Re: [dnssd] The DNSSD WG has placed draft-sctl-service-registration in state "Call For Adoption By WG Issued"

Toke Høiland-Jørgensen <toke@toke.dk> Thu, 12 July 2018 20:49 UTC

Return-Path: <toke@toke.dk>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09B21130F83 for <dnssd@ietfa.amsl.com>; Thu, 12 Jul 2018 13:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id favgIxuhtz0f for <dnssd@ietfa.amsl.com>; Thu, 12 Jul 2018 13:49:44 -0700 (PDT)
Received: from mail.toke.dk (mail.toke.dk [52.28.52.200]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF13712F1AC for <dnssd@ietf.org>; Thu, 12 Jul 2018 13:49:43 -0700 (PDT)
From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1531428578; bh=zM4yAI3qvgPQnUKPCU8hTRPuSfmUV8bl22/OE672B8o=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=Ne+mHtNy2EixkiYakULTZ5nKFUzWiv+A+pcbFSvNFq2WL+F79tk2VrjPKSiPqj6vo 8zYgRD6Yn0gWk1DIZZ7g9g/yBqnAftdsxtu9kfWPEJL3JdRzkHndPruVIQn8cvKO0c 6wn1550wDOXU7CwmtIDLUUYyL44Rezu8lFXL9Neg9i0ZxklXsJF6cTblfLOy6GMMZn ufI9EkHDt8WvMM5AddqK05FDeTTZ3PDvb3SLisMrGCgV0bogprWpEFQYbbrDiktx9A zkQ4TnAtr6RWZbwh6jHWpNWenJ9r8bkd/e66fsUw8/PO6HRsciXPF82h3LSSZiXeJg E9X8836zizw2A==
To: Ted Lemon <mellon@fugue.com>
Cc: David Schinazi <dschinazi@apple.com>, dnssd <dnssd@ietf.org>
In-Reply-To: <CAPt1N1mLA3knwxW0R9Ayb29Og4hh=y+6X9OaPSZW58noYv-4+A@mail.gmail.com>
References: <153064569308.5111.7449468818446130425.idtracker@ietfa.amsl.com> <EB70166C-B64B-4509-909D-76978CA00A36@apple.com> <87lgare65v.fsf@toke.dk> <AC270951-0AA4-45D0-9F1A-83067489BF27@fugue.com> <87in5td3ar.fsf@toke.dk> <A667C059-FEBB-4159-A053-0B7AFE35F5FD@fugue.com> <87r2kbcl3h.fsf@toke.dk> <CAPt1N1=kNRiNLMEkSjMmcG+U5Bg6OACkQTAkO6t1b-rzYnza0w@mail.gmail.com> <87fu0obuua.fsf@toke.dk> <CAPt1N1=ktPp-T8fg17fAaT=FznDytnXr2N3Uz1rUL+En_QOKUA@mail.gmail.com> <874lh4bicx.fsf@toke.dk> <CAPt1N1mLA3knwxW0R9Ayb29Og4hh=y+6X9OaPSZW58noYv-4+A@mail.gmail.com>
Date: Thu, 12 Jul 2018 22:49:30 +0200
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <871sc8b2n9.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/BiQr-wlVoheVPsrQTJqo5TA5aDI>
Subject: Re: [dnssd] The DNSSD WG has placed draft-sctl-service-registration in state "Call For Adoption By WG Issued"
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2018 20:49:46 -0000

Ted Lemon <mellon@fugue.com> writes:

> It seems like the client should just keep maintaining whatever records
> it maintains. If the server doesn't take some updates, then the client
> can just keep trying. Otherwise the client has to somehow model the
> state of the server, which seems unnecessary.

Yeah, agreed.

> As for A and AAAA records, this is an open question: how to handle it.
> Is it a problem to allow a client to update arbitrary A and AAAA
> records? The restriction of only updating the one that corresponds to
> the source address used to send the update is there because we have
> some reasonable assurance that the client actually has that address.
> We could have some hack where we use the neighbor table to notice that
> several addresses are associated with the same layer 2 address, but
> that seems like not what we want to do.

Why is it a problem that a client registers other addresses for its
A(AAA) records? As long as it can't update the addresses of another name
it can't spoof that service; if it sets another device's address as it's
own name, it is just spoofing itself? It could be a problem for PTRs, of
course, but not for A(AAA)?

Maybe this could also be something that is left up to the registration
server as a matter of policy? An example policy could be "only 1 address
per subnet per name" or something... But since a client can just
generate an infinite number of new names, I'm not really sure that buys
much either...

> mDNS seems to just use .arpa. I don't know how/if that works, but I
> definitely don't see how to make it work with the DNS protocol.

Wait, don't see how to make what work with the DNS protocol?

-Toke