IETF Logo Mail Archive

Re: [dnssd] SRP: name conflict while not knowing which name conflicts

Esko Dijk <esko.dijk@iotconsultancy.nl> Fri, 23 September 2022 15:42 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55C99C14CE26 for <dnssd@ietfa.amsl.com>; Fri, 23 Sep 2022 08:42:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8VaHQVKZkfGC for <dnssd@ietfa.amsl.com>; Fri, 23 Sep 2022 08:42:48 -0700 (PDT)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2115.outbound.protection.outlook.com [40.107.249.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1DF5C14CF17 for <dnssd@ietf.org>; Fri, 23 Sep 2022 08:42:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l2Munf8BsOIQR+lyC0rQn0gYmVt2WrkMWdkLAr1Te+EuDNSaDoCDgMHcZcYb+PUdAqPEdtBX/GaG573QF4amQeIkmMC+4wvW7h/WxlIQLZnvc9a67ikNMpnIfkS/GFnUKb+3v2AlGasomHO6RAm7OVK6TYwDs+jIR92ClsHqFLwZeOCU8ti94RQ7HkvhFswzoy0+Tft2ype6QXKkUVwNMD1AE6bQREmFfgooGK/diUgVWuR/NFkfXaq6ROGUAUJ/KynvO3+g53My3jP0NyGazDjYHLsAv/Vdgnqv8p9BiJUfCor/Y2jbpqstmadO2RN758kPu9t+B3ZFAUU90g639Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LY9QgTHDPAKipxKuBz+UhDnntRuuu2BOyRfCqaMYkR4=; b=BLbf8qWk1t4OF3GNsy0ukkMoWw4MNKjfWdlvLsZvD+SwsZNhS8jHJJDBzGs1EgzbI0IxgY3CRi0pJxAQFKdDQktCXMOimPGvD/xwVEsF4KKetrLj7fgP+ap5d6FNup6M65c2N1rZ2lnlVKfUdnytgS8QJW55lH/obBovTz3v0dU+J6RATba4AraXIQ/JfbTHm/PHqTrOaQpdauDFkgdUk/MXrOX84SMSlb6APfnVgcwf58Uxmw5xHTj0ECoEMLqCa3Z/87r23B5HRUiIFUhCvgqRxW2XK0SbbGh00DFa19nNnFoUO/k5CTkkMc0ptsCwPy2pEHmm5JFnY25y9VDANw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LY9QgTHDPAKipxKuBz+UhDnntRuuu2BOyRfCqaMYkR4=; b=Mw3T0e8R+pOJZA+QWGGozD7iSzA4+ypLwm75iB1zcHVhLSnjVO9HUxlpXew5wMfMo+G5Qn9uegssNcW/IK/YkmB+tGC6ng1tYoLrGTD+g3fp0pYSgsIsEM1gSsRGWAyaajpXTPYQcEOqd6iAHPvYqCCcxqOg3dGiGVfuBgDYXn4=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by PR3P190MB1020.EURP190.PROD.OUTLOOK.COM (2603:10a6:102:85::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.20; Fri, 23 Sep 2022 15:42:42 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::b036:4614:bf67:fa75]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::b036:4614:bf67:fa75%7]) with mapi id 15.20.5654.019; Fri, 23 Sep 2022 15:42:42 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Ted Lemon <mellon@fugue.com>
CC: Kangping Dong <wgtdkp@google.com>, Tim Wicinski <tjw.ietf@gmail.com>, "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: [dnssd] SRP: name conflict while not knowing which name conflicts
Thread-Index: AdjPHqIATg123HiARwyZV43v62jckAAAdzAAAAFlfsAABEZUgAADLXOAAAH+EoAAAG6wYAAAMtiAAABz7oAAARveAAAAQUVQAAJZHAAAAK/swA==
Date: Fri, 23 Sep 2022 15:42:42 +0000
Message-ID: <DU0P190MB1978C9983DA1982AC70B2874FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <DU0P190MB19780211A2F50F5E66BCE005FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAJ5Rr7Ys+bmFiP9j3ebptBEZHXX+6rzkTRaFHr7_mmgVZb9sZQ@mail.gmail.com> <DU0P190MB1978E63F6C69807759C10FD0FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CADyWQ+EMf3XTLuZWupLNeGwQ8Gaqd-A7BvyAs4wK-fT7M5zk6Q@mail.gmail.com> <DU0P190MB19786D6BDA466AC9667087C9FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1k0si52gnCHz_A-coitbVG8AHovLaWpJXBaWiN3to0j+w@mail.gmail.com> <DU0P190MB19782E66596D8C646D5A3F89FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1kOLHnKkarjfuOeqRgS0Rz8n219Av37xbLxbakwHhS5-g@mail.gmail.com> <CADyWQ+Hzg44nbJ49PwwMsK9cPVXtao2aFeiDr7n0UyCt7JXj2A@mail.gmail.com> <CAPt1N1kUPKkSdfZj2P23fJ_2OQmRR3nQyE+O+Q90aV7qKDcHbw@mail.gmail.com> <DU0P190MB1978522CFB7784B2BA16C1F0FD519@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1mUYCyjakENUb460kEf07f0UdXoAtsLn1weHBKvaMWfOQ@mail.gmail.com>
In-Reply-To: <CAPt1N1mUYCyjakENUb460kEf07f0UdXoAtsLn1weHBKvaMWfOQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|PR3P190MB1020:EE_
x-ms-office365-filtering-correlation-id: 3800b227-7dfe-4439-e6bc-08da9d7a40d7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OSsiMFzSv8PfckuCphrynB4B7Kle4Ef8vnqOEnnY73nzkopqp49fdAVF+twG+A/E4lle/jGgEAOZdLW4+45bdJvkitrjYiH8CdprIoMzJ0VfDx56jw/7YmW2H9o3IY1R8d56mJQU3mkw1+rZSaYXmsIhncUbCPWrYeZ7vhJFLb1ix4XiHbCneOQam/5Qfc2bTm3BIV5cskKoyAFU/a/wZiWsuBTCEa+6YRoyNNvbDT1VrHk1rv4CZUDPfWzhicvMRUgwt4q5JgO+I0EbW31xVIw9gn9tHzLEQFmUngBINgM1xyCRCUS7o5teHMTgtfc//JVZN5X35Hf74NwjPKEaRcj5la/nVaA2TgffrEsBF5KjeCflOwV+BcCrxEyxPuzZDm5jV/TsNOLACnpHhUqBsw2OH74QlOnBbVSChmzRAr0LaenFIW+jM8ymus9VCkpRCUP+qDXkR/uU1rtQMC8ERx7Maqh8XfSP0WNBaN42dPDhCd9Sz3Kkvm9Y638nkveY7/nsu7pBhfCt7t06TGDOnYEis2a9ivLh6u25Tr0EbhEkUKzfaMhrdRkTwQSwuid0gH2Jc4CQwf8l8FooBxFvQHqA+wDWlee1+dFfRGIJTDGX537i9HZgmD1ONGjlQIOZokUA62uSBf21tFpjr83dO1fjJpApwwvz9UnWxwVEys/x5FgNP/O+IJQtJgrOotC+cE0mquLYaL1cNW0NOkEh22ZH5/nOSLJkZZefSESwX7qpo0RKzncvd/sF8nb6Qu5I61xTbzRSWxPnHePG/5zkTmRzCT1tV1GN6sNwIPgZjzQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(376002)(136003)(346002)(396003)(366004)(39830400003)(451199015)(966005)(71200400001)(52536014)(30864003)(44832011)(5660300002)(86362001)(8676002)(33656002)(76116006)(66556008)(66476007)(4326008)(41300700001)(66446008)(64756008)(66946007)(8936002)(54906003)(6916009)(316002)(478600001)(38070700005)(122000001)(55016003)(166002)(38100700002)(53546011)(186003)(6506007)(9686003)(7696005)(83380400001)(2906002)(66899012); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 2aBUaPAAklaeS1NrXAACsXxCkt5m20KHaqWegJ86QZNnkOVCHJHlWq6gJfzprK8s81DQP1nQ/S3rjpm4XsP+uRQZ1dkIS+lAyVMAv3Wwq9azvt+9tVn6IokL2nyAWyT+unc+6DvPLNv7JAoTh4UkHGnqptNvKWjqYhcSdRR8yM5AkvZLMJSBQocQjykvaDPdBohFxjkayJ53cYu8IsdkShpY0dfgEcdm15I7CI4BeRed6yMzA0JizZAgaHY/lqy9PtuLjgkK81Lt+CQMJ6ZRyRpCFeJEdhAXnoank89dZfTGJuomCd56eu+WTIun+XOnP+CnOJqYwoLQNio7e134ZW9bq5xtwo/bhQ8CHegV07tSfDwItE9NPdAB5X0X3i9j1wc52ZQvkWG7MRw+CEoxe9qj0BfBfnpkxjv4pi07WqRdjLQjpCBvtpGoz+d7OWBvcrfxJIQjIWQmPf8XegcDNvJ5GR+CLPl6DouMhkvj72+omMPso6ym6JpLE+4vQEQEgIlzk0kfA0VhFuApN33MMIx81LZw0MUEAT0YagNIbIHVp9skxZ8ZUqjNnS81XI1hTKF01r3sBYD/GRzvya8Rmvm9bFH7reqZHvYRHgEWjmENGOO+LSUVaBK6v/H0DstRe55qnPl+U7MUPpcrzdtDfNw4h96UNVLhs13g+RUFxNiU6w907XPGEvhK3zaiE1GhMbJ/Q61EFHzrHHFvfD/Wa+mbjeR6qU73ATYEGLXSfVfJRTfUMycCQGP1PJ1Rr5iidrqpIXZwUbS9B/UfjmnRnpWzgB6stYQDL0UAsvlQ+Cr8ljzVmO9A47qNbAfAlqlJAuad1H4PSAGBpPriiJiGQ1+BmhvJLr6WtInMntiIcMG+04s+Xi0th6txz1WXK5OiLW/JT2me/aTe1omdxk4Rif5xTV+dk+2aYFgrcO86BI2hLi4rJHb2uT99M2zz87x70Z6QRWVr/hO7ZK3MdvlN3Iv2+ZaFQpQRG99dKXnWxv0H3zwLp+/XMbMEpSKzXsoJPdfnEDT3TW/U00uhc6S8es6c7AHY8V1QiuHcxHrLzatEpD8IJSB/2ftDyQaGnKyte/v00bySM4yTFeKwWjOcWEl7ZBKjhcKEQku9H5B28M1Pi74bFSkMKKOmdnVannjypWgVBtiSfRIYCpEyjYES4LVRHgVnGpXbft7MajGBSiIsYY4kM/CQpSjuLPL8pJ8vap7euu8itIEuQzWMaZA0haoCcpuED3iGDZBlOT/GBxVxhCtGhdQdLJtjhrwSK98sIWnAubfhAEHT0bYZ42ih9q1Xn0ciJkxSoyJC4MfmQbci3qwYwvuqmTkIhZpmW8MpkxXh5YyWCkt4+LiWQuCofhrbLmLKMrsX9/vZhl6DNX5TygmgrMwqHh298Dk/DtqKo4fSOJXumw4GzjNi1epLpDvI9XT50UaYo++F5eKCmDXc3q3Xpm0t5AidbcHQAw9X+O6LXS6Thmbd560TieBh+Z+BgVbhO+IQWcR2CuDFmualSVNcm4VoKXCGxjTyi/Fa7b8dkto41NdaWms4UqCsVql0nRL3DwZKLRwgMCb0SJiX4wyrdo1bCb2OTHSjHe3QqeZSmh0lbSj1oM3WHUi7eJfJ1ZiuiM1HPJ1OS+3mf/KcMvIyqBF6FE5FRBqCggY6Theqp/Dk552/bu2xT5isOQ==
Content-Type: multipart/alternative; boundary="_000_DU0P190MB1978C9983DA1982AC70B2874FD519DU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 3800b227-7dfe-4439-e6bc-08da9d7a40d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2022 15:42:42.5652 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 7lacWRaGzADlIXZRORTO84BStiBjgRUcPMG6t0oH1gV65H/pI9rWheRY3tZKrBisRN4HdGsfS3JUFbx/ccM8tRYbag7TgJCNDfxFORIwdvA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P190MB1020
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/0fU13kV-jX0K94v18uUP0-RRFkY>
Subject: Re: [dnssd] SRP: name conflict while not knowing which name conflicts
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2022 15:42:52 -0000

> It took you ten paragraphs to explain what the client would do with this information
That was just explaining the benefits. Hence the more, the better. It’s just a perfect solution if you just want to be prepared for all possible futures with a minimum of effort and no nasty dependencies. It’s the equivalent of our local high school recommending yesterday for pupils to take the “STEM” profile in case they don’t know yet what future job to do because it leaves a maximum of options still open.  Only, less difficult to execute ;-)

But we can also do without solving this particular issue and avoid another WGLC – because we do have simple name-change solutions for the SRP client that work already (as you also indicated).  So if we foresee potential issues/complexity here maybe better leave it for a later time.

About the format definition: we already know how to include records into a DNS response so don’t agree to your point there. But true, it will take more than 1 sentence to explain such a new feature – maybe an entire subsection to do it right.

Can’t we just say the SRP client MUST be prepared to receive something in Additional records of YXDomain, whatever it is? Just to pave the way for our potential future new draft. (Otherwise the SRP client may ignore the response as “invalid” and not heed it.)
That would only be one sentence and requires no code.

Regards
Esko

From: Ted Lemon <mellon@fugue.com>
Sent: Friday, September 23, 2022 17:14
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: Kangping Dong <wgtdkp@google.com>; Tim Wicinski <tjw.ietf@gmail.com>; dnssd@ietf.org
Subject: Re: [dnssd] SRP: name conflict while not knowing which name conflicts

Eskimo, I beg to differ on the idea that this change is simple. It took you ten paragraphs to explain what the client would do with this information. We don’t know how to encode it in the response, so we have to invent that. We don’t have any implementations of it. So its a really big deal to suggest this change now, after WGLC. If this is important, I think someone who is interested should write up a draft proposing a solution and ask the WG to adopt it.

Adding this to SRP now will mean that SRP standardization will take about an additional year, if we move very fast. I don’t think this is remotely worth it.

Op vr 23 sep. 2022 om 10:24 schreef Esso Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>
Fully agree that we should not do the “renaming by the registrar” part. There’s some additional complexity implied by this and things that may break interoperability.

> the leftmost label in the service instance name is the same as the leftmost label in the hostname
This is how some implementations may work, but there’s many others that don’t. So we can’t make generic assumptions on naming choices.
In any case a smart SRP client that picks its names like this will simply rename both – no additional complexity for the client then.

Despite this, it is fairly simple if we say the SRP registrar SHOULD insert any conflicting record(s) that it knows about into the response. As I argued before, this doesn’t change any of the procedures we have defined in SRP so far.

And it leaves a great amount of freedom to implementations without apparent disadvantages, and without interop problems:

  *   A SRP client that doesn’t want to bother parsing the SRP Update response, can just ignore the Additional records in the YXDomain response. It can apply its strategy of “change both names” for example as discussed above.
  *   An SRP registrar that is on a constrained device, or just doesn’t want to bother, can include 0 Additional records (equivalent to saying “I don’t know what the conflict is”) which is acceptable too.
  *   An SRP registrar that is an existing implementation that people don’t want to change, is still compliant.
  *   An SRP client that is an existing implementation that people don’t want to change, is still compliant.  (Maybe it takes some more retries to get registered – but that’s no big problem.)
  *   If in the future an SRP client gets upgraded to a “smarter” client that can detect the conflicts enlisted in the YXDomain response, it may become more efficient. This upgrading is independent of servers’ upgrading or not.
  *   If in the future an SRP server gets upgraded to a “smarter” server that can returns conflicts in the YXDomain response, things may become more efficient. This upgrading is independent from clients’ upgrading or not.
  *   If the Matter approach to names wins and conflicts hardly occur for this reason, and hence no-one implements the conflicting-records feature, then nothing is lost – we just have a small bit of junk-DNA like text in the SRP RFC.

So the idea is to recommend returning known-conflict records FYI to the client and leaving the client free to pursue any naming strategy.

Esko



From: Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Sent: Friday, September 23, 2022 15:59
To: Tim Wicinski <tjw.ietf@gmail.com<mailto:tjw.ietf@gmail.com>>
Cc: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>; Kangping Dong <wgtdkp@google.com<mailto:wgtdkp@google.com>>; dnssd@ietf.org<mailto:dnssd@ietf.org>
Subject: Re: [dnssd] SRP: name conflict while not knowing which name conflicts

Okay, as I dig deeper into this, I'm realizing that things have changed /a lot/ since we had this conversation. First of all, for Matter accessories, name changes by the server are simply unacceptable. So the idea that we're going to signal back to the SRP client that we changed the name is no longer really necessary, because we aren't going to change the name. The current Apple Advertising Proxy implementation never does renaming.

If there is a name conflict, we report it, but we have done a /lot/ of work to avoid gratuitous name conflicts, and I think that that work is actually what we should be relying on here. Effectively what we've done is to make the advertising proxy look more like an authoritative name server, and as we agreed in the discussion Kangping found, we are never going to do this when the SRP server is an authoritative name server.

What we've done here is the TSR draft and the SRP replication draft. The TSR draft prevents gratuitous name conflicts when two advertising proxies are not doing SRP replication. The SRP replication protocol provides a way for multiple advertising proxies to sustain a consensus, so that conflicts don't occur. Between these two drafts (really, between their implementations) we no longer see renaming happening with our advertising proxies.

As we move more toward unicast DNSSD as the baseline, with mDNS as the exception, I think that the likelihood of conflicts will drop further.

My point is, do we really want to add this complexity in SRP? What is the problem we are trying to solve here? Most of the time, the way names are chosen is deterministic—the leftmost label in the service instance name is the same as the leftmost label in the hostname. And so if there is a name conflict on one, it's going to be on the other as well.

So what I think we should actually do is leave the document the way it is. Doing what we're talking about here will create a great deal of complexity in the client and in the server, at a very late stage in the development of the protocol, with no obvious benefit.

Thoughts?

On Fri, Sep 23, 2022 at 9:27 AM Tim Wicinski <tjw.ietf@gmail.com<mailto:tjw.ietf@gmail.com>> wrote:
How about just the name(s) attempted to register with that request which are in conflict?

I vote for being explicit on the minimum the SRP registar needs to do.

also, not a chair but write up all the text changes and make sure the WG has no issues with that.

On Fri, Sep 23, 2022 at 9:14 AM Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> wrote:
Okay. I ask because we should be explicit.

Chairs, how do you want to approach this? I think this is a WG consensus that I failed to put into the document, but we didn't last call on it, so I don't know that it's _actually_ consensus. Do we need a new WGLC?

On Fri, Sep 23, 2022 at 9:12 AM Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:
> So it can certainly respond with a list of the names on which it found conflicts, but the list might not be able to be made complete

I think it should respond at least with the names that it knows are in conflict (based on its internal database of SRP registrations for example). So, 0 or more records in the response.  Zero records is our current specified baseline.
An SRP registrar implementation that wants to put in more work can certainly do so – we don’t need to standardize here exactly what it should do for that.

Esko

From: Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Sent: Friday, September 23, 2022 14:56
To: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>
Cc: Kangping Dong <wgtdkp@google.com<mailto:wgtdkp@google.com>>; Tim Wicinski <tjw.ietf@gmail.com<mailto:tjw.ietf@gmail.com>>; dnssd@ietf.org<mailto:dnssd@ietf.org>
Subject: Re: [dnssd] SRP: name conflict while not knowing which name conflicts

Aargh. Thanks for catching this Eskimo, and thanks Kangping for remembering the conversation. I had completely forgotten, although I recall it now of course.

One problem with this approach is that it will not be the case that the SRP server necessarily knows all of the names that are in conflict. So it can certainly respond with a list of the names on which it found conflicts, but the list might not be able to be made complete without more work. Do we want to require it to do that work?

Op vr 23 sep. 2022 om 08:07 schreef Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>
Hi Tim,

> I don't think an update to 2136 is needed here, as section 2.2.3.1 describes the differences with an SRP registrations and 2136 Updates,
but this response should be tested against a DNS update response.

Clear, we can just add a bullet in 2.2.3.1 then as plain DNS Update isn’t updated by this draft.  What’s important then is that the server, when receiving a DNS Update that is not an SRP Update, will not use the new mechanism of including the conflicting record(s). Only do this for an SRP Update.
And for testing: do you mean sending the “new” type of YXDomain response to a plain DNS Update client and see what happens?  That seems not necessary if the SRP registrar is careful in using the “new” response format only for SRP clients.

Esko


From: Tim Wicinski <tjw.ietf@gmail.com<mailto:tjw.ietf@gmail.com>>
Sent: Friday, September 23, 2022 12:28
To: Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>>
Cc: Kangping Dong <wgtdkp@google.com<mailto:wgtdkp@google.com>>; dnssd@ietf.org<mailto:dnssd@ietf.org>; Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Subject: Re: [dnssd] SRP: name conflict while not knowing which name conflicts



On Fri, Sep 23, 2022 at 4:32 AM Esko Dijk <esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>> wrote:
Thanks Kangping,

It looks like including the conflicting name records in the Additional section is a good base solution and also easy to describe in the SRP draft, which does not impact the states & procedures of registrar and client.
It’s just additional helpful information the client may use to compose the retry Update.  The part about renaming by the registrar, on behalf of the client, seems more tricky and may impact states & procedures which were just WGLC-reviewed now.

If we use the Additional section for a YXDomain response, this may require a formal update of RFC 2136 (3.8) since DNS Update only allows a server to repeat all records in the (error) response or to exclude all records.

Esko


Esko,

I don't think an update to 2136 is needed here, as section 2.2.3.1 describes the differences with an SRP registrations and 2136 Updates,
but this response should be tested against a DNS update response.

Kangping, I believe this is your workflow description - I pasted it here to assist in my readings.

1. If a name has already been registered on the SRP server or a name conflict error is returned by the Advertising Proxy:
    the SRP server responds with the RR that includes the conflicted name.
    If the client sees such records, it knows the conflicts on the SRP server and will retry with a new name.

2. If a name conflict is reported to the SRP server after the SRP update transaction has been committed:
    The next time the SRP client registers, the SRP server responds with a CNAME record which includes the new name.
    If the client sees such records, it knows the conflict on the multicast link and will accept the name or retry with another name.

https://mailarchive.ietf.org/arch/msg/dnssd/cUJBXN9WXBguPKtTYgPYq4bo4pQ/

Tim

v2.23.0 | Report a Bug | By Email