IETF Logo Mail Archive

Re: [calsify] [Tzdist-bis] tzdist and IANA

Michael Douglass <mikeadouglass@gmail.com> Thu, 18 July 2019 03:03 UTC

Return-Path: <mikeadouglass@gmail.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 467E31200C4; Wed, 17 Jul 2019 20:03:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J4ifSVhKBwfx; Wed, 17 Jul 2019 20:03:10 -0700 (PDT)
Received: from mail-qt1-x841.google.com (mail-qt1-x841.google.com [IPv6:2607:f8b0:4864:20::841]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45842120045; Wed, 17 Jul 2019 20:03:10 -0700 (PDT)
Received: by mail-qt1-x841.google.com with SMTP id l9so25625339qtu.6; Wed, 17 Jul 2019 20:03:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=H+Hr+QQt9Omr2fuszR7vhv5A0p9orOui2WDp8axuovI=; b=TbtWE5ZHqXVOH/7tRvDFsM5AQxnUJCawkl7smDQv8xiIx9ou76QH5nLcEVOZxeAUGs xaXUI3qqRpaPDQYC9NvSZfxA+yS4+WUACcYUnxw4c2iJJLmNdWlq9wvHqnm20WUDERU2 HJ9+3SUY6chTnTx/R24W5OeBzTHINoSHYq65rvtApcIo1v2LQi5nRB7ZgztlLAJ7NCvL 3nYlO0+SD090N+HQDPEkKmw9td0uymSjUpWBP4yTylqnuSSkn4B6HsUobSyRpzbNDPQB rHgRkTHISPrFY36vs63bb7UykCrPm861/23qvkXG0zwae8VLAfh+Msdv7tCRGJSluJXN cuCg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=H+Hr+QQt9Omr2fuszR7vhv5A0p9orOui2WDp8axuovI=; b=EDCnCeAnJpRMGPg1+2rJCRBGECePovUG+LUAOA9HbyB4xGQXcAsxEFZGeRktkbYSSU lm3Vofx3hQzNHkmOvc269BKPuff3h23ZyHseCEMLh+3k4/Tuo4UnXybxI6mNmNPZ3Jxr dJ6PXbhi6igPDJs48DwFN686QDmS2wDkqAdW8QXuDDQTZ2wPPGNSo3v8hYIBT/oxKcTv lL0R4cuguqxrKamtY5O/oRq2Y9+2KLkdvQ6/imQi6EIKvURp5UkhzRqO2bEZNAADh1Gd dw+ciYVnwQF727iAnyIy2HUVe3igWE6qZyj1VG61FrOGM0vO7XMddDGnDdaorvlaIgAy ydFA==
X-Gm-Message-State: APjAAAVZxqIXOvnDojGpWddAX+idm2DUpGwcsw6gofp5ReOLPf4EVZxc yWKvveMGRXGIdacFj4Mxvm4Q1ye2
X-Google-Smtp-Source: APXvYqynU4iayNwjoQBeu5mwiMVoIpS7ebWu+p2qwAMIZub1UIA1hyOFbFZ12hsZCtXzr432sR3YgA==
X-Received: by 2002:a0c:9e27:: with SMTP id p39mr31097895qve.151.1563418989209; Wed, 17 Jul 2019 20:03:09 -0700 (PDT)
Received: from Michaels-MacBook-Pro.local (cpe-74-70-80-66.nycap.res.rr.com. [74.70.80.66]) by smtp.googlemail.com with ESMTPSA id i17sm11198010qkl.71.2019.07.17.20.03.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Jul 2019 20:03:08 -0700 (PDT)
To: Daniel Migault <daniel.migault@ericsson.com>, Paul Eggert <eggert@cs.ucla.edu>
Cc: tzdist-bis@ietf.org, IETF-Calsify <calsify@ietf.org>
References: <CADZyTkkNuenOTx77cB8vFzWaSjp_fqtEgaYd00t5e2+Kk6MtRA@mail.gmail.com> <47038bd0-210a-4dbc-173c-15bfa89ac54f@cs.ucla.edu> <6a50708d-5fac-1da9-56b3-ed1cea793752@fastmail.com> <6b1616e3-bfc0-a22a-2aa9-11033c525ff3@cs.ucla.edu> <CADZyTkms=skOgqfoDxTF6TSZBsWbfaCmfPBWCG0E9qb4-qA0Uw@mail.gmail.com>
From: Michael Douglass <mikeadouglass@gmail.com>
Message-ID: <6e243cf0-a3ff-82a1-3cae-70fbf699f1f7@gmail.com>
Date: Wed, 17 Jul 2019 23:03:07 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <CADZyTkms=skOgqfoDxTF6TSZBsWbfaCmfPBWCG0E9qb4-qA0Uw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------97A650E07728F632FA096704"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/N6AYX8PwYg8fz7VZwA0OIyKonI8>
Subject: Re: [calsify] [Tzdist-bis] tzdist and IANA
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jul 2019 03:03:13 -0000

I guess my feeling on the privacy issues is that it should be a client 
choice. Certainly for a mobile device such as a phone the entire data 
set would be reasonable - especially if there were a way to reduce it to 
currently active data.

However, for small devices - often with a fixed location - being able to 
retrieve a single zone is probably appropriate.

I suspect the current approach we have implemented for updating 
downstream servers (though all downstream servers are really clients) 
would work for anybody. However - it does assume that we can have a 
sequence#/timestamp per zone

On 7/17/19 22:13, Daniel Migault wrote:
> If I understand correctly the suggestion is to have tzdist server 
> uploading the tzdata from IANA and client connecting to these tzdist 
> servers. While some local network may have a local tzdist server, I 
> would have expected that we could end up in having a global tzdist 
> service that could be used by default by any client - let say 
> tzdist.org <http://tzdist.org>. of course tzdist.org 
> <http://tzdist.org> could be operated by multiple operators, and one 
> of these could be the IANA. I am wondering if that is something in 
> line with the latest messages..
>
> Retrieving the tzdb from IANA for example by a tzdist server is 
> already something that can be done via FTP HTTP for the full tzdb or 
> incrementally via rsynch. If IANA is operating a tzdist server, we 
> could use a request with a "changedsince" parameter. Using the 
> mechanism defined by tzdist seems to me appropriated as the root zone 
> is distributed using a distribution master. My understanding is that 
> we define an efficient way to do that in tzdist. Is that correct ?
> If the iana is not expected to serve client, I am wondering how the 
> difference between clients and secondary would be made. Do we expect 
> specific prmary/secondary relation being pre-agreed ?
I don't know there is any difference between clients and secondary 
servers. I would expect servers nearer the root to not be open to 
anybody but only to a small set of pre-registered servers as you 
suggest. I suspect that vendors - if they use this service would want to 
provide their own servers to their systems - e.g. Apple, MS, Ubuntu, AWS 
etc etc
>
> I understand Paul's suggestion as a generic suggestion that client 
> generally should retrieve the full tzdb rather than a specific tz, in 
> which case, this request should be optimised. As I understand it the 
> privacy concern is more associated to the information leaked to the 
> tzdist server as I assume that all exchanges would be performed over 
> TLS. One concern I have regarding the use of TLS is that it protects 
> the channel to the tzdist server, but I am not sure how the client can 
> effectively check the data is in accordance to the one distributed by 
> IANA. I am also wondering if we should not look at mechanisms that 
> authenticate the data. This could in return prevent the need to use TLS.

I'm guessing the use of tls for most isn't an issue. tzdata is fairly 
slow moving and we're probably considering a once or twice a day check. 
Nothing compared to your facebook interactions.

For small devices though it might be useful on a per zone basis


>
> Yours,
> Daniel
>
>
>
>
>
>
>
>
>
> On Wed, Jul 17, 2019 at 8:40 PM Paul Eggert <eggert@cs.ucla.edu 
> <mailto:eggert@cs.ucla.edu>> wrote:
>
>     Ken Murchison wrote:
>
>     > "Clients" of the IANA TZDIST server would either be primary or
>     secondary servers
>     > and would be fetching ALL changed zones.  There should be no
>     end-user clients
>     > talking to an IANA TZDIST server.
>
>     True, I was worried more about privacy between clients and the
>     secondary servers.
>
>     > There is no way to serve up raw tzdata via TZDIST
>
>     Yes, and part of the proposal would be to improve TZDIST so that
>     clients can
>     obtain the entire tzdb efficiently. For secure clients there
>     should be little
>     reason to request just a subset of tzdb when the entire database
>     is so small.
>
>     _______________________________________________
>     calsify mailing list
>     calsify@ietf.org <mailto:calsify@ietf.org>
>     https://www.ietf.org/mailman/listinfo/calsify
>
>
> _______________________________________________
> calsify mailing list
> calsify@ietf.org
> https://www.ietf.org/mailman/listinfo/calsify

v2.23.0 | Report a Bug | By Email