IETF Logo Mail Archive

Re: [core] DNS-SD service types for CoRE-RD (Re: AD review of draft-ietf-core-resource-directory-23)

Ted Lemon <mellon@fugue.com> Mon, 02 March 2020 15:36 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D7553A092B for <core@ietfa.amsl.com>; Mon, 2 Mar 2020 07:36:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXlj9Uy242Xa for <core@ietfa.amsl.com>; Mon, 2 Mar 2020 07:36:27 -0800 (PST)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02D613A0927 for <core@ietf.org>; Mon, 2 Mar 2020 07:36:26 -0800 (PST)
Received: by mail-qk1-x72e.google.com with SMTP id m2so44313qka.7 for <core@ietf.org>; Mon, 02 Mar 2020 07:36:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Td9PyVIKqjK27wHfGPcfLIr4sakV6iVYW0MFcOQ7+40=; b=COgy+3YdrvOwP9kpYaj6HzZDLoPdSrP1GbV034C8JfzuS2DbzDpEN2vp6TWHTMa9jz 2/n4reqzRCsrx4H8xtlJjnTXwiBeVPTXTTuB6ck0DhEJPRVHZL28wVDUISlkik4UkL7X zgRndPAdXWLMCFgqoOKsm2N/BRf4FMj2enwt73XplIeauXMPafCkytsLzfBGV8+OgLXO r/Z9nXjWrsXZI8IqH8EAvfaBK/NgqIAdho7GugDNRK9cONAgzS26YRNKsdeD4s6EnjhL wXGECHy/t0ITyNndiENSy8KVD8AWKEc/Rmi/LDCFRZzTZDWTW8JkVwv99g/gQsIk/w6l fCxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Td9PyVIKqjK27wHfGPcfLIr4sakV6iVYW0MFcOQ7+40=; b=pA/GPPSd+1sU7L+7RA702wp9clwV1VdOlvtKAG6nh8wUEKTlXYPaAoglMq/rPppT+L Av8u/OnL7F82Gb9VuF0Xoixz7rH98rCXlSHl5prMPPN2YcgADIGcsxStz/TVrm4QK+Mn KgP6iB93rnbflAL5ffCDllBLn23z1TS8bLAAOkgot0mAvmA5A33wg61Lj3xGunOrGxcl o0hdAPEWWbgDW8MrFprhkA1CoUL08KVPUMiDRZP7GpfZCqJ7gBPUMAV2BJFy9LRv3omZ xHD6dvMuG3ddasLQgLKmag32he7yuTzJkHQk3c/HXLMFxV3DjCnpem3lWkDX+wxnFTC0 8TMQ==
X-Gm-Message-State: APjAAAUUzmZqMUyBVYlwFFK6rtqaU9vs7WiJCLkVsrVixUzKsa4uhR0F u8Q20HvRcZrJAL/kKE5JW7XRKFH3xTZjtA==
X-Google-Smtp-Source: APXvYqw+091QvYkKyUGbCLYWKtp0mpiubqd6UgpRv61xrB1tuBlv4sB3eO+grTiLqGJrLEStd6sXxQ==
X-Received: by 2002:a37:8046:: with SMTP id b67mr16352246qkd.218.1583163385979; Mon, 02 Mar 2020 07:36:25 -0800 (PST)
Received: from ?IPv6:2601:18b:300:36ee:c461:a4d:14f9:1444? ([2601:18b:300:36ee:c461:a4d:14f9:1444]) by smtp.gmail.com with ESMTPSA id r198sm10359098qke.98.2020.03.02.07.36.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 02 Mar 2020 07:36:25 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <39ED5EBF-E633-4B97-9216-05C2C839ABD3@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_923B5983-760D-4DFE-AC4A-777ACE205DBC"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3622.0.6\))
Date: Mon, 02 Mar 2020 10:36:24 -0500
In-Reply-To: <20200302145539.GA568382@hephaistos.amsuess.com>
Cc: "core@ietf.org" <core@ietf.org>
To: Christian Amsüss <christian@amsuess.com>
References: <481f9820-bcea-af6a-d5c4-d713be24d43d@isode.com> <20191119125733.GA8007@hephaistos.amsuess.com> <c29e70d4-7d81-4c89-ad81-62a6132fb3df@www.fastmail.com> <4C059F03-BB42-498D-9B75-A08BEA274416@tzi.org> <20200302145539.GA568382@hephaistos.amsuess.com>
X-Mailer: Apple Mail (2.3622.0.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/MyUorAySzP2W30X44gSVhJ-YGk4>
Subject: Re: [core] DNS-SD service types for CoRE-RD (Re: AD review of draft-ietf-core-resource-directory-23)
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 15:36:28 -0000

On Mar 2, 2020, at 9:55 AM, Christian Amsüss <christian@amsuess.com> wrote:
> Do we have a meaningful way to deal with (D)TLS in DNS-SD at all? I'm
> only superficially familiar with the verification steps done on the host
> name, but as I understand, TLS typically authenticates the host name.

The first question you should ask is, what are you trying to protect by using DTLS.  Until you answer that question, you’re not going to make any progress.

v2.23.0 | Report a Bug | By Email