[dnssd] Intended behavior for eliding KEY record in DNS query response? (draft-ietf-dnssd-srp)

Esko Dijk <esko.dijk@iotconsultancy.nl> Tue, 04 July 2023 19:39 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F354C14F749 for <dnssd@ietfa.amsl.com>; Tue, 4 Jul 2023 12:39:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.098
X-Spam-Level:
X-Spam-Status: No, score=-7.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fb4YyHdJ3eaw for <dnssd@ietfa.amsl.com>; Tue, 4 Jul 2023 12:39:46 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on2119.outbound.protection.outlook.com [40.107.13.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B23D6C14F748 for <dnssd@ietf.org>; Tue, 4 Jul 2023 12:39:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=d48LbjlbpF2aY4yAA71EPzhiXbcNokxYXXuoLtTHnMG7e1HPz8HPkAr0n8XfS7IAPnLO0IUcqPRGkAzqO1erkgEMGDfaYi0qvn+g4k97moHgvBWspB0zzuZQVH848mFhDJ0qEkUQx8a/0GEmw5KxzhyW2Jq3sh7HDAbPI4720gl20OQthBqnW78Qw/pYzrkHAcGI7riM0n7FLe8dYny6PGtz5KVkNERx4RtRbDtfo34VtyDEM4sTutTi1XzO8vXzJWilhHwXPVHDh+JVCpQFkeAFQyRWM4E/iTrQYJ4E5jyUg2QS/a2F6sbagsC5IF+4ShjtqdTgula6zAHDLFR2jA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=znoP8kA4UlMu1XV6GUzpNY3S2xIxp78VfkvgDNwG2Z0=; b=P8kwmJhUHB3+emPVUi2JrgRLLvG+P83z4ccmtN0wGg9BKL7kW7yuJH9Pf9W2s9KkdfQD8XnMdbtUxD6Z/nVuK1hoUYpAKKvY4JsHOUSGpyYaK3p71Lba9lqWz7o8uap0kWgrfTBBUaM/1bpk/aDgyUiy40z7LUUSH7SVVEIJ+FPmyx9d2Ov+Q6aN6QkTgcr9vNuks3P8NRov7KTBLKD/cE1yT0inih3wQ/15MfCZwnwttc7q/tAUp+nrO4H+4c1x3eToJNVAckzKATimbxbQdyS4krpHyylBqoM9c/oVWy4UydILWIHpu2O1FLA3Pn2AtPMHpKWRDAJTN/4rZ9rTgA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=znoP8kA4UlMu1XV6GUzpNY3S2xIxp78VfkvgDNwG2Z0=; b=kIFB8Bz8+BKYqbBAVU+aCOuRXdpGBtDROQUNE2t/QkVUPxbf3vGYVFLrAdTeEp9dvPlMrqI6PWy5CbGco/wInwYmKSPdjo61upiXtXl+kmOAvcujCkwS0nqP3UP1RLsGaIukUI6xAbDwaj++DLpJYSSMAw9ASYAYrGPU3TPKkIo=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by DB8P190MB0745.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:124::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6544.24; Tue, 4 Jul 2023 19:39:41 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::ff1b:7eab:94ba:f28]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::ff1b:7eab:94ba:f28%4]) with mapi id 15.20.6544.024; Tue, 4 Jul 2023 19:39:41 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: Intended behavior for eliding KEY record in DNS query response? (draft-ietf-dnssd-srp)
Thread-Index: AdmurxopT/VHTaeVTGaUrZGEqOjVmA==
Date: Tue, 04 Jul 2023 19:39:41 +0000
Message-ID: <DU0P190MB1978200A6FCB7259C8B3B0C5FD2EA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|DB8P190MB0745:EE_
x-ms-office365-filtering-correlation-id: fe424e8f-beb1-4835-bac6-08db7cc66914
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VbQ6ZQqdAoP+lYQjrXWWduIuFg2XL6vB9VHd+hfE58vClnBwjj/UJZ1osIuqYaCBVq86CDmySGZ5YSzy2wkf0V12petLiQqPPOSkHkRDIV4bTC2cIuQt0IZ4ss0AAKfZXiWssAcbzWZRDDoaoHExBRI/lmlCM+p3mIOVsNqB0prvWLo1lj2Nxm0H4jiDSfErN/wjiLkGCmWpQOYRnsM9gi0r5YXmstnm5HrN9ll9MU1yyWHNOAkxPzYAR5cjeEIdYBGonaWLpTuowAo1QrVpPJiybixYDH0pksd7gjZ9/KVG5yxQYTyvz+Iy7ggYtoX1FNJaKl/+4Hat8skgtaj1O3xsO19MDuQZuSIv0SaGgfbruS/lcNCOTqb7ybSWwXAQy/rhVBOLsWtSB9V/ScYWyOOB+LMj2JPckxbRq220E7EIZCevgrpeZggUHTo0KXgiopB6n2D6veDLQ9d0P/FxK3LIszuN29CQKlIcJhg/5eqrXt6w9oE1sePl6iFkl8QP/pKIFESCIuppODP7zfdDYH4qWXiEYB9kyGkSN1ItY0hpcooKQBjRUJOTy+iqtLFkemNbhcOjWvQFqv9qSXQVmbcIq3Xm8tyaTExJ6sOVRJvxqzIqWenp+2c/LufP+wSb
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230028)(39830400003)(346002)(396003)(136003)(376002)(366004)(451199021)(316002)(41300700001)(7696005)(26005)(83380400001)(186003)(9686003)(6506007)(66899021)(478600001)(71200400001)(122000001)(38100700002)(44832011)(66446008)(66556008)(64756008)(66476007)(76116006)(66946007)(6916009)(55016003)(52536014)(5660300002)(86362001)(38070700005)(33656002)(4744005)(2906002)(8936002)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SzIadE02FFzoUJqL3xdnUAlPKzJTLIiUNKRjUYF7tzLC9JOTdtEzAc8b/92Nz0UnLMbVjnWj1GoKKbz4mcIHmn1sRP8xu0kAbrNTJNVM69LiX7mnBY/fMnTnO4UAhnUClJuvUpgodmlCnkxYUgscoSeQJeloKd/sq+7WlVClal0RS1OH8302DTN3ua+GFwnwiIP93Cv11+wUKCMO8AUl/kRsaG105lSwFgm5ydG0PtyeFWN9FnpDXRWihGrkrpsyCZh+q0QJuvxasRJQy/QCh0C2t9sFD6y2dJjXv76c/rP/qBb3MbCykhGp9wRZSmb1HZkT8Fe6/asv6qgGBcSPhU/yFdBvImMKIF8Q2w+tXSx4yLTVZB9VQuZGe5Bz74FxNFQQxSkZ/d1TYxRIIvWC5+tzy+rz3KOuZkpLPNFAoIzMdJv9wMyNnBABcEFVVJZ6LwIniOVv5u/aPsDaPulkTXXD8bNq8XSIslI+65mUZtvlQnpBPgpOm49HIN3A0wH0mFmGZZAHzHyh9GYfjhMY/xemp4Z0i22KHyFssKWWO9fug4haSi4gcs503kLdvI/D9zgkKA7BHMLYT7lGCqQlxAoQw/AsyLz1sB5qZXLMQI4dPdFZUlssHN7UBBFBiPaf1QiPI1bC7Rac10LLd7wWaDlf+tVIB58b1vXj9TtLmMNG6AXBnMDWpx9jKhRxE8SiPeLk6i6nOqwDhDtsB12eAbKYHMB5lAqUyh1cNxLAkegHPVFpTUYPXg8UBkTBuGV5u35tRx4O9VlshSVSOwExA3L7QCNA2zaqF2v5NZyIBQ2HKUP2htLBarbq/t3sfa9EdYK9F9ttlx8IrN1xYLLr01COb8l7Id7Xezwml+3rC5Ha5WgGhgZIuILV7QRu700XY9a3AGoHs2GYi03rA1drHY7joObHVtBjpeEK6i/rqB/o2VxO8kQrthwuBOXqZ7ChgvrHb+ZH3ddbX13paS9YYjH1JIAbDOIBIsgKuG70UASi0UagJUFWNZHdLpWqW1pI4TRQ/RsfF/z2BXHvXCE0w4Vee4pBZXIiwNSIKuTo1+ogVWfVGNaBI5XMX7uc5NAJDksh4RYKHaA9GNfVxPHGxzuUWfTZH8nlkuOAPCVtNOoGOmy7wb1cor8SQgK41F7GId2zhRiSvac6RacDGJyVyExQTp41tHRMd+acZQippFs2KltbQkC8wR0Wis3/nTZdlJK7T+e6v0XK/ArxlPjkYQKHT3QSeL7xgUWjgS4otOVcyQooQYZhLnxB6JjNQtVxtjvO7S1/8gXH06sXmyIvJpNkJve3HKEtIXzWmbxdPVFWznr71RGeLksxAyP/ETvwhNzE1HUxCNup07mhcjcTCydPgSlkSHTlXoDVPZl0wiLFmm/u2XXV0t6WRF7XXiuvUjhDF5l3BOjmjHsCoV85/KuIOjklAiDueRgF8C3N/Pza7gr2Yw80tsGWYu+Eavos/iNfbfiRW2VmyR5gLjINvQxGtrl1fgDw/Novmf3FtrH8h6DkhpIc99fZujXxhp87viFSz4m/zsk6FIWWLKRd10B6Jc5EQtBHx6+uirrjjjdfWsDF2Mps20d80JrRvGqY
Content-Type: multipart/alternative; boundary="_000_DU0P190MB1978200A6FCB7259C8B3B0C5FD2EADU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: fe424e8f-beb1-4835-bac6-08db7cc66914
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jul 2023 19:39:41.0914 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: /QdypoxAGBXQE01nNydAkWKpy6vG6XNa64QbsPGIg3vcSBKbqUjqsrvi0i180pHs3WC3zytWLOgmCsnzUVNjfAjbC+XBVpolrdI9Cjo9/ks=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8P190MB0745
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/By68rnAq9JHoG3X2IN2SG-jGxw0>
Subject: [dnssd] Intended behavior for eliding KEY record in DNS query response? (draft-ietf-dnssd-srp)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jul 2023 19:39:51 -0000

Hi all,

Section 7 of draft-ietf-dnssd-srp-20 mentions the following:

  Public keys can be used as identifiers to track hosts. SRP registrars MAY elect not to return KEY records for queries for SRP registrations.

I'm currently interpreting this as follows: if a DNS query for a KEY record comes in, and the KEY record exists but the DNS resolver doesn't want to return it, then it removes the KEY record(s) from the query result.
So it would response RCODE=0 with 0 Answer records.  Is this correct?    Is there a risk some implementers might interpret this differently e.g. RCODE=5 (Refused)?  I'm thinking there may be that risk.
Especially because not returning KEY records can be viewed as a policy thing.

Regards
Esko

IoTconsultancy.nl  |  Email/Teams: esko.dijk@iotconsultancy.nl<mailto:esko.dijk@iotconsultancy.nl>    |   +31 6 2385 8339