Murchison
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Steve Crocker
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Paul Eggert
- Re: [calsify] [Tzdist-bis] tzdist and IANA -- est… Steve Crocker
- Re: [calsify] [Tzdist-bis] tzdist and IANA Paul Eggert
- Re: [calsify] [Tzdist-bis] tzdist and IANA Martin J. Dürst
- [calsify] TZ distribution system mailing list Daniel Migault