IETF Logo Mail Archive

[dnssd] Re: WGLC for draft-ietf-dnssd-multi-qtypes

Florian Obser <florian+ietf@narrans.de> Mon, 07 July 2025 17:48 UTC

Return-Path: <florian+ietf@narrans.de>
X-Original-To: dnssd@mail2.ietf.org
Delivered-To: dnssd@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 953684039E42 for <dnssd@mail2.ietf.org>; Mon, 7 Jul 2025 10:48:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZdaxJ7X7f7ck for <dnssd@mail2.ietf.org>; Mon, 7 Jul 2025 10:48:19 -0700 (PDT)
Received: from imap.narrans.de (michelangelo.narrans.de [IPv6:2001:19f0:6c01:821:5400:1ff:fe33:a36d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2F3FE40397F3 for <dnssd@ietf.org>; Mon, 7 Jul 2025 10:46:31 -0700 (PDT)
Received: by michelangelo.narrans.de (OpenSMTPD) with ESMTPSA id a4b8773d (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <dnssd@ietf.org>; Mon, 7 Jul 2025 19:46:30 +0200 (CEST)
From: Florian Obser <florian+ietf@narrans.de>
To: dnssd@ietf.org
In-Reply-To: <87frgk46zp.fsf@x395.home.narrans.de> (Florian Obser's message of "Sun, 01 Jun 2025 02:53:46 +0200")
References: <87frgk46zp.fsf@x395.home.narrans.de>
Date: Mon, 07 Jul 2025 19:46:29 +0200
Message-ID: <m1zfdfvqq2.fsf@narrans.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: VQUAZZJF4PM6LEHDZAIH4GYAEST5D5SB
X-Message-ID-Hash: VQUAZZJF4PM6LEHDZAIH4GYAEST5D5SB
X-MailFrom: florian+ietf@narrans.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnssd.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dnssd] Re: WGLC for draft-ietf-dnssd-multi-qtypes
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/CbBFFKhUa_DSTfsVaPOBmqBhvG0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Owner: <mailto:dnssd-owner@ietf.org>
List-Post: <mailto:dnssd@ietf.org>
List-Subscribe: <mailto:dnssd-join@ietf.org>
List-Unsubscribe: <mailto:dnssd-leave@ietf.org>

Hi there,

the WGLC is now closed, apologies for closing it late[1].

The chairs see consensus that the document can progress.

The chairs also see consensus that the two issues raised by Tommy Jensen
in
https://mailarchive.ietf.org/arch/msg/dnssd/bQkA2274kKrzNcpFRlLoQif2u1M/
need to be addressed:

| (1) It seems to go without saying, but Section 3.3 for Client Response
| Processing never actually says that clients MUST/SHOULD NOT cache record
| types it receives that it didn't request. Should we? It seems like an attack
| vector if we are treating this response as the set as if every type was the
| QTYPE. This is expected for meta types, but in the case of querying for
| {AAAA, SVCB}, no client would expect A records to come back which could be
| cache poisoning for a name that was intended to be IPv6-only.
|
| (2) The security considerations section acknowledges the amplification attack
| this could enable, but it does not mention what Section 3.3's first bullet
| says about the server choosing to not process a request because it had too
| many types. I think it should in the spirit of giving obvious advice to
| implementors as it is currently implied but not stated. In fact, Section
| 3.2.2's normatives don't leave much room for an RFC novice to read "but you
| can also choose to defend against complex queries" from it.

Thanks,
Florian (for the chairs)

[1] Entirely my faul, I was a bit unclear on the process. Our AD Éric
explained to me that the document need not be perfect, we can still
close the WGLC.

On 2025-06-01 02:53 +02, Florian Obser <florian+ietf@narrans.de> wrote:
> Hi DNSSD people,
>
> As requested by the working group during IETF 122 in Bangkok, we are
> starting a Working Group Last Call (WGLC) for
> draft-ietf-dnssd-multi-qtypes.
>
> At the IETF 122 hackathon we had people working on implementing
> the draft and testing interoperability:
> https://mailarchive.ietf.org/arch/msg/dnssd/4Emt2GaVVL3zUD54eg2UJnVHAHo/
>
> This WGLC will last for two weeks until 2025-06-16 at 23:59 UTC. We
> are interested in hearing whether people have read this document and
> think it is ready for publication. We are also interested in hearing
> from people who think the document is not ready, or who see issues that
> need to be resolved before publication.
>
> The latest draft is available here:
> https://datatracker.ietf.org/doc/draft-ietf-dnssd-multi-qtypes/
>
> Please send responses to the DNSSD list as replies to this email
> before 2025-06-16 at 23:59 UTC.
>
> Thanks,
> Florian and Chris
>
> _______________________________________________
> dnssd mailing list -- dnssd@ietf.org
> To unsubscribe send an email to dnssd-leave@ietf.org

-- 
In my defence, I have been left unsupervised.

v2.35.0 | Report a Bug | By Email | System Status