IETF Logo Mail Archive

[dnssd] SRPL: SRP replication (draft-lemon-srp-replication-00) - questions/ideas

Abtin Keshavarzian <abtink@google.com> Sat, 25 September 2021 18:47 UTC

Return-Path: <abtink@google.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC3053A1EC6 for <dnssd@ietfa.amsl.com>; Sat, 25 Sep 2021 11:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.097
X-Spam-Level:
X-Spam-Status: No, score=-18.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRNLCsY4N5vL for <dnssd@ietfa.amsl.com>; Sat, 25 Sep 2021 11:47:16 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 349093A1ECC for <dnssd@ietf.org>; Sat, 25 Sep 2021 11:47:16 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id az15so13601710vsb.8 for <dnssd@ietf.org>; Sat, 25 Sep 2021 11:47:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=xLFxMicu93kfSgylnyT7/dtehcYstTg+hK8G/Rm3URc=; b=V1B0O2S6hv+WwkxfnL7ExybyYHgGult3UKa49T8NzSp4CoBYsBu/vZW9QiBnAJbawQ jPMupQYYda8Oj0vhyQWBd5a45JzivxzGYciAeQKpFi6phmV63ruebiPdmk5NC2+E6+ph A3cXezoYbQ/c0BhRBs8hXRwQZILyY2WsUr0XLZCHT3jqVeF9Bj+iV3hG9pBHenl/I9uT 8/JL6EVDPDGadoOeo6/JboHVJBvXGQ6L+8ffIXiR33ItGe6RuofY7KGMlcMmnnZL9fgY 7jHhsVZW7kpAil1Y1Jm3L9F6QGSTyde7nZlHaTMl8vDAm21+plduTxwdFt7giw5iSWF9 eTRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=xLFxMicu93kfSgylnyT7/dtehcYstTg+hK8G/Rm3URc=; b=I/co7CFv9WoihiRhxUiHnh94AwVTy9aLdIW6i77CxuOkrlGba1kRtja5lUBhCWp8CM Po3K34yiTT65f91PNuQHZAY1dkTEXNyGavS6rzDNLLlAJKnTWhZ+AQTluCIX9cJ/CzOY BLq48gI6Etdnm0nyiuM5jKk9LfF0b8TgUMIzyYs2EzyeAnv1EFomFsQMsEya2S2ww3hp +mzLKr1EryDqClqdfhK8N6K7o0ubD6OUrVfm0iy9T9f6BCmL+yW3XrjYSB6jiCXeaUpn 6eSPEiXK49DKbAew2rpV6JzCOxmf5zm3IUJMqH3MnSRIY8d7d4+E7Sx/gVzzY4Bez1Zd bm4A==
X-Gm-Message-State: AOAM5304PAZWeSaEQd4CN3IuOkz9qQVW+rsGRUFrC5/h4FvfWh8LCxkI IMKYaYGInuSHzzEK7PPLuMgzNFJ8HKNqJ2CwDpE/DA1lvwmXkQ==
X-Google-Smtp-Source: ABdhPJzC22Ua0XaClprwl0fTRy8iOY9x7hyYKcCunP0uQ5uoWbANfkeosO1HLIkFq2wR7XWnbCZBeb9IDxrpytPJeig=
X-Received: by 2002:a67:f2cf:: with SMTP id a15mr7288257vsn.58.1632595634785; Sat, 25 Sep 2021 11:47:14 -0700 (PDT)
MIME-Version: 1.0
From: Abtin Keshavarzian <abtink@google.com>
Date: Sat, 25 Sep 2021 11:47:04 -0700
Message-ID: <CACce4dQCt3-JhZ-nHwZ3=fj+1bKinsDNuEOeUMH=JiHNUvD95w@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: DNSSD <dnssd@ietf.org>, Jonathan Hui <jonhui@google.com>
Content-Type: multipart/alternative; boundary="000000000000e06dc705ccd64ad6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/JgBd971dwhPhObjf2AMnJb_tCxQ>
Subject: [dnssd] SRPL: SRP replication (draft-lemon-srp-replication-00) - questions/ideas
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Sep 2021 18:47:19 -0000

Hi Ted,

I have been reading the SRP replication draft (
https://www.ietf.org/archive/id/draft-lemon-srp-replication-00.html) and
the related RFCs (like DSO).

Overall in my opinion, the design seems very reasonable and good.

There are couple of questions and some thoughts around them that I'd like
to sync with you. They are all related to the SRPL Host message.

My understanding is that during routine operation, whenever an SRP update
message from an SRP client is successfully processed, the peer (which
processed it) will embed the SRP update message in an SRPL Host (within an
SRPL Host Message TLV) and will send it to all partner peers. This sounds
like a good model to me for syncing the peers during routine operation.

1) How can we sync the accepted lease and key lease intervals for the
registered entries across SRP servers using SRPL?

- The SRP update message itself contains the lease and key lease values,
but these are what the SRP client requested (or wished to get).
- The accepted lease intervals are included in the SRP update response that
the original SRP server peer will send back to the SRP client.
- I guess we may need a way to inform the accepted lease intervals from the
peer to SRPL partner peers.

One way I can think of is to add a new secondary TLV (e.g., SRPL Lease
Intervals) as part of SRPL Host message.

The other possibility is to assume/require that all SRPL SRP servers
use/accept the same lease intervals (I personally prefer the former way
better since it adds more flexibility).

---------

The other questions are related to the use of SRPL Host messages during
initial synchronization.

The SRP server should have all the registered service entries in its
database but it may not necessarily keep the SRP  update messages that
registered them. But in the SRPL Host message we want to embed an SRP
update message.

My first thought was that we can have the SRP server save the last update
message from each SRP client, but then services may be registered at
different times and in many different SRP update messages. So I guess this
may not work in all cases.

My next thought was that the SRP server peer should be able to construct an
SRP update message based on the info it has, but there are some tricky
situations with this.

2) What to do with the signature in the SRP update message? The SRP server
does know the public key of the SRP client (host), but it needs the private
key to be able to do the ECDSA signing of the message, so cannot sign it.

- One way around this is to make the signature optional in the SRP update
messages which are embedded in an SRPL Host message. But I am not sure if I
like this, since it (kind of) requires special/different treatment of SRP
update messages in this case on a partner peer.

3) How to convey the remaining lease times for multiple registered services
(from the same SRP client) to the partner peer in the SRPL Host and its
embedded SRP update message?

- An SRP client may register multiple services at different times (and in
different SRP update messages).
- So at the time of SRPL initial synchronization, services from the same
host/client can have different remaining lease times.
- We have "SRPL Time Offset TLV" in an SRPL Host message, but this seems to
apply to the host and all the entries.
- I guess we may need a way to be able to share the remaining lease times
per service entry.

One way I can think of (which may address both 2 & 3) is to use the SRPL
Host message only during routine operation, and then during initial
synchronization we define and use a new type of SRPL message with new TLVs
(e.g. an SRPL Service TLV) to include all the info about the host and all
of its service(s) in the TLVs.

I appreciate your thoughts on these.

Thanks,
Abtin.

v2.23.0 | Report a Bug | By Email