Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt

Mark Andrews <marka@isc.org> Thu, 06 February 2014 05:44 UTC

Return-Path: <marka@isc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38FDD1A02B2 for <dane@ietfa.amsl.com>; Wed, 5 Feb 2014 21:44:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.515
X-Spam-Level:
X-Spam-Status: No, score=-1.515 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_HEADERS=1.021, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6XuWrW9RNX2Q for <dane@ietfa.amsl.com>; Wed, 5 Feb 2014 21:44:29 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 063BF1A01A9 for <dane@ietf.org>; Wed, 5 Feb 2014 21:44:29 -0800 (PST)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id DE0B9C94AC; Thu, 6 Feb 2014 05:44:15 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1391665468; bh=etCakLgonVhJq4h/kc+Xuac4kKQNzT38TUx/diXhmwI=; h=Cc:From:Subject:In-reply-to:Date; b=UnVC6Whhdz0mAoz7sHjH21nRZBYsj+J0BECb4MkClvas9f2TEMMtNIH+FFcQ5IgpE AcEAcuSCjJXHZ9xy4sBOzzE/A4WRj3sTk7b+hlpmvXNh2PHQQ/dJN+HRNNq57zDSEs ctvwOlFK8R/1mY3O50CH9QzAvVwFAXI86lXtcjLg=
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP; Thu, 6 Feb 2014 05:44:15 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id A3F9E16000C; Thu, 6 Feb 2014 05:44:55 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id 71133160008; Thu, 6 Feb 2014 05:44:55 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 84BC0E8798A; Thu, 6 Feb 2014 16:44:13 +1100 (EST)
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Thu, 06 Feb 2014 16:23:43 +1100."
Date: Thu, 06 Feb 2014 16:44:13 +1100
Message-Id: <20140206054413.84BC0E8798A@rock.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: dane@ietf.org
Subject: Re: [dane] I-D Action: draft-ietf-dane-smime-03.txt
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2014 05:44:30 -0000

Mark Andrews writes:
> 
> In message <20140206044440.GI21114@mx1.yitter.info>fo>, Andrew Sullivan writes:
> > On Thu, Feb 06, 2014 at 04:31:38AM +0000, Viktor Dukhovni wrote:
> > > I must plead ignorance of the obstacle, what do you have in mind?
> > 
> > I am repeatedly informed by my man pages, RFC 3493, and every web
> > browser implementer I've ever spoken to that getting the TTL on an RR
> > coming to you from the system resolver is hard.  I'd be more delighted
> > than I can express to be misinformed, so if you know otherwise please
> > say so.
> 
> And I say BS.  If you are using a layer above the resolver
> (gethostbyname, getaddrinfo) yes it may be hard but for TLSA *there
> is no layer above the resolver*.
> 
> libresolv/libbind have provided access to the TTL since the 1980's.
> 
> Even Microsoft Windows programmers don't have a excuse as DnsQuery
> returns the ttl in its results.
> 
> http://msdn.microsoft.com/en-us/library/windows/desktop/ms682016(v=vs.85).asp
> x

And as for getaddrinfo/RFC 3493, the api was designed to be extendable.
We should just extend it to return the ttl.  Something like the following
would do.

e.g.

In <netdb.h>
struct addrinfo {
  int     ai_flags;     /* AI_PASSIVE, AI_CANONNAME,
                           AI_NUMERICHOST, .. */
  int     ai_family;    /* AF_xxx */
  int     ai_socktype;  /* SOCK_xxx */
  int     ai_protocol;  /* 0 or IPPROTO_xxx for IPv4 and IPv6 */
  socklen_t  ai_addrlen;   /* length of ai_addr */
  char   *ai_canonname; /* canonical name for nodename */
  struct sockaddr  *ai_addr; /* binary address */
  struct addrinfo  *ai_next; /* next structure in linked list */

  /* RFC XXXX */
#define AI_TTL 1
#define AI_NOTTL 0xffffffffu		/* No TTL available */
  unsigned int	ai_ttl;	/* DNS TTL */
};

In the application

	unsigned int ttl;

#ifdef AI_TTL
	if (addrinfo->ai_ttl == AI_NOTTL)
		ttl = addrinfo->ai_ttl;  
	else
#else
		ttl = 0;
#endif

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org