Re: [DNSOP] [Ext] Reserved field in draft-wessels-dns-zone-digest-04.txt
"Wessels, Duane" <dwessels@verisign.com> Sun, 04 November 2018 04:05 UTC
Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1903512777C for <dnsop@ietfa.amsl.com>; Sat, 3 Nov 2018 21:05:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iAU4YwPqxDX0 for <dnsop@ietfa.amsl.com>; Sat, 3 Nov 2018 21:05:49 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 831D0130DCB for <dnsop@ietf.org>; Sat, 3 Nov 2018 21:05:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=7691; q=dns/txt; s=VRSN; t=1541304350; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=K1Al2HJl0X/B4fObQPxGbuY1A/v6CECxzNAUhXPzbNE=; b=kvfUbzDMDU0BqufOPFfmOp1wPw4aoV+Wk0/MyjXZ8cHziYpFn9QKUTIG qhgxgsvioaG+10pSoJc76UXIin2ACelqbqkhvbDJaovbShg+haQCIKzO8 LbYDwHyUkSIsSBYRgTm7G4BxsHHguV39IaFSOz+bbiFwGtw3ORQWBt9VL xG0pJn7iBvJtTBa3XCzOFMhG01lzyZLdnCuFlUvlXjIiagz5KXUFwguTr YpHXuIWjpAlpvc+2WJvp34BIlTGnb5q+7x20NAYDqKuHctpKDQlEiHCl/ du5H5aDK+E0tGhr+mAzRKY6U7vOmJoakyrtcQPd9AcBu3kvaND5MWRqhP Q==;
X-IronPort-AV: E=Sophos; i="5.54,462,1534809600"; d="p7s'?scan'208"; a="6781030"
IronPort-PHdr: 9a23:fuy5BBR7nEHaE5rtMz8xqX634Npsv+yvbD5Q0YIujvd0So/mwa67ZBaCt8tkgFKBZ4jH8fUM07OQ7/i/HzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba9wIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KpwVhTmlDkIOCI48GHPi8x/kqRboA66pxdix4LYeZyZOOZicq/Ye94RWGhPUdtLVyFZAo2ycZYBD/YPM+hboYnypVoOogexCgS3C+Pj1jpIi2Xq0aEmzegsFxzN0gw6H9IJtXTZtNv5O6cMXuCu16nH0zHDb+hO1Tzg5obIbwouofeSUr5+bMHczlQgFg3bgVWLsozqITeV1v8WvmiF8eVgT+Ovi3UmqwF+pDij3Nsjio7Mho8MzF3P6Ct3wIEwJdKiSU57Z8apEJRRtyGGN4t2X9gtT3t0tyY9z70Lv4OwcisSyJk/2hLTd+aLf5WK7x/tTuqdPDd1iXx/dL+whBu+6VWsxvHmWsWp0ltGsjBJnsTDu30OzRDf98uKRuNz/ki/2juDywXe5+ReLk03kafUMJssz7AumpUOsEnOGzT5lUH3gaKUc0gp9Oal5ub6bbjgu5SSLZV7ihvkPaQrgsG/BOM4PRUQUGWD4uS80aHj/VX+QLVXkv06iqnZv47eJcQcvqO0HhNb3J4+5xm/Fzmo39UXkWUaIF5fZhKIk4/pO0vWIPziF/iwnk6gkClxx/DdOL3tGInCLn/GkLv5fLZ97VBTyBYrwNxC+55YEKwNLfD9V0PrqdDVDhE0Pxa7zuvkENl905kRWWOLAq+XKqPStlqI6/oyLOiCeoAVoy39JOYh5/71lnI5h0ESfbOo3ZsMaXC4EfJmL1+Fbnrrh9cNCX0KsRYmTOz2lF2CViZeZniwX6I84DE7E5+qAJzDRo+3mryOwT20Hp5IaWBcEVCAC3HoeJuYW/0UciKdPtdhkiAYVbimU4IhzQuhtBL+y7Z9LurU/SMYtZzm1Ndv4e3ejhAy+iBuAMSb1WGBVWZ0nnkHRzUuxqBwvVR9ykuf0ah/m/FXCNpT5+hOUgciLpPczvJ1C8z8Wg7bedeJUlmmEZ2aBmQOQ8l549YUb09+Fs/q2g/B3yyxWpcVnqaHDZ856Lma2XXtcZVT0XHDgeMegkI9T89UcSWKm6d5+kKbU4LWnl6CmqKxXboRxi/W9WiFi2GJuRcLA0ZLTazZUCVHNQPtptPj6xaHFuf2BA==
X-IPAS-Result: A2EcAADsbt5b/zCZrQpjHAEBAQQBAQcEAQGBUQcBAQsBgmqBJwqMBI4jly2BPzsIBAEjC4Q+AoNhNA0NAQMBAQEBAQECAQECgQUMgjYkAQsESzswAQEBAQEBAQEBAQEBAQEBGgINYwEBAQECAWwNBQsCAQgOCi4CMCUCBA4FDoMTAYF5F6d4hTyETAoFgm2JIIFCPoERJx+CTIMbAoUWgiYCiQ6VUFQDBgKEF4FwZYo7kGCNCIoXAgQCBAUCFIFDgg5wFTsqAYJBgiYYEoM3ilJvjGqBHwEB
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1531.3; Sun, 4 Nov 2018 00:05:44 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1531.003; Sun, 4 Nov 2018 00:05:44 -0400
From: "Wessels, Duane" <dwessels@verisign.com>
To: Wes Hardaker <wjhns1@hardakers.net>
CC: Paul Hoffman <paul.hoffman@icann.org>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] Re: [DNSOP] [Ext] Reserved field in draft-wessels-dns-zone-digest-04.txt
Thread-Index: AQHUcz8yx3DM3gbwSkixkqsHED6UGqU/VKKA
Date: Sun, 04 Nov 2018 04:05:44 +0000
Message-ID: <4A093ABC-3AE4-4E70-B24C-E27447D66DDE@verisign.com>
References: <154020795105.15126.7681204022160033203@ietfa.amsl.com> <3AED6137-0957-4EEE-B317-7178B00AB7CF@icann.org> <528A0D4B-B06F-42A6-B133-39E96FD5C902@verisign.com> <C3B46772-A0C9-4DB6-B403-E6F7ED8D4EF9@icann.org> <yblpnvmvfep.fsf@wu.hardakers.net>
In-Reply-To: <yblpnvmvfep.fsf@wu.hardakers.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/signed; boundary="Apple-Mail=_62C78FCA-D4DB-4A9E-9A38-923A8F02212E"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/wik_9IR_lzEfZwN63r89OKI1k-0>
Subject: Re: [DNSOP] [Ext] Reserved field in draft-wessels-dns-zone-digest-04.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2018 04:05:52 -0000
> On Nov 3, 2018, at 1:33 PM, Wes Hardaker <wjhns1@hardakers.net> wrote: > > Paul Hoffman <paul.hoffman@icann.org> writes: > >> From the earlier list discussion and your presentation at DNS-OARC, >> processing dynamic zones is hard, and you might make different choices >> based on different amounts of dynamicness (dynamicity?). This should >> cause developers concern about implementing ZONEMD now because there >> will be an expectation that they will have to implement the changes in >> the future. > > I also look at it in terms of implementation complexity and where in the > code base decisions are made. EG, if you have different RRTYPEs for > signaling things, then the logic is straight forward: > > if (rrtype == ZONEMD) { > do_ZONEMD_stuff(); > } else if (rrtype == ZONEMDMERKLE) { > do_fancy_new_hashtree_stuff(); > } ... > > On the other hand, with a reserved field we end up here: > > if (rrtype == ZONEMD) { > do_ZONEMD_stuff(); > } ... > > > do_ZONEMD_stuff() { > if (reserved_field != 0) { > do_fancy_new_hashtree_stuff(); > } else { > do_ZONEMD_stuff(); > } > } > > Now, if do_ZONEMD_stuff() and do_fancy_new_hashtree_stuff() are likely > to be sufficiently different in implementation (and I suspect they will > be), then the first code above with two RRTYPEs is likely to be > cleaner. The only advantage gained in the second type is if you can put > the brunt of the code for both do_fancy_new_hashtree_stuff() and > do_ZONEMD_stuff() pretty much inline because there is sufficient > overlap. > > It's hard to predict what the best route is advance without knowing now > how much the resulting double implementation will overlap. So there is an implementation of ZONEMD, and even an implementation of "fancy hashtree stuff". You can find it at https://github.com/verisign/ldns-zone-digest One of the reasons I think the variable-depth hash tree is attractive is because when depth = 0 then it simplifies exactly to the case as though there is no fancy hashtree. In my proof-of-concept implementation, most of the added complexity from fancy hashtree stuff comes in the form of how the zone data is stored. For example: #if !ZONEMD_INCREMENTAL ldns_rr_list *the_rrlist = 0; #endif #if ZONEMD_INCREMENTAL typedef struct _zonemd_tree { unsigned int depth; unsigned int branch; // only for debugging? ldns_rr_list *rrlist; struct _zonemd_tree *parent; struct _zonemd_tree **kids; unsigned char digest[EVP_MAX_MD_SIZE]; bool dirty; } zonemd_tree; #endif But the actual digest calculation is not that much more complex for fancy hashtree sutff, IMO. The only difference is what you feed as input to the hash function. At the non-leaf nodes the input is hash values of the child nodes. At the leaf nodes the input is the RRs wire format data. DW
- [DNSOP] I-D Action: draft-wessels-dns-zone-digest… internet-drafts
- Re: [DNSOP] I-D Action: draft-wessels-dns-zone-di… Bob Harold
- [DNSOP] Reserved field in draft-wessels-dns-zone-… Paul Hoffman
- Re: [DNSOP] I-D Action: draft-wessels-dns-zone-di… Wessels, Duane
- Re: [DNSOP] Reserved field in draft-wessels-dns-z… Wessels, Duane
- Re: [DNSOP] Reserved field in draft-wessels-dns-z… Joe Abley
- Re: [DNSOP] [Ext] Reserved field in draft-wessels… Paul Hoffman
- Re: [DNSOP] I-D Action: draft-wessels-dns-zone-di… Bob Harold
- Re: [DNSOP] I-D Action: draft-wessels-dns-zone-di… Paul Wouters
- Re: [DNSOP] I-D Action: draft-wessels-dns-zone-di… Wessels, Duane
- [DNSOP] review: draft-wessels-dns-zone-digest-04.… Joe Abley
- Re: [DNSOP] I-D Action: draft-wessels-dns-zone-di… Paul Wouters
- Re: [DNSOP] review: draft-wessels-dns-zone-digest… Wessels, Duane
- Re: [DNSOP] review: draft-wessels-dns-zone-digest… Joe Abley
- Re: [DNSOP] review: draft-wessels-dns-zone-digest… Richard Gibson
- Re: [DNSOP] review: draft-wessels-dns-zone-digest… Joe Abley
- Re: [DNSOP] review: draft-wessels-dns-zone-digest… A. Schulze
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Paul Hoffman
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Joe Abley
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Paul Hoffman
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Bob Harold
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Brian Dickson
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Joe Abley
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Paul Hoffman
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Brian Dickson
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Joe Abley
- Re: [DNSOP] [Ext] review: draft-wessels-dns-zone-… Brian Dickson
- Re: [DNSOP] [Ext] Reserved field in draft-wessels… Wes Hardaker
- Re: [DNSOP] [Ext] Reserved field in draft-wessels… Wessels, Duane