Re: [DNSOP] New Version Notification for draft-pusateri-dnsop-update-timeout-00.txt
Ted Lemon <mellon@fugue.com> Mon, 27 August 2018 00:13 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFCE7130E03 for <dnsop@ietfa.amsl.com>; Sun, 26 Aug 2018 17:13:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trfwjFW_37gT for <dnsop@ietfa.amsl.com>; Sun, 26 Aug 2018 17:13:23 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB4C4130DD5 for <dnsop@ietf.org>; Sun, 26 Aug 2018 17:13:22 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id u13-v6so288688iti.1 for <dnsop@ietf.org>; Sun, 26 Aug 2018 17:13:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/4iZCpdiiV/SIXf1ut+BZtegkZ6K8prAg+tpd7uf6pg=; b=o2h2u+RxWWCOfx0Va8RqygYPYMiT3kt7PdUYPc6yc3WEX5lL0v25MpLMs14Vpt5C8s 1wVY7jnwogb+xAq2gON1xP2LNtuI+a0qwPyBGq9TY9I1Gc0EkhSWLKZ2aMoL4d1FUr// Q+GvS0KFmmgr0R607kpgAoDY4ULZVBwjz2bnVw4/2/1nhvy/06SlOYBayRaQIqGPetoy 3a0dQmOhGjNqqc7t7YxhP0VqYcl4mmg0fL4/6fgNFz7ryMRIBGYpT9Vp67cxaW6x51GX Ak4bgVdZs3m9lcZsARoCYZDsPAwKHLkBrQAJtK+iiJ9/YYvUlwuk9qFveoCjSbFSJObr 1FbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/4iZCpdiiV/SIXf1ut+BZtegkZ6K8prAg+tpd7uf6pg=; b=HQqNbM+9VXJd0fzdrJj9h2KivCcIUTjis7TP6I/SsYaYISgfRTjgYYSZgCyd49Z6W9 8ZpGVHBoEi0wo7HieWJLWH9LpiNgTgAwH1ktrRyJATNJOAmj8ItVAzFkWD5djfaxPGh+ B0C3/8UXXnEASRC7swkKzT5gIcDx56b/ohB5zLzZ1TtZLx8gcYF3aRo3r3LMSovbCXpg MadA8QcFlG8r+K/sMQkhkVn7BDwLEik0UBPYvTgkfnFO/qa77lqC+ySgSwG/e2x0qTy3 RxbyTMZ3HBgVLUY+xLUxH2xvSLJll6NBfprckoUk73ae2UzYPfvHdO2CmS0qtX8CBAYS K+Xw==
X-Gm-Message-State: APzg51D5U57MFoUQz+MCodpUL6TjGl0pqGF/RCG/bbr6wZPIfx5vvzuj x4g+MfubxTrXwqKszgnf21CKyv2eCwH2m4taLuZQicB8
X-Google-Smtp-Source: ANB0VdZ3LF/6BU//5X7WBZ9LknxYp0ddExArtWaa3FfM+hE+w067l6dES7KC8ByGkEqR8Xr1ofiKxDs9iz1Zl2OHgAE=
X-Received: by 2002:a02:9d45:: with SMTP id m5-v6mr8430974jal.72.1535328801654; Sun, 26 Aug 2018 17:13:21 -0700 (PDT)
MIME-Version: 1.0
References: <153507165910.12116.7113196606839876181.idtracker@ietfa.amsl.com> <AFB90F6F-5D99-4403-AAB6-1123727973E6@bangj.com> <5B7F5E07.5080100@redbarn.org> <7F91FFF7-71C3-4F8E-82CD-266B170983E0@bangj.com> <C0EE2719-B662-4231-AF51-D3B98B00AD0D@fugue.com> <6D607922-393D-4549-AAFA-49279C260CA4@bangj.com> <3C6100BD-62D6-41ED-B7BF-679F0D4E4113@fugue.com> <5063A32B-4877-4860-BA73-CCB068AB7FCB@bangj.com> <CAPt1N1=tXZNgT6ygAaLFfOMze7hbGZ6q_eN1C3iEo9ryBNcyLg@mail.gmail.com> <98EF2CAC-7C13-4E68-8D2B-EC0659EA9646@bangj.com> <CAPt1N1kFNY4=CUMsTvXmeRREeLAkY8xpBdw4vPDxujgke6QT8A@mail.gmail.com> <963460AA-14BB-44AA-87CA-7F09A707DB5D@bangj.com> <47AE41F8-9F5F-4CC8-B4F0-7E8191011E99@bangj.com> <F4335D3A-0241-437F-A428-8EA95F0A1C18@fugue.com> <56E8B2A6-7B65-4D25-B102-9EFA7E2CBE7B@bangj.com> <86D465A4-F390-4370-83EC-0E72FBE115BE@isc.org> <CAPt1N1=xy+JAtgvvF_+9LiTiefbpTy_Vd0b8gswozA1K1C57Nw@mail.gmail.com> <99FA0B76-D225-45FC-A33C-B65E2673A45E@isc.org> <CAPt1N1kp8Tg5tWEiDCMuMNTmehRsBSkkC1=u+RcvkG6ZCegE-g@mail.gmail.com> <977DF12E-178B-4500-B045-F27BF1CDF51C@isc.org> <CAPt1N1=cafnVmnNM2eSF67QbgRk8hUEAd2Gwuqx4OUehPZSmyQ@mail.gmail.com> <AC3FE6CF-CC11-44D3-8C50-BC19C295F001@bangj.com> <CAPt1N1ksyp1t_e9Qd4FTtTVsZr9+VDm11MR-jS9Oz8Kpz7J7AQ@mail.gmail.com> <9B4A76C4-3BA6-46EC-90EB-E78065FD8BD3@bangj.com> <CAPt1N1=o3KRa_X2KTuW1=KagOv1R0KM=QvT0QBf5YrOSWTr9mw@mail.gmail.com> <461B2749-E2A4-42B8-9FB3-824D96039423@bangj.com> <DEE0C8C8-5557-4D97-B3C8-6535F3EB3693@bangj.com> <CAPt1N1knPwGFy38c0=xNT_mHwo=vQZmzqNJHc_=Oshcr1OH8sQ@mail.gmail.com> <C273A347-C918-428F-9CB9-FBF9426F913A@bangj.com>
In-Reply-To: <C273A347-C918-428F-9CB9-FBF9426F913A@bangj.com>
From: Ted Lemon <mellon@fugue.com>
Date: Sun, 26 Aug 2018 20:12:45 -0400
Message-ID: <CAPt1N1mTSYcmaw3TpO1UnHA1r4CF2+BQR9UG-kSQaiTxGtk24g@mail.gmail.com>
To: Tom Pusateri <pusateri@bangj.com>
Cc: dnsop WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d697c505745f9793"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/KXvRMwzCyz29-d1Rf6iznfuL3lI>
Subject: Re: [DNSOP] New Version Notification for draft-pusateri-dnsop-update-timeout-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Aug 2018 00:13:26 -0000
The timeout *isn't* the same for DNSSD Registration Protocol. On Sun, Aug 26, 2018 at 5:42 PM Tom Pusateri <pusateri@bangj.com> wrote: > I actually think the hash won’t be needed as much as you think. If the > timeout is the same, even though the record types are different, you still > don’t need the hash. > > Is this straightforward? > > // > // main.c > // requires OpenSSL 1.1.1 or later > // > // Created by Tom Pusateri on 8/26/18. > // Copyright © 2018 !j. > // > // MIT LICENSE as specified here: https://opensource.org/licenses/MIT > // > > #include <stdio.h> > #include <string.h> > #include <openssl/evp.h> > > int main(int argc, const char * argv[]) { > EVP_MD_CTX *mdctx; > const EVP_MD *md; > char msg[] = "This is a test"; > unsigned char md_value[EVP_MAX_MD_SIZE]; > u_int md_len, i; > > > md = EVP_shake128(); > if (md == NULL) { > printf("Unknown message digest %s\n", argv[1]); > exit(1); > } > > > mdctx = EVP_MD_CTX_new(); > EVP_DigestInit_ex(mdctx, md, NULL); > EVP_DigestUpdate(mdctx, msg, strlen(msg)); > EVP_DigestFinal_ex(mdctx, md_value, &md_len); > EVP_MD_CTX_free(mdctx); > > > printf("Digest is: "); > for (i = 0; i < md_len; i++) > printf("%02x", md_value[i]); > printf("\n"); > > > exit(0); > } > > > On Aug 26, 2018, at 3:42 PM, Ted Lemon <mellon@fugue.com> wrote: > > You haven't specified how the hash is done, so I can't confirm the truth > of your assertion that it's straightforward. :) > > The "only if there are multiple record types" bit doesn't actually help, > because I can't actually think of a case where it doesn't apply. That is, > every RR will require a hash, as far as I can tell, in practice. > > 128 bits is 16 bytes—the size of an IPv6 address. It's probably true > that that's shorter than the record in most cases, but I doubt it's enough > shorter to make a difference. And we already know how to compare > records—we need that for update. > > On Sun, Aug 26, 2018 at 1:58 PM Tom Pusateri <pusateri@bangj.com> wrote: > >> >> >> On Aug 26, 2018, at 1:47 PM, Tom Pusateri <pusateri@bangj.com> wrote: >> >> >> >> On Aug 26, 2018, at 12:58 PM, Ted Lemon <mellon@fugue.com> wrote: >> >> On Sat, Aug 25, 2018 at 3:09 PM Tom Pusateri <pusateri@bangj.com> wrote: >> >>> I think I already agreed with you here. >>> >>> My main point was that the primary needs a database and it already has >>> one and probably doesn’t want another one. Because of the added benefit >>> that Paul points out with promoting a secondary to primary after an >>> extended outage, and the points that Joe makes about treating all records >>> the same, it seems logical to store the lease lifetime information as >>> actual resource records and transfer them to the secondary. >>> >>> FWIW, I think the database storage argument is actually the best >> argument for this proposal: we need a way to represent the data structure >> on disk, and what we know how to store are RRs. >> That said, I think that it's worth asking the question of what the right >> format is, and not just assuming that it's a hash. >> >> >> Nice properties of the hash: >> >> 1. the length of the output value is consistent across varying input >> lengths of any RR type (128 bits in the case of the algorithm specified in >> the draft) making it easy to sequence through. >> 2. it’s independently verifiable between servers and across time on the >> same server >> 3. it’s independent of position of the RR it covers >> 4. it works the same for all existing RR’s as well as RR’s yet to be >> defined >> >> Other methods may share some of these properties but I’m just listing all >> of the ones I can think of. >> >> >> Also, remember the hash is only needed if there are multiple records >> types with the same owner name / class having different timeouts (including >> no timeout). >> >> So in the case of a unique name being added for a delegated address, the >> NO HASH value can be used and no hash needs to be calculated. In the case >> of both an IPv4 and IPv6 address being delegated and subsequently sending >> an UPDATE with the same owner name, as long as the lease time is the same, >> again, there is no need for the hash. >> >> If, however, an RRSIG is dynamically generated for the owner name, then >> the hash will be needed. (You won’t want to timeout RRSIGs but instead >> timeout the A/AAAA and then recalculate the RRSIG/NSEC/NSEC3/NSEC5 records.) >> >> Tom >> >> >> _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > >
- [DNSOP] Fwd: New Version Notification for draft-p… Tom Pusateri
- Re: [DNSOP] Fwd: New Version Notification for dra… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Paul Vixie
- Re: [DNSOP] Fwd: New Version Notification for dra… Mark Andrews
- Re: [DNSOP] Fwd: New Version Notification for dra… Ted Lemon
- Re: [DNSOP] Fwd: New Version Notification for dra… Ted Lemon
- Re: [DNSOP] Fwd: New Version Notification for dra… Tom Pusateri
- Re: [DNSOP] Fwd: New Version Notification for dra… Ted Lemon
- Re: [DNSOP] Fwd: New Version Notification for dra… Joe Abley
- Re: [DNSOP] Fwd: New Version Notification for dra… Tom Pusateri
- Re: [DNSOP] Fwd: New Version Notification for dra… Tom Pusateri
- Re: [DNSOP] Fwd: New Version Notification for dra… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… John Levine
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Paul Vixie
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Ted Lemon
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Mark Andrews
- Re: [DNSOP] New Version Notification for draft-pu… Tom Pusateri