Re: [DNSOP] SRV-related _underscore registry (was Re: Call for Adoption: draft-crocker-dns-attrleaf)
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 01 March 2016 17:55 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 740231B30F8 for <dnsop@ietfa.amsl.com>; Tue, 1 Mar 2016 09:55:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.678
X-Spam-Level:
X-Spam-Status: No, score=-0.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, J_CHICKENPOX_14=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5-XVjvLs6rI for <dnsop@ietfa.amsl.com>; Tue, 1 Mar 2016 09:55:36 -0800 (PST)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED38B1B30F4 for <dnsop@ietf.org>; Tue, 1 Mar 2016 09:55:35 -0800 (PST)
Received: by mail-lf0-x229.google.com with SMTP id v124so25603492lff.0 for <dnsop@ietf.org>; Tue, 01 Mar 2016 09:55:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=M17RdEcNoUamKAPtQgrgxtg81rWBA5J30qRdPlWlAlE=; b=wojzv2KQLu3kOXEK83KQVIUcalWFp7DsVpofl2Me1Lhi+X9J113ifKPIcqX+/NqvuU X1v8kanp5rkysDL3EfU9KLR6Z5UeF1Gkjm7QdCz+YL1EoCiJoDXpRreaph0Vbs1NQt6L jO2eRzcn32FarI8nrhoqNj00+8KnM9lql4K7NUE174EOKOWMkL3znrQ3bRcOany4uUhx dn9ddzIKh1s1iWMmdTH2yW7Zn40vmGoNh6a+1G6/V6zMOzi6gs+6cmd3iD6Q8nNdFWpH nz5tk33YrfTpoLFsEK2JDWRPwI3e33Kh2bhVL8KEAEO3otntHuU5ZMlcoz2LL5WfsE9n iSkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=M17RdEcNoUamKAPtQgrgxtg81rWBA5J30qRdPlWlAlE=; b=EblAE6AbER/7sN33qZhekysaas9rDtyBf5tauE9ZiCscdRS/LEYtXo9kZN5OYr0QBi SwCTnIJt8gPHKhV1aUpLHElRuewU8i01g4c3N2BF/Ota0CVEu11H31DY0dGAI6ak2fQi 1V4db+JdueeWqaVnCp+GXi5cDqHgtdR7Hav9pd2wmXsNeAyYK1LdNTX/nJlmCtamX6NP wKHYnYpqmVASOSxtB/JVpCMCL7nAS80qukBGgMT0zrs8Td2ADLlnd/f3JSz5sSRPLeSc rxKVgp4bcBuKON+Emw0k4dCahgX3cGm24kSRMqO2JQsXx9/wLRFxJBv3TbQ+3t8qxqta AWkA==
X-Gm-Message-State: AD7BkJKxUkrB0w/4HyXkZbn7fZodwjPlEet9WfvW0iONDiXO72059fp5YznHCcNxD3gYyK7jFGGDSHo7uYXQLw==
MIME-Version: 1.0
X-Received: by 10.25.90.21 with SMTP id o21mr6683472lfb.166.1456854934121; Tue, 01 Mar 2016 09:55:34 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.151.67 with HTTP; Tue, 1 Mar 2016 09:55:34 -0800 (PST)
In-Reply-To: <56D5CA62.1030206@bellis.me.uk>
References: <20160301165633.71260.qmail@ary.lan> <56D5CA62.1030206@bellis.me.uk>
Date: Tue, 01 Mar 2016 12:55:34 -0500
X-Google-Sender-Auth: 3VEnNP872ueh-V5wkb6dsBNW76o
Message-ID: <CAMm+LwjJ0xe2wDW98JHJfV5jV3xTeuMNguU=rkqrZMzmei2iHA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Ray Bellis <ray@bellis.me.uk>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/AhuMc9LDusF-uDzcBlxBpcG_e10>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>, John Levine <johnl@taugh.com>
Subject: Re: [DNSOP] SRV-related _underscore registry (was Re: Call for Adoption: draft-crocker-dns-attrleaf)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2016 17:55:37 -0000
On Tue, Mar 1, 2016 at 11:59 AM, Ray Bellis <ray@bellis.me.uk> wrote: > > > On 01/03/2016 16:56, John Levine wrote: > >> If you take a look at that registry, it's a stroll down memory lane. >> You'll find NVP-II from RFC 741 in 1977, PUP and XNS-IDP from Xerox in >> 1980, and other great hits from networking history. >> >> I really doubt that people are going to ever publish _pup SRV records >> other than perhaps on April 1. > > Ok, let's turn that around then - are there entries in the existing > protocol registry that _should_ be reserved in the underscore registry, > "just in case" ? Its a bit more complicated. The _service._protocol approach in SRV is rather obviously a mistake. Given the function of SRV, the protocol tag should have been on the RIGHT hand side of the RR type, not the left. The choice of UDP or TCP should be an OUTPUT from the service discovery process, not an input. So while SRV and NAPTR and the TXT records are stuck using the two level approach, there is also a clear need for a meta-discovery record that only uses the service prefix. So lets say you were looking to find a mathematical mesh server (mmm). Using SRV discovery you might use: _mmm._tcp.example.com SRV 1 10 80 host1.example.com _mmm._tcp.example.com SRV 1 10 443 host2.example.com This is OK but its rather ugly. Does port 80 vs 443 entail the implicit use of TLS? If so what factors would determine the SSL trust anchor? What you would really want is for TLS to be a potential protocol selection like UDP vs TCP. Which is why it belongs on the right hand side: _mmm._tcp.example.com SRVR 1 10 TCP 80 host1.example.com _mmm._tcp.example.com SRVR 1 10 TLS 443 host2.example.com Sure we can write heuristics and maybe use some bits of DANE. But the result looks like an amateur hack because that is exactly what it is. Discussion of SRV discovery was verbotten in the DANE working groups by the chairs (don't blame me, I tried). And it is too late to make that work now. So if you were going to do a 'green field' discovery system using a 'New Discovery Record', you might do something like: _mmm.example.com NDR "t=tls,tcp p=http e=json r=MDFAE-7FBGM-LG5GK-JFIR6-QN4HO-7O3ZV" This is: 1) constraining the transport protocols to TCP or TLS. 2) specifying http as the presentation layer (e.g. vs COAP) 3) specifying json as the encoding (e.g. vs JSON-B or CBOR) 4) specifying that any cryptographic chain of trust must include the key with fingerprint MDFAE... A discovery mechanism using NDR would be the first request in the discovery chain. The client would then look at the service description string. That then tells the client to look for _mmm._tcp and _mmm._tls SRV records. The NDR record is deliberately free format because changing DNS servers is HARD, no really it is ridiculously hard with a ten year lag. Which is of course why we won't use a new record at all: _mmm._ndr.example.com TXT "t=tls,tcp p=http e=json r=MDFAE-7FBGM-LG5GK-JFIR6-QN4HO-7O3ZV" QED.
- [DNSOP] Call for Adoption: draft-crocker-dns-attr… Tim Wicinski
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… Paul Wouters
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… John Levine
- [DNSOP] SRV-related _underscore registry (was Re:… Dave Crocker
- [DNSOP] comments ( was Re: Call for Adoption: dra… Dave Crocker
- Re: [DNSOP] SRV-related _underscore registry (was… John R Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Ray Bellis
- Re: [DNSOP] comments ( was Re: Call for Adoption:… John Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… Warren Kumari
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… joel jaeggli
- Re: [DNSOP] comments ( was Re: Call for Adoption:… Paul Wouters
- Re: [DNSOP] SRV-related _underscore registry (was… Dave Crocker
- Re: [DNSOP] SRV-related _underscore registry (was… John Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Ray Bellis
- Re: [DNSOP] SRV-related _underscore registry (was… John Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Ray Bellis
- Re: [DNSOP] SRV-related _underscore registry (was… Dave Crocker
- Re: [DNSOP] SRV-related _underscore registry (was… John R Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker
- Re: [DNSOP] SRV-related _underscore registry (was… John Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker
- Re: [DNSOP] SRV-related _underscore registry (was… Mark Andrews
- Re: [DNSOP] old arguments unrelated to SRV-relate… John R Levine
- Re: [DNSOP] old arguments unrelated to SRV-relate… Mark Andrews
- Re: [DNSOP] old arguments unrelated to SRV-relate… Jared Mauch
- Re: [DNSOP] old arguments unrelated to SRV-relate… John R Levine
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker
- Re: [DNSOP] old arguments unrelated to SRV-relate… Mark Andrews
- Re: [DNSOP] Call for Adoption: draft-crocker-dns-… Dave Crocker
- Re: [DNSOP] SRV-related _underscore registry (was… Stuart Cheshire
- Re: [DNSOP] SRV-related _underscore registry (was… Phillip Hallam-Baker