IETF Logo Mail Archive

Re: [DNSOP] SIG(0) useful (and used?)

Ted Lemon <mellon@fugue.com> Wed, 20 June 2018 14:18 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68A55130F30 for <dnsop@ietfa.amsl.com>; Wed, 20 Jun 2018 07:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xhRO3LgENYG1 for <dnsop@ietfa.amsl.com>; Wed, 20 Jun 2018 07:18:17 -0700 (PDT)
Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3C8C130EEB for <dnsop@ietf.org>; Wed, 20 Jun 2018 07:18:16 -0700 (PDT)
Received: by mail-it0-x235.google.com with SMTP id 188-v6so5711579ita.5 for <dnsop@ietf.org>; Wed, 20 Jun 2018 07:18:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bjae1hF5YqgFfsb6YZnBxsVbPuFyNadoYf9hPth3eEk=; b=uLKYj4r3CMU++NuQYV8yX1v4bAWSimycmT+wJmGOvtjUO9efWJE5TOzeTeLXuWaePS Q2FS7DUjOcWxj6QLb4/SDBzpZGafUR1QvfS7wviywUVpMSzI6A/PwRJI0Qfq4I3x6JQ7 DtSF2peQAqX17DuPTK+HOb3ZGPTscHMM4uqQW7gqrltv5Lo+FiFRT6ij0WroZZiAaxnA zkn2tp5pU8aeO8VFhaM5TkhvvFaeGhZHU0/H7C9mVPRdtPhnkdMGMpi4oPh3GeL/wE9g Lx3tPn8YxU02zumXEwMEMSxPGea6kXZzENUk8mxVDuWUEqkILs8tGCnwbIYVydRBek36 uaZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bjae1hF5YqgFfsb6YZnBxsVbPuFyNadoYf9hPth3eEk=; b=tgzemnX/6oJp5d+uysn3OyjD8WwNWLs8zjUNZ5BRVdBHoZSWWF9w1M3zvms04lk3NW YHDmBoboCtKhqSNC3Ta/jChqg/BQnxceyCHsq9oV+nItZ0Zu17ku5r127i/4y6ENXhEI dba+wLSBplb2IsY5sQB6qfmBsSRrfN4ipTLUQdalQ8wi+7mL/l2/mbqpgvxbZCB3V8g9 x2AWoTDVxAWylvYGv37TwjgByt67FB7yHtLO2PL67bkJ1BXLw/+9VO2GxzNiqwornyQX NmWYr0AWZFpY86OmnGCjMXh2RhgZ/uKNYSb2ZeWHqNVCpfYZfNb1UXMrMqc/jx7+Hbat UR5g==
X-Gm-Message-State: APt69E2MvNmC9Atx4zcPtJOaFR72AMNbGs1cFumrLmIRd60UqUtp0z2a JQj4jMCH18Y6WIqlcpEbK3vucsNMLhDYQB4rEQMDFJVM
X-Google-Smtp-Source: AAOMgpfHM8vrOvGwLobB9Z5DeRwrA4JKtKBqiEfjnoOtUMiJSr60EzC7dX32PexLfWBAlTJRKrw3nLQkCd0zSiiMA3c=
X-Received: by 2002:a24:1249:: with SMTP id 70-v6mr1781119itp.82.1529504296242; Wed, 20 Jun 2018 07:18:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:5406:0:0:0:0:0 with HTTP; Wed, 20 Jun 2018 07:17:35 -0700 (PDT)
In-Reply-To: <87wout4s1a.fsf@miraculix.mork.no>
References: <6C8533C2-6510-4A0E-A7EA-50EB83E43A7D@isc.org> <CD6DB8C1-108A-433E-8CD9-34F549844D10@isc.org> <D7C0BCA9-A5E1-4168-9601-209DF8B2902A@isc.org> <87wout4s1a.fsf@miraculix.mork.no>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 20 Jun 2018 10:17:35 -0400
Message-ID: <CAPt1N1mQrKM=ju5kVzE0agaLQhZcjHX=fmcxNhuOAmbkGiN8Ug@mail.gmail.com>
To: Bjørn Mork <bjorn@mork.no>
Cc: Ondřej Surý <ondrej@isc.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000042ad6b056f137826"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iZSdrfnXAqp8RfmZN65h7lN5sPY>
Subject: Re: [DNSOP] SIG(0) useful (and used?)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jun 2018 14:18:30 -0000

You might get a kick out of this expired but soon-to-be-revived document in
DNSSD: https://tools.ietf.org/html/draft-sctl-service-registration-00

The principle is a bit different than what you're doing because there's no
DHCP (necessarily) involved, but otherwise it's the same basic idea.

On Wed, Jun 20, 2018 at 7:27 AM, Bjørn Mork <bjorn@mork.no> wrote:

> Well....  Mark did propose this many years ago:
> https://mailman.nanog.org/pipermail/nanog/2013-October/061619.html
>
> And based on that, I created a half-assed implementation using Net::DNS.
> Of course I never got around to polishing it up enough to actually put
> it into production. And definitely not to let the public see it...
>
> But it is still there on the TODO list in the back of my head, for one
> of those days when you suddenly have 20 hours to spare and nothing
> better to do.  Might happen.  You never know.  Or someone else will pick
> up the idea.  That's more likely, I guess.
>
> Anyway, I'd hate to see a potentionally useful feature like SIG(0) go
> away for no obvious gain.
>
>
>
> Bjørn
>
>
> Ondřej Surý <ondrej@isc.org> writes:
>
> > But if nobody uses that and nobody else implements this, it sort of
> beats the usefulness of the feature.
> >
> > Ondrej
> > --
> > Ondřej Surý — ISC
> >
> >> On 19 Jun 2018, at 23:20, Mark Andrews <marka@isc.org> wrote:
> >>
> >> SIG(0) is much superior for machines updating their own data  to TSIG
> as you don’t need a secondary storage for the TSIG key.   You can replace a
> master server without having to worry about transferring TSIG secrets off a
> dead machine. You just copy the zone from a slave and go.
> >>
> >> There are other scenarios where it is also superior like automaton
> delegating  In the reverse tree.
> >>
> >> No I don’t think it should go.
> >>
> >> It should be widely implemented so it can be used. There is a lot of
> self fulfilling prophecy in the DNS of people will never is this so we
> won’t implement it.
> >>
> >> --
> >> Mark Andrews
> >>
> >>> On 20 Jun 2018, at 06:48, Ondřej Surý <ondrej@isc.org> wrote:
> >>>
> >>> Hi,
> >>>
> >>> as far as I could find on the Internet there are only SIG(0)
> implementation in handful DNS implementations - BIND, PHP Net_DNS2 PHP
> library, Net::DNS(::Sec) Perl library, trust_dns written in Rust and
> perhaps others I haven’t found; no mentions of real deployment was found
> over the Internet (but you can blame Google for that)...
> >>>
> >>> Do people think the SIG(0) is something that we should keep in DNS and
> it will be used in the future or it is a good candidate for throwing off
> the boat?
> >>>
> >>> Ondrej
> >>> --
> >>> Ondřej Surý
> >>> ondrej@isc.org
> >>>
> >>> _______________________________________________
> >>> DNSOP mailing list
> >>> DNSOP@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/dnsop
> >>
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email