Re: [dnssd] The DNSSD WG has placed draft-sctl-service-registration in state "Call For Adoption By WG Issued"

Ted Lemon <> Thu, 12 July 2018 21:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6C0EF13119A for <>; Thu, 12 Jul 2018 14:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id F8dYg3RjkjHV for <>; Thu, 12 Jul 2018 14:33:10 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9D006130E18 for <>; Thu, 12 Jul 2018 14:33:10 -0700 (PDT)
Received: by with SMTP id l14-v6so19601374iob.7 for <>; Thu, 12 Jul 2018 14:33:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wJSGz8Q3w/rimRdcUFnzpUFhkLsOQF4e+h3OeEUFO9I=; b=uwc821Fo5k+TXRtxrEZCjhT5tj2cUPcsBKhBcz8Wm8H780bAfsCBMSdGVyub7FAc1e VSsFIjaVX7DSKgLtxK5BxMlp5tNEC3ufgqImJmZ/JgHN2OzFLgtdQmtMZajxOdQNMOGU 45kqKiJDvSzabz6Iu04JpqzljruFKhwIbDR/hOjAYDNQmXSXU/Xi99ZmvKoALuCcLuD5 OGDMhdqayFpTMOMR5rai8X9ervdWftQlT5Yn6XGAlAD9Z6rFLZOXphb9bcXv71nWIpgx jtDHThZOf3usXQ7KGK9U1iNE6vLmYqcrGtW0DLBXxABTarmHbKqi3legJZW6jIpfTFif AUYg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wJSGz8Q3w/rimRdcUFnzpUFhkLsOQF4e+h3OeEUFO9I=; b=ZlWYd34oFOqsxO7KTH3EYmrGdlP2biFqyMIUwqKJXn5aDvuTHWVVY6dIF3et4E1FuL Xb0M9QCvJnAi1IHYtwetg+1wzEV63ZUVX+NZ6tUC28rTsQ1O+Nyi4vZt9wHsUgIgWl2E qQI4M/e9M5pYE6nTUlyqnWY3Zlo+luLFozKX3KyfcdaZrOxRy9jKI2b+Ighpmehc0n1o lpplgkLP0rHnU+hGh4oEil49dzvnr5RcBt25qL3YWn1hUfRtOlNoTNZIfqej7VuzHHNv VK5R880x9h98UkC33q0LjSYztdG5L1ktwEyiwGHfvQjJ7kiNrVsw9KXed2houe/eEB65 0xDg==
X-Gm-Message-State: AOUpUlEfqUOiizbV5zHfdfNDVggHjAss8atG+HGARhSvgp2NA0oXjg21 TA989QzTQ391Rk8n/SIIciq1aaLLWuvNBi6OnNvHiA==
X-Google-Smtp-Source: AAOMgpde8Dwx0qxABDLW7C3J4pbGorFIp6jIu/M/aO1H7KHM0A2F77xRw2kKZe+dDUwh7IPIMXYF5XLbgdCrYztZcPY=
X-Received: by 2002:a6b:9d0b:: with SMTP id g11-v6mr30342888ioe.85.1531431189987; Thu, 12 Jul 2018 14:33:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:5f86:0:0:0:0:0 with HTTP; Thu, 12 Jul 2018 14:32:29 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Ted Lemon <>
Date: Thu, 12 Jul 2018 17:32:29 -0400
Message-ID: <>
To: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= <>
Cc: David Schinazi <>, dnssd <>
Content-Type: multipart/alternative; boundary="00000000000013de220570d41c53"
Archived-At: <>
Subject: Re: [dnssd] The DNSSD WG has placed draft-sctl-service-registration in state "Call For Adoption By WG Issued"
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 12 Jul 2018 21:33:12 -0000

Yes, this requires separate registrations for IPv4 and IPv6.   I think
that's okay.   What's a bit chancy is that it also means that if you have a
ULA and a GUA, you have to pick one, or do two updates.   As for NAT, I
think we have to assume that the network is not double-natted.   If it's a
homenet, that will be true.   If it's a campus network, that will be true.
 If it's a bunch of crappy routers plugged together, it's unlikely that
service registration will be available anyway, so we don't care.   Do you
buy that?   :)

On Thu, Jul 12, 2018 at 5:27 PM, Toke Høiland-Jørgensen <>

> Ted Lemon <> writes:
> > The only reason I think it would be a serious problem for a service to
> > register an IP address other than its own is that it could be used as
> > a way to wedge in an attack.
> Right. But if we want to protect against that we'd need to only allow
> registrations for the IP we are talking to; which means separate
> registrations for IPv4 and IPv6. And for v4 it would probably mean a
> requirement for on-link presence, since anything that is not on-link is
> likely to have at least one layer of NAT in-between...
> > The real sticky wicket is that you can't update two zones in the same
> > update, but that's not really what you were talking about.
> Ah, right, then it makes sense. I may have been ignoring this part of
> the spec in my implementation ;)
> -Toke