[dnssd] Re: DNSSD: DNS-SD discovery for BRSKI and variations
Toerless Eckert <tte@cs.fau.de> Tue, 05 November 2024 13:14 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3B65C14F682; Tue, 5 Nov 2024 05:14:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.655
X-Spam-Level:
X-Spam-Status: No, score=-1.655 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fOVCpnfjbF-Z; Tue, 5 Nov 2024 05:14:32 -0800 (PST)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86274C14F61B; Tue, 5 Nov 2024 05:14:31 -0800 (PST)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [131.188.34.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4XjTM75LJtz1R6wq; Tue, 5 Nov 2024 14:14:27 +0100 (CET)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4XjTM74v2bzkxmN; Tue, 5 Nov 2024 14:14:27 +0100 (CET)
Date: Tue, 05 Nov 2024 14:14:27 +0100
From: Toerless Eckert <tte@cs.fau.de>
To: Chris Box <chris.box.ietf@gmail.com>, dnssd@ietf.org, dnssd-chairs@ietf.org
Message-ID: <ZyoaM3iz_LeizMnA@faui48e.informatik.uni-erlangen.de>
References: <ZxgqAHVI2sZn98QW@faui48e.informatik.uni-erlangen.de> <ZyoQt4ImuRAgJ59K@faui48e.informatik.uni-erlangen.de> <CACJ6M14gWMCgZBGiKH+7akH4+VUMeFmBomPLgRZdYAw7hJShOw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACJ6M14gWMCgZBGiKH+7akH4+VUMeFmBomPLgRZdYAw7hJShOw@mail.gmail.com>
Message-ID-Hash: 7V4LVKW5HMCUN6UDNR25GDOVM3Y3BDE7
X-Message-ID-Hash: 7V4LVKW5HMCUN6UDNR25GDOVM3Y3BDE7
X-MailFrom: eckert@i4.informatik.uni-erlangen.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnssd.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: evyncke@cisco.com
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dnssd] Re: DNSSD: DNS-SD discovery for BRSKI and variations
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/4YaMkiitNZMnn48LISgThmg67Z0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Owner: <mailto:dnssd-owner@ietf.org>
List-Post: <mailto:dnssd@ietf.org>
List-Subscribe: <mailto:dnssd-join@ietf.org>
List-Unsubscribe: <mailto:dnssd-leave@ietf.org>
Thanks, Chris
If the DNS-SD working group is not interested to understand (not even review )
an IETF WG draft which is primarily about how to apply DNS-SD in a scalable
way to an IETF suite of protocols, then i guess i have to ask the DNS-SD
area director how we would ever get DNS-SD expert review review of such a document.
Somewhat strange process....
Suggestions welcome.
Cheers
Toerless
On Tue, Nov 05, 2024 at 12:44:49PM +0000, Chris Box wrote:
> Toerless,
>
> The chairs agreed that we would only grant agenda time to this topic if we
> heard there was interest from working group members. As of this point,
> we've not seen any, so the current position is that it won't be on
> Thursday's agenda.
>
> If any list members want to amend that position, e.g. after seeing your
> slides, please let us know: dnssd-chairs@ietf.org
>
> Thanks
> Chris
>
> On Tue, 5 Nov 2024 at 12:34, Toerless Eckert <tte@cs.fau.de> wrote:
>
> > I've proposed slides for the topic to datatracker.
> >
> > These are the same slides as i'll use for ANIMA:
> >
> > https://datatracker.ietf.org/meeting/121/materials/slides-121-anima-04-brski-discovery-00
> >
> > except that i would of course concentrate @dnssd on the DNS-SD relevant
> > background,
> > details and questions, whereas the ANIMA presentation is focussing on the
> > diffs over IETF120
> > draft state. (yes, sorry, slide deck reuse is not ideal...).
> >
> > Cheers
> > Toerless
> >
> > On Wed, Oct 23, 2024 at 12:41:04AM +0200, Toerless Eckert wrote:
> > > Dear DNS-SD WG
> > >
> > > I was wondering if i could bother you folks in taking a look @ and
> > providing
> > > feedback suggestions 4 our ANIMA-WG draft:
> > >
> > > https://www.ietf.org/archive/id/draft-ietf-anima-brski-discovery-05.html
> > >
> > > This should have a couple of aspects of general interest to DNS-SD
> > enthusiasts, but
> > > also some new concepts.
> > >
> > > If there is interest, i would be happy to present about it at the
> > IETF121 DNS-SD WG meeting.
> > >
> > > BRSKI is the IETF ANIMA secure onboarding protocol for devices, where
> > > for resilience and automation its highly beneficial to discover
> > onboarding
> > > servers (registrars), and in the absence of full routing also proxies
> > for them.
> > >
> > > If this sounds boring, consider that unfortunately several industry
> > groups have diffeent
> > > opinions about protocol details, so we have ended up in a set of
> > variations of the
> > > protocol where not necessarily all servers are compatible with all
> > clients. So this
> > > draft introduces an extensible method to indicate supported variations
> > so clients
> > > can pick the right server. More importantly, proxies can discover all
> > possible
> > > variations even future ones and create appropriate proxy announcements.
> > >
> > > Of course, we want discovery to be fast and resilient, so there is also
> > text about the
> > > details how to select the best server based on prio & weight and time
> > out in case it's
> > > not responding. And how to optimize this in the face of having to do
> > this as a proxy
> > >
> > > If that's not annoying enough, then there is also no consensus on what
> > discovery protocol
> > > is the best, so we have to support DNS-SD, GRASP and CORE-LF... today,
> > tomorrow may be
> > > more, and i really don't want to see specs over specs written for a full
> > matrix, so the
> > > draft also attempts to reduce this problem into a cross-discovery
> > mechanism IANA registry,
> > > so that we hopefully can easily define extensions mostly only through
> > additional registrations
> > > in that registry. Which might also be a concept for other protocols with
> > similar interop issues.
> > >
> > > If thats' not enough, we also needed to discover client devices (which
> > we call pledges)
> > > via DNS-SD by their serial number, so we had to define a scheme by which
> > we do
> > > that, which is also described.
> > >
> > > So, if any of this sounds like an interesting application use of DNS-SD
> > that you'd
> > > like to check out as DNS-SD folks, please do so!
> > >
> > > Cheers
> > > Toerless
> > >
> >
> > --
> > ---
> > tte@cs.fau.de
> >
--
---
tte@cs.fau.de
- [dnssd] DNSSD: DNS-SD discovery for BRSKI and var… Toerless Eckert
- [dnssd] Re: DNSSD: DNS-SD discovery for BRSKI and… Toerless Eckert
- [dnssd] Re: DNSSD: DNS-SD discovery for BRSKI and… Chris Box
- [dnssd] Re: DNSSD: DNS-SD discovery for BRSKI and… Toerless Eckert