[dnssd] SRPL: SRP replication (draft-lemon-srp-replication-00) - questions/ideas
Abtin Keshavarzian <abtink@google.com> Sat, 25 September 2021 18:47 UTC
Return-Path: <abtink@google.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC3053A1EC6 for <dnssd@ietfa.amsl.com>; Sat, 25 Sep 2021 11:47:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -18.097
X-Spam-Level:
X-Spam-Status: No, score=-18.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.499, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRNLCsY4N5vL for <dnssd@ietfa.amsl.com>; Sat, 25 Sep 2021 11:47:16 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 349093A1ECC for <dnssd@ietf.org>; Sat, 25 Sep 2021 11:47:16 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id az15so13601710vsb.8 for <dnssd@ietf.org>; Sat, 25 Sep 2021 11:47:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:from:date:message-id:subject:to:cc; bh=xLFxMicu93kfSgylnyT7/dtehcYstTg+hK8G/Rm3URc=; b=V1B0O2S6hv+WwkxfnL7ExybyYHgGult3UKa49T8NzSp4CoBYsBu/vZW9QiBnAJbawQ jPMupQYYda8Oj0vhyQWBd5a45JzivxzGYciAeQKpFi6phmV63ruebiPdmk5NC2+E6+ph A3cXezoYbQ/c0BhRBs8hXRwQZILyY2WsUr0XLZCHT3jqVeF9Bj+iV3hG9pBHenl/I9uT 8/JL6EVDPDGadoOeo6/JboHVJBvXGQ6L+8ffIXiR33ItGe6RuofY7KGMlcMmnnZL9fgY 7jHhsVZW7kpAil1Y1Jm3L9F6QGSTyde7nZlHaTMl8vDAm21+plduTxwdFt7giw5iSWF9 eTRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=xLFxMicu93kfSgylnyT7/dtehcYstTg+hK8G/Rm3URc=; b=I/co7CFv9WoihiRhxUiHnh94AwVTy9aLdIW6i77CxuOkrlGba1kRtja5lUBhCWp8CM Po3K34yiTT65f91PNuQHZAY1dkTEXNyGavS6rzDNLLlAJKnTWhZ+AQTluCIX9cJ/CzOY BLq48gI6Etdnm0nyiuM5jKk9LfF0b8TgUMIzyYs2EzyeAnv1EFomFsQMsEya2S2ww3hp +mzLKr1EryDqClqdfhK8N6K7o0ubD6OUrVfm0iy9T9f6BCmL+yW3XrjYSB6jiCXeaUpn 6eSPEiXK49DKbAew2rpV6JzCOxmf5zm3IUJMqH3MnSRIY8d7d4+E7Sx/gVzzY4Bez1Zd bm4A==
X-Gm-Message-State: AOAM5304PAZWeSaEQd4CN3IuOkz9qQVW+rsGRUFrC5/h4FvfWh8LCxkI IMKYaYGInuSHzzEK7PPLuMgzNFJ8HKNqJ2CwDpE/DA1lvwmXkQ==
X-Google-Smtp-Source: ABdhPJzC22Ua0XaClprwl0fTRy8iOY9x7hyYKcCunP0uQ5uoWbANfkeosO1HLIkFq2wR7XWnbCZBeb9IDxrpytPJeig=
X-Received: by 2002:a67:f2cf:: with SMTP id a15mr7288257vsn.58.1632595634785; Sat, 25 Sep 2021 11:47:14 -0700 (PDT)
MIME-Version: 1.0
From: Abtin Keshavarzian <abtink@google.com>
Date: Sat, 25 Sep 2021 11:47:04 -0700
Message-ID: <CACce4dQCt3-JhZ-nHwZ3=fj+1bKinsDNuEOeUMH=JiHNUvD95w@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: DNSSD <dnssd@ietf.org>, Jonathan Hui <jonhui@google.com>
Content-Type: multipart/alternative; boundary="000000000000e06dc705ccd64ad6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/JgBd971dwhPhObjf2AMnJb_tCxQ>
Subject: [dnssd] SRPL: SRP replication (draft-lemon-srp-replication-00) - questions/ideas
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Sep 2021 18:47:19 -0000
Hi Ted, I have been reading the SRP replication draft ( https://www.ietf.org/archive/id/draft-lemon-srp-replication-00.html) and the related RFCs (like DSO). Overall in my opinion, the design seems very reasonable and good. There are couple of questions and some thoughts around them that I'd like to sync with you. They are all related to the SRPL Host message. My understanding is that during routine operation, whenever an SRP update message from an SRP client is successfully processed, the peer (which processed it) will embed the SRP update message in an SRPL Host (within an SRPL Host Message TLV) and will send it to all partner peers. This sounds like a good model to me for syncing the peers during routine operation. 1) How can we sync the accepted lease and key lease intervals for the registered entries across SRP servers using SRPL? - The SRP update message itself contains the lease and key lease values, but these are what the SRP client requested (or wished to get). - The accepted lease intervals are included in the SRP update response that the original SRP server peer will send back to the SRP client. - I guess we may need a way to inform the accepted lease intervals from the peer to SRPL partner peers. One way I can think of is to add a new secondary TLV (e.g., SRPL Lease Intervals) as part of SRPL Host message. The other possibility is to assume/require that all SRPL SRP servers use/accept the same lease intervals (I personally prefer the former way better since it adds more flexibility). --------- The other questions are related to the use of SRPL Host messages during initial synchronization. The SRP server should have all the registered service entries in its database but it may not necessarily keep the SRP update messages that registered them. But in the SRPL Host message we want to embed an SRP update message. My first thought was that we can have the SRP server save the last update message from each SRP client, but then services may be registered at different times and in many different SRP update messages. So I guess this may not work in all cases. My next thought was that the SRP server peer should be able to construct an SRP update message based on the info it has, but there are some tricky situations with this. 2) What to do with the signature in the SRP update message? The SRP server does know the public key of the SRP client (host), but it needs the private key to be able to do the ECDSA signing of the message, so cannot sign it. - One way around this is to make the signature optional in the SRP update messages which are embedded in an SRPL Host message. But I am not sure if I like this, since it (kind of) requires special/different treatment of SRP update messages in this case on a partner peer. 3) How to convey the remaining lease times for multiple registered services (from the same SRP client) to the partner peer in the SRPL Host and its embedded SRP update message? - An SRP client may register multiple services at different times (and in different SRP update messages). - So at the time of SRPL initial synchronization, services from the same host/client can have different remaining lease times. - We have "SRPL Time Offset TLV" in an SRPL Host message, but this seems to apply to the host and all the entries. - I guess we may need a way to be able to share the remaining lease times per service entry. One way I can think of (which may address both 2 & 3) is to use the SRPL Host message only during routine operation, and then during initial synchronization we define and use a new type of SRPL message with new TLVs (e.g. an SRPL Service TLV) to include all the info about the host and all of its service(s) in the TLVs. I appreciate your thoughts on these. Thanks, Abtin.
- [dnssd] SRPL: SRP replication (draft-lemon-srp-re… Abtin Keshavarzian
- Re: [dnssd] SRPL: SRP replication (draft-lemon-sr… Ted Lemon
- Re: [dnssd] SRPL: SRP replication (draft-lemon-sr… Abtin Keshavarzian
- Re: [dnssd] SRPL: SRP replication (draft-lemon-sr… Ted Lemon
- Re: [dnssd] SRPL: SRP replication (draft-lemon-sr… Abtin Keshavarzian