Re: [DNSOP] draft-tale-dnsop-edns-clientid

"Peter van Dijk" <peter.van.dijk@powerdns.com> Fri, 31 March 2017 14:14 UTC

Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B82981294CF for <dnsop@ietfa.amsl.com>; Fri, 31 Mar 2017 07:14:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2NTRSh7_-ynl for <dnsop@ietfa.amsl.com>; Fri, 31 Mar 2017 07:14:12 -0700 (PDT)
Received: from shannon.7bits.nl (shannon.7bits.nl [IPv6:2a01:1b0:202:40::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8A541294C4 for <dnsop@ietf.org>; Fri, 31 Mar 2017 07:14:12 -0700 (PDT)
Received: from [192.168.137.1] (unknown [IPv6:2001:610:666:0:4835:5d5f:ecfb:87d3]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: peter) by shannon.7bits.nl (Postfix) with ESMTPSA id DCB74C1B96; Fri, 31 Mar 2017 16:14:10 +0200 (CEST)
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: dnsop@ietf.org
Date: Fri, 31 Mar 2017 16:14:10 +0200
Message-ID: <17AD16C0-BF51-474F-A55F-F9E0606E6AA5@powerdns.com>
In-Reply-To: <66A7BAE6-20EA-4E8B-B943-218A6439B40A@senki.org>
References: <22745.38650.113925.208670@gro.dd.org> <DB1F2A9F-1473-49D7-B0A0-FBD077B09CF9@powerdns.com> <66A7BAE6-20EA-4E8B-B943-218A6439B40A@senki.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/vVROEb3xkM8K9l2mDxqcPdfElpg>
Subject: Re: [DNSOP] draft-tale-dnsop-edns-clientid
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Mar 2017 14:14:16 -0000

On 28 Mar 2017, at 21:56, Barry Raveendran Greene wrote:

>> On Mar 28, 2017, at 12:31 PM, Peter van Dijk 
>> <peter.van.dijk@powerdns.com> wrote:
>>
>> Please note that neither draft handles the use case of also passing 
>> the port number, which in a world of growing CGN deployment, may soon 
>> prove quite important.
>
> Can you elaborate?

Both drafts (xpf and clientid) allow the resolver to identify the client 
even if the IP header does not provide enough information for it. xpf 
does this for the case of a generic proxy, clientid does it for that 
case plus the case of a CPE that does NAT but can pass on the client’s 
MAC or another token, allowing the resolver to identify the individual 
device at the customer.

However, if the client to such a proxy is itself behind a CGN gateway, 
we may need both client IP + port number to identify the specific 
client. If the proxy only tells us the IP, we just know this might be 
any of a hundred different clients, because we do not have the port 
number that can help us distinguish these clients.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/