[DNSOP] Re: [v6ops] Re: [EXTERNAL] New Version Notification for draft-jens-7050-secure-channel-00.txt

Mark Andrews <marka@isc.org> Thu, 27 June 2024 18:12 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BFF0C14F6F7; Thu, 27 Jun 2024 11:12:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="eWAbh+oA"; dkim=pass (1024-bit key) header.d=isc.org header.b="QkkJiyqz"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PcbszxLKQG7J; Thu, 27 Jun 2024 11:12:07 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 22688C151069; Thu, 27 Jun 2024 11:12:06 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 74F713AB24D; Thu, 27 Jun 2024 18:12:06 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org 74F713AB24D
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1719511926; cv=none; b=UyMsueEDSX2Si2U/2a0Vd2cCZULMrNVSoVFgJYoi/RUtKhii09U1YQVpfpC2oTm2qefdasuxhjVOylzIzBCuRdVsIL2dQWLcseAwYSpKoED5yg1yAR4RGwY9fFBZFm6dRdIfoQScbrT3CmL0C+gv9OuA4+JxhytvfqcMocNMfco=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1719511926; c=relaxed/relaxed; bh=SeHjDrHPcUcMnVVqoO7lpRv2CG1WkoyXWAUHtLpRwZU=; h=DKIM-Signature:DKIM-Signature:From:Mime-Version:Subject:Date: Message-Id:To; b=fyJ3rYhHldhwBCEttURlN5UPvUptNilEbuXtRYDqv+/ltI1CguUnygQjkyBgqynJ295hHm3cvle7da7oJ+WfoIMJjgp07Vdtr59yS3bCUoJBZtUMte1MqaZLx4MuS1P38sHqScG3qjtOdMeXCgJHCfXiRCgCuPg9rzw1yIOK/qc=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org 74F713AB24D
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1719511926; bh=l45mJM5HJdU66/JbSa1DPXiebYm8jBsIBjYPXsVdnes=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=eWAbh+oALq/iwgsbrFUvlCZNDuAZgqhw/TUMu+OsrpOqdsjibkQJnpWwl0XEMx/Qv J625/aG7vOCMCmkJxkoJ40Ao3sKKz59yziNeMpOZ3cqka88DMz+mjy4DbeRPoPwGt2 QFgH5DZfJmK/al5h//SriNYTdDn+gXvOyZOFV9ug=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id 6E97B117076B; Thu, 27 Jun 2024 18:12:06 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id 466EE1170A22; Thu, 27 Jun 2024 18:12:06 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org 466EE1170A22
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1719511926; bh=SeHjDrHPcUcMnVVqoO7lpRv2CG1WkoyXWAUHtLpRwZU=; h=From:Mime-Version:Date:Message-Id:To; b=QkkJiyqzM+lBWl68cw78BqR9JLl7rH6M5Z5N5Rn9eJcoruhQVx8VdjsAQfX2HYxQd WYP/2iOSTIWaclBi4t7FkpiKwgUdqDJ4QvqNBIJaiMaY++PftgYcYdnSVdszNeQxG2 p5hcCoGpMlj1RF7wfCSFcg9cEbQfIP82cCU8KQz8=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id KjV4dLDs3KQA; Thu, 27 Jun 2024 18:12:06 +0000 (UTC)
Received: from smtpclient.apple (n49-187-18-238.bla1.nsw.optusnet.com.au [49.187.18.238]) by zimbrang.isc.org (Postfix) with ESMTPSA id 0027C117076B; Thu, 27 Jun 2024 18:12:05 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Mark Andrews <marka@isc.org>
Mime-Version: 1.0 (1.0)
Date: Fri, 28 Jun 2024 04:12:03 +1000
Message-Id: <32E66272-9908-49FF-BC4E-7F91D5202A38@isc.org>
References: <m1sMpWQ-0000LXC@stereo.hq.phicoh.net>
In-Reply-To: <m1sMpWQ-0000LXC@stereo.hq.phicoh.net>
To: Philip Homburg <pch-v6ops-13@u-1.phicoh.com>
X-Mailer: iPhone Mail (19H384)
Message-ID-Hash: OZBSVZM5BXYJ5UZC4FJREHMATZZ7XCFL
X-Message-ID-Hash: OZBSVZM5BXYJ5UZC4FJREHMATZZ7XCFL
X-MailFrom: marka@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: v6ops@ietf.org, dnsop@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [v6ops] Re: [EXTERNAL] New Version Notification for draft-jens-7050-secure-channel-00.txt
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LHydFSunvotp0XKNeIC8d49GOPM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

It sounds like a unified approach to opening sockets as it does all the work of filling out the sockaddr structure required to make the application work with different kernel configurations. 

getaddrinfo uses inet_pton internally.  You also don’t have to test command line inputs for address literals or have to worry about the different sockaddr elements on different OSs.

Now if you are passing raw peer address over the wire you can not use them directly. You need to use inet_ntop then getaddrinfo on the result but the application should have been doing that in case the kernel wanted to use mapped addresses exclusively anyway.
-- 
Mark Andrews

> On 27 Jun 2024, at 23:50, Philip Homburg <pch-v6ops-13@u-1.phicoh.com> wrote:
> 
> 
>> 
>> You use getaddrinfo
>> instead. That is the IPv6 way to handle address literals. That way
>> you get the mappings done for you.
> 
> That sounds like a rather poor approach. You never know which applications
> users want to run. And telling users that they have to replace inet_pton
> with getaddrinfo usually doesn't have a lot of effect.
> 
> RFC 3493 is also silent about a preference for using getaddrinfo over
> inet_pton when it comes to parsing IP address literals.