Re: [dnssd] Working group last call for draft-ietf-dnssd-push
Ted Lemon <mellon@fugue.com> Sat, 27 October 2018 01:45 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3DAA130DC1 for <dnssd@ietfa.amsl.com>; Fri, 26 Oct 2018 18:45:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMmW56NGO9ZF for <dnssd@ietfa.amsl.com>; Fri, 26 Oct 2018 18:45:32 -0700 (PDT)
Received: from mail-qt1-x835.google.com (mail-qt1-x835.google.com [IPv6:2607:f8b0:4864:20::835]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00B0B1294D0 for <dnssd@ietf.org>; Fri, 26 Oct 2018 18:45:31 -0700 (PDT)
Received: by mail-qt1-x835.google.com with SMTP id u34-v6so3403344qth.3 for <dnssd@ietf.org>; Fri, 26 Oct 2018 18:45:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=FiRU1oik3+MNQhlBG87GPxrIwurQc518LrLxSGN4H30=; b=eIu72dyeopQ6mhBXGOJxVLlgIyXlGlKNZJCuZBitOwpLGm/WhfHQVD5vAXST4GLjfe DVyKq0HfFvdOs2HB0e1Fjy9GHV2jjXipTeUUmnzB6NnYS4e6xCb6trJBk8aSiz9ilziT vGDx6B5CF4lI/EETmDyhAwn0+7vgdS3aALH/jDnypM1v5TytAhTR1LRUQgmUda6zlSwu 0Q+PlyDXGTLpBmKgBHV9CrhD8K/xCw0CK+TMdkBWxxx67sJk3FyhX4n/macP70SBfK0u 5QpuDDDLBhB8CxCYenKn5Ci6GHAMFTYbpj4SvMRU7HJMeHh3dyW6Up7n5TS5vSZR50+L f7Gg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=FiRU1oik3+MNQhlBG87GPxrIwurQc518LrLxSGN4H30=; b=R4h09Og+E+IHSKy9MpXr1gU5wgcIwxDbHS8WGr3N6NWRa35M1HYvxDDKNHjDwY34QV lD5w1sI5FRV280ztgoQjaPUw83T7ZJRoL1n1PEMvgMvt39yNZ7ur8e80+JpaNwLx4pc+ 1XY36F/yB8w+0Gn8UCF0YV65bAnQ1T5zGzGRHNTAh/VNLBtPTktqIKDFmUXmEjX/PCe+ qLnd1OqinpkdlYZMBbeUYyb3LGyefeGYVZ8tbbCWS6/f9ErSqZ/z6fpHZc5KfP8vxj5V +RjsQ+50K7B1zeWY49QG+Aa4tQ6Xilc6bWUA38QdCOWJW8g4vzah7Ox5sBx6xCqeQ5Ik VliQ==
X-Gm-Message-State: AGRZ1gIuzID4/GpWVVZbh/mo+kNKfGxIxruiGdUwoXa+3F4xWqqWOX+n xicpAgQ/1MZQMSBnpRr9G6GpBd0PmNXoV77obloC1g==
X-Google-Smtp-Source: AJdET5c8B3dbcWsL6IwyX6froqHu0rArObYXX/H1ZKyocTVZUBrT6+CFKC+VJtO2vKs8mvt2bSKxHHWOLTFDK3HkrIM=
X-Received: by 2002:aed:366a:: with SMTP id e97-v6mr5460898qtb.75.1540604730969; Fri, 26 Oct 2018 18:45:30 -0700 (PDT)
MIME-Version: 1.0
References: <9EDAA7B4-BB78-4CCC-BE0E-A47EF3E0A4A6@apple.com> <DD18BDD4-FFDF-43BC-97E1-8BB846F15702@bangj.com> <C4802C62-E94C-48AE-867F-9A4743A4AEA2@cisco.com> <CAPt1N1m1d5Vj1ueC17ksfP7j9+23s0ATtxUwrTnCwmjqEQgtUQ@mail.gmail.com> <5AC9F8F4-F35C-4A7B-AAC2-105E25D60FBE@bangj.com>
In-Reply-To: <5AC9F8F4-F35C-4A7B-AAC2-105E25D60FBE@bangj.com>
From: Ted Lemon <mellon@fugue.com>
Date: Fri, 26 Oct 2018 21:45:19 -0400
Message-ID: <CAPt1N1n2cA-sjQA0fvqRKB97R8UDWpUrT2k6zWfsYgDiqM8zhQ@mail.gmail.com>
To: Tom Pusateri <pusateri@bangj.com>
Cc: David Schinazi <dschinazi@apple.com>, "Jan Komissar (jkomissa)" <jkomissa@cisco.com>, Stuart Cheshire <cheshire@apple.com>, Tim Wicinski <tjw.ietf@gmail.com>, dnssd <dnssd@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000baacb805792bfd31"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/7XOSTdjUjAAUNp2HpM4qARgYYRI>
Subject: Re: [dnssd] Working group last call for draft-ietf-dnssd-push
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2018 01:45:35 -0000
Thanks! All good so far! :) On Fri, Oct 26, 2018 at 9:15 PM Tom Pusateri <pusateri@bangj.com> wrote: > > Thanks for the feedback! Comments inline. > > > On Oct 26, 2018, at 5:28 PM, Ted Lemon <mellon@fugue.com> wrote: > > > > I'm in favor of advancing the document. I have a few editorial > comments: > > > > On Page 6: > > > > For example, if a user presses the "Print" > > button on their smartphone, and then leaves the phone showing the > > printer discovery screen until the phone goes to sleep, then the > > printer discovery screen should be automatically dismissed as the > > device goes to sleep. If the user does still intend to print, this > > will require them to press the "Print" button again when they wake > > their phone up. > > > > > > I don't think this is the right advice to give—it's not necessary to > dismiss the UI. It always surprises me when a context switch results in > something in the UI changing without me changing it. The less surprising > behavior would be to simply stop doing these queries while the dialog isn't > showing. The dialog isn't showing when the phone is asleep. So maybe > this text would accomplish the same purpose without recommending a > particular UI flow? > > > > For example, if a user presses the "Print" button on their smartphone, > and then leaves the phone showing the printer discovery screen until the > phone goes to sleep, or switches > > to a different app, then the push subscription should (SHOULD?) be > discontinued. When the phone wakes up, > > or the user switches back to the application that is showing the print > > dialog, the subscription could be reinstated, perhaps after a brief wait > > to allow the user to dismiss the dialog if they no longer intend to > print. > > I agree that too much implementation info here is not needed. How about: > > (a) A subscription should only be active when there is a valid reason to > need live data (for example, an on-screen display is currently showing the > results to the user) and the subscription SHOULD be cancelled as soon as > the need for that data ends (for example, when the user dismisses that > display). Implementations may want to implement idle timeouts, so that if > the user ceases interacting with the device, the subscription is cancelled. > > > Section 3 says: > > > > Standard DNS Queries MAY be sent over a DNS Push Notification > connection, provided that these are queries for names falling within the > server's zone (the <zone> in the "_dns-push-tls._tcp.<zone>" SRV record). > The RD (Recursion Desired) bit MUST be zero. If a query is received with > the RD bit set, matching records for names falling within the server's > zones should be returned with the RA (Recursion Available) bit clear. If > the query is for a name not in the server's zone, an error with RCODE > NOTAUTH (Not Authoritative) should be > > returned. > > > > Why is this? What if this is a hybrid authoritative/caching resolver? > Also, later on we do actually specify that this can work with the local > resolver. ISTM you could say this instead and capture what is necessary: > > > > Standard DNS Queries MAY be sent over a DNS Push Notification > > connection. For any zone for which the server is authoritative, it > > > > MUST respond authoritatively for queries on names falling within > > that zone (e.g., the <zone> in the "_dns-push-tls._tcp.<zone>" SRV > > record) both for DNS Push Notification queries and for normal DNS > > > > queries. For names for which the server is acting as a caching > > resolver, e.g. when the server is the local resolver, for any query > > for which it supports DNS Push Notifications, it MUST also support > > standard queries. > > That sounds better. I think the idea of subscriptions to a local resolver > came along later and this part didn’t get updated. > > > > > Section 4 says: > > > > In keeping with the more recent precedent, DNS Push Notification is > > defined only for TCP. DNS Push Notification clients MUST use DNS > > Stateful Operations (DSO) [ > > DSO] running over TLS over TCP [RFC7858]. > > > > But section 7 says: > > > > The Strict Privacy Usage Profile for DNS over TLS is strongly > > recommended for DNS Push Notifications as defined in "Usage Profiles > > for DNS over TLS and DNS over DTLS" [ > > RFC8310]. > > > > Which is it? :) > > Ok, I intended to go strict only since it was a new protocol. Here is the > new text in Section 7: > > The Strict Privacy Usage Profile for DNS over TLS is REQUIRED for DNS Push > Notifications as defined in "Usage Profiles for DNS over TLS and DNS over > DTLS". Cleartext connections for DNS Push Notifications are not > permissible. Since this is a new protocol, transistion mechanisms using the > Opportunistic Privacy profile are deemed unnecessary. > > > > > Section 5 says: > > > > Token bucket rate limiting schemes are also effective > > in providing fairness by a server across numerous client requests. > > > > > > [Citation Needed] > > > > Is there any reason to say this? > > No. Probably better to remove it. > > > > > DNS Push Notification clients and servers MUST support DSO, but (as > > stated in the DSO specification [ > > DSO > > ]) the server SHOULD NOT issue > > any DSO messages until after the client has first initiated an > > acknowledged DSO message of its own. A single server can support DNS > > Queries, DNS Updates, and DNS Push Notifications (using DSO) on the > > same TCP port, and until the client has sent at least one DSO > > message, the server does not know what kind of client has connected > > to it. Once the client has indicated willingness to use DSO by > > sending one of its own, either side of the session may then initiate > > further DSO messages at any time. > > > > > > It's just reiterating what the DNS Stateful Operations document says, > and what was said previously about updates and so on. Less text better? > > I agree. > > Ok, that’s as far as I got tonight. More tomorrow. > > Thanks! > > Tom > >
- [dnssd] Working group last call for draft-ietf-dn… David Schinazi
- Re: [dnssd] Working group last call for draft-iet… Tom Pusateri
- Re: [dnssd] Working group last call for draft-iet… Jan Komissar (jkomissa)
- Re: [dnssd] Working group last call for draft-iet… Ted Lemon
- Re: [dnssd] Working group last call for draft-iet… Tom Pusateri
- Re: [dnssd] Working group last call for draft-iet… Ted Lemon
- Re: [dnssd] Working group last call for draft-iet… Jan Komissar (jkomissa)
- Re: [dnssd] Working group last call for draft-iet… Tom Pusateri
- Re: [dnssd] Working group last call for draft-iet… Tom Pusateri
- Re: [dnssd] Working group last call for draft-iet… Ted Lemon
- Re: [dnssd] Working group last call for draft-iet… Tom Pusateri
- Re: [dnssd] Working group last call for draft-iet… Tom Pusateri