Re: [DNSOP] New Version Notification for draft-pusateri-dnsop-update-timeout-00.txt

Ted Lemon <mellon@fugue.com> Sun, 26 August 2018 19:42 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1974A130E26 for <dnsop@ietfa.amsl.com>; Sun, 26 Aug 2018 12:42:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXx6p2gFoWpi for <dnsop@ietfa.amsl.com>; Sun, 26 Aug 2018 12:42:53 -0700 (PDT)
Received: from mail-io0-x229.google.com (mail-io0-x229.google.com [IPv6:2607:f8b0:4001:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51E95130E19 for <dnsop@ietf.org>; Sun, 26 Aug 2018 12:42:53 -0700 (PDT)
Received: by mail-io0-x229.google.com with SMTP id y10-v6so11153272ioa.10 for <dnsop@ietf.org>; Sun, 26 Aug 2018 12:42:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=p4ia4pOjz+fdD4pkJ1NgF0cMdgkzpIgMXTk/TKubk9M=; b=FYHMUIjeWjkLUF7zVP/mbc9F8UM7WmdDWO7JuInHJRSVr2vZYT8HZL4YLDQ27Y/tde i5W0J2EPB1yAsR3wOEoJX8qNBSI1zEXRO9dZWqUuNJeheK70P8J8rp2vHicu+2uX6Db1 kzoHsxWIyNCAELRBxY1cSGgPt39TNGZRnh5YwZx4/uC40p4YqoNT4cTIKa9R03B+GAYV Tx1uNzJGdjNo2l+ZG7KgkmxdfKGH4/HCxD8L3LgbCQpJjs4KvNuzfqVEkF8S6pOkBD06 VKv+Knf64E7iVEp4tHxbLF/5p46DsjGspDFNDll5X7xLw/aR6aK1+FtpGbPuUz/sm7Lz C6Vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=p4ia4pOjz+fdD4pkJ1NgF0cMdgkzpIgMXTk/TKubk9M=; b=oKzYMjfgk8ySPASbWVfuMz4dMcQ1rEwyDK/Vq3RC2jToyZUDsnFHp4H1bR+uwPJ0y/ MNYUZm+z2JWLrFDrLPCWgK9144lUpu/5PqnCW0I/ippBXH1SRx4M6s78YPHY432K0g0D bH9g+fofvRiUPEpWClIRzIdlQ6b3q9wrYBQ/Kr3eO9DZa4RpCfRaIbF8V/R6+dGo4Ntn wW4jtfN8PnjALes3XMHCrc6VKksD9H1Ug2EyPA656N+hSoalBGSePn12rNeMRY587244 DjRaYzjXfV5ncS09RHCmhK5T6LYFMoPdenEilB42hnzSFB4kRimTVxAK43/iB8pAmcgR RPCw==
X-Gm-Message-State: APzg51BOisAo4TRizLXMvyubBf6UCPo2QorUlCv51Rifyc+uwZBmrp7R o8vCmCP1Bm+etGlmDxSqdeDB0587mafD/G090zT3uZTQ
X-Google-Smtp-Source: ANB0VdadlQZbZNO4EAuDuQPmGdnBoR/HccNO9sgrwzLx7NwOZmY3IyqWZZ1NdqIsYEZba+5Xu6mN0KgAjCJFOf2Xl1U=
X-Received: by 2002:a6b:9d0b:: with SMTP id g11-v6mr8519709ioe.85.1535312572390; Sun, 26 Aug 2018 12:42:52 -0700 (PDT)
MIME-Version: 1.0
References: <153507165910.12116.7113196606839876181.idtracker@ietfa.amsl.com> <AFB90F6F-5D99-4403-AAB6-1123727973E6@bangj.com> <5B7F5E07.5080100@redbarn.org> <7F91FFF7-71C3-4F8E-82CD-266B170983E0@bangj.com> <C0EE2719-B662-4231-AF51-D3B98B00AD0D@fugue.com> <6D607922-393D-4549-AAFA-49279C260CA4@bangj.com> <3C6100BD-62D6-41ED-B7BF-679F0D4E4113@fugue.com> <5063A32B-4877-4860-BA73-CCB068AB7FCB@bangj.com> <CAPt1N1=tXZNgT6ygAaLFfOMze7hbGZ6q_eN1C3iEo9ryBNcyLg@mail.gmail.com> <98EF2CAC-7C13-4E68-8D2B-EC0659EA9646@bangj.com> <CAPt1N1kFNY4=CUMsTvXmeRREeLAkY8xpBdw4vPDxujgke6QT8A@mail.gmail.com> <963460AA-14BB-44AA-87CA-7F09A707DB5D@bangj.com> <47AE41F8-9F5F-4CC8-B4F0-7E8191011E99@bangj.com> <F4335D3A-0241-437F-A428-8EA95F0A1C18@fugue.com> <56E8B2A6-7B65-4D25-B102-9EFA7E2CBE7B@bangj.com> <86D465A4-F390-4370-83EC-0E72FBE115BE@isc.org> <CAPt1N1=xy+JAtgvvF_+9LiTiefbpTy_Vd0b8gswozA1K1C57Nw@mail.gmail.com> <99FA0B76-D225-45FC-A33C-B65E2673A45E@isc.org> <CAPt1N1kp8Tg5tWEiDCMuMNTmehRsBSkkC1=u+RcvkG6ZCegE-g@mail.gmail.com> <977DF12E-178B-4500-B045-F27BF1CDF51C@isc.org> <CAPt1N1=cafnVmnNM2eSF67QbgRk8hUEAd2Gwuqx4OUehPZSmyQ@mail.gmail.com> <AC3FE6CF-CC11-44D3-8C50-BC19C295F001@bangj.com> <CAPt1N1ksyp1t_e9Qd4FTtTVsZr9+VDm11MR-jS9Oz8Kpz7J7AQ@mail.gmail.com> <9B4A76C4-3BA6-46EC-90EB-E78065FD8BD3@bangj.com> <CAPt1N1=o3KRa_X2KTuW1=KagOv1R0KM=QvT0QBf5YrOSWTr9mw@mail.gmail.com> <461B2749-E2A4-42B8-9FB3-824D96039423@bangj.com> <DEE0C8C8-5557-4D97-B3C8-6535F3EB3693@bangj.com>
In-Reply-To: <DEE0C8C8-5557-4D97-B3C8-6535F3EB3693@bangj.com>
From: Ted Lemon <mellon@fugue.com>
Date: Sun, 26 Aug 2018 15:42:15 -0400
Message-ID: <CAPt1N1knPwGFy38c0=xNT_mHwo=vQZmzqNJHc_=Oshcr1OH8sQ@mail.gmail.com>
To: Tom Pusateri <pusateri@bangj.com>
Cc: dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007f365f05745bd098"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/44lyjnGbJqZ8JaunPojcbV5A-a8>
Subject: Re: [DNSOP] New Version Notification for draft-pusateri-dnsop-update-timeout-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Aug 2018 19:42:56 -0000

You haven't specified how the hash is done, so I can't confirm the truth of
your assertion that it's straightforward. :)

The "only if there are multiple record types" bit doesn't actually help,
because I can't actually think of a case where it doesn't apply.   That is,
every RR will require a hash, as far as I can tell, in practice.

128 bits is 16 bytes—the size of an IPv6 address.   It's probably true that
that's shorter than the record in most cases, but I doubt it's enough
shorter to make a difference.   And we already know how to compare
records—we need that for update.

On Sun, Aug 26, 2018 at 1:58 PM Tom Pusateri <pusateri@bangj.com> wrote:

>
>
> On Aug 26, 2018, at 1:47 PM, Tom Pusateri <pusateri@bangj.com> wrote:
>
>
>
> On Aug 26, 2018, at 12:58 PM, Ted Lemon <mellon@fugue.com> wrote:
>
> On Sat, Aug 25, 2018 at 3:09 PM Tom Pusateri <pusateri@bangj.com> wrote:
>
>> I think I already agreed with you here.
>>
>> My main point was that the primary needs a database and it already has
>> one and probably doesn’t want another one. Because of the added benefit
>> that Paul points out with promoting a secondary to primary after an
>> extended outage, and the points that Joe makes about treating all records
>> the same, it seems logical to store the lease lifetime information as
>> actual resource records and transfer them to the secondary.
>>
>> FWIW, I think the database storage argument is actually the best argument
> for this proposal: we need a way to represent  the data structure on disk,
> and what we know how to store are RRs.
> That said, I think that it's worth asking the question of what the right
> format is, and not just assuming that it's a hash.
>
>
> Nice properties of the hash:
>
> 1. the length of the output value is consistent across varying input
> lengths of any RR type (128 bits in the case of the algorithm specified in
> the draft) making it easy to sequence through.
> 2. it’s independently verifiable between servers and across time on the
> same server
> 3. it’s independent of position of the RR it covers
> 4. it works the same for all existing RR’s as well as RR’s yet to be
> defined
>
> Other methods may share some of these properties but I’m just listing all
> of the ones I can think of.
>
>
> Also, remember the hash is only needed if there are multiple records types
> with the same owner name / class having different timeouts (including no
> timeout).
>
> So in the case of a unique name being added for a delegated address, the
> NO HASH value can be used and no hash needs to be calculated. In the case
> of both an IPv4 and IPv6 address being delegated and subsequently sending
> an UPDATE with the same owner name, as long as the lease time is the same,
> again, there is no need for the hash.
>
> If, however, an RRSIG is dynamically generated for the owner name, then
> the hash will be needed. (You won’t want to timeout RRSIGs but instead
> timeout the A/AAAA and then recalculate the RRSIG/NSEC/NSEC3/NSEC5 records.)
>
> Tom
>
>
>