IETF Logo Mail Archive

Re: [dnssd] [dnssd-wg/draft-ietf-dnssd-srp] possible non-compliant KEY RR flags field used for example in Appendix C (Issue #24)

Alexander Clouter <alex+ietf@coremem.com> Mon, 04 March 2024 18:21 UTC

Return-Path: <alex+ietf@coremem.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A4C1C14F61E for <dnssd@ietfa.amsl.com>; Mon, 4 Mar 2024 10:21:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=coremem.com header.b="tNebK9N3"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="mG0w8Sq/"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S3PuiKqj85Yi for <dnssd@ietfa.amsl.com>; Mon, 4 Mar 2024 10:21:00 -0800 (PST)
Received: from fhigh2-smtp.messagingengine.com (fhigh2-smtp.messagingengine.com [103.168.172.153]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA067C14F60A for <dnssd@ietf.org>; Mon, 4 Mar 2024 10:20:59 -0800 (PST)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailfhigh.nyi.internal (Postfix) with ESMTP id D5DD211400E7 for <dnssd@ietf.org>; Mon, 4 Mar 2024 13:20:58 -0500 (EST)
Received: from imap46 ([10.202.2.96]) by compute3.internal (MEProxy); Mon, 04 Mar 2024 13:20:58 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coremem.com; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm3; t=1709576457; x=1709662857; bh=e2DJ5rInEN Fuys9rk/s0+prnyTeDHnBNlD2IGbauDH8=; b=tNebK9N3qE3J/klIAecizAJrUc ELvakHwCKdMmV15CxmyLvuKMnJ4GW04zBF1f6YxqUZIbHVDUvshoN0tYkMVEBcLo PqdnKr76O8p3Wlg8W2O9DIWpvFY1qyQh8WemQJq9C4ueIj+0GDXrTovECWFs9iEg puEcQKQ5Cmu+2KUdaSEayEabQsRMmXWj5P3TJLVTx+LzfTUn9yVKt2IdxpnwPZzU ormg7bbGVzyYt6eA9HFts4CAB0go4/dAAaQ9uvbBnBmkxJeizS3qcrrkri/0Eu3J LW7QLnYxBBPpv8FNKMr9CCTgTDk/i2Kd5f3iu+39WjK44xTw3QENABnyysxg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1709576457; x=1709662857; bh=e2DJ5rInENFuys9rk/s0+prnyTeD HnBNlD2IGbauDH8=; b=mG0w8Sq/T6sUsgTw5toFKdZDT055h/8h0CpHRysNwKOD ZM5txKQIBMaNXCz/Fj5KuPyHEsr0Kblwh6tcXSl4ayKf7rGuFep/vv7XDbEV8Vkz 0C/2kkTNGQZwSjAaIMyapJ1KfGD1jSdQXT/DPgmWB5u/knK9m+0W0jtaMD7gBAaJ KpeMBI4z+tVq3zFpoWkTIpnk5WbQrhl71j+zp7KqXpa1kVUfEt8X8WbUP10VB7a6 EMJ1H4kUJMtWEJnxEkIEQclitdmJTLD46OommCQ7xxVYFfjnFhFaQjDetrZjClZQ s6iLhu01VeKgcUA+o6fiunVI8Juyq9d4Loqd0jt6hA==
X-ME-Sender: <xms:CRHmZXxh0fqdm6twCf_-Qv9E7bHnXbUXNV93B7DCvwU6eDieRBZluQ> <xme:CRHmZfQFApd1ZNSuE_6sknBaBDg_q5TC3fq3ee5vVB4x0_767QCbjk5pTHXYu7ViU uZYA1mVf9ubNv_M-A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrheejgddutdelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedftehlvgigrghnuggvrhcuvehlohhuthgvrhdfuceorghl vgigodhivghtfhestghorhgvmhgvmhdrtghomheqnecuggftrfgrthhtvghrnhepvdetje fhhefggeelueelfeetieekgfevhfehkeehvedvkeeufeekieeifffhvdegnecuvehluhhs thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprghlvgigodhivghtfh estghorhgvmhgvmhdrtghomh
X-ME-Proxy: <xmx:CRHmZRUZhimsTvaegJ2F4vubEIXvXaZ9VpOPN8JJESNAHanHem8kGw> <xmx:CRHmZRj44MLYfIXupYzA_IX6vosVuIwUnxLxOrV-lCt5O6SAeS7kfA> <xmx:CRHmZZD2EtugKVuamr1Itp91fg2R9eH75Svd_rL9MG4i2M0cEaE_Dw> <xmx:CRHmZcpjM3fop9NXyC7yT8WiBapd4JMnsw75jpCv0QiaTDR1pSHNSA>
Feedback-ID: ie3614602:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 94CFA2A2008B; Mon, 4 Mar 2024 13:20:57 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-208-g3f1d79aedb-fm-20240301.002-g3f1d79ae
MIME-Version: 1.0
Message-Id: <5288779c-43bb-4048-a367-142fb5e7f1c8@app.fastmail.com>
In-Reply-To: <CAPt1N1n3uwEM_bmP3pd2ZH+p2iVmc+ysjMc6D62Ert9+PVef=g@mail.gmail.com>
References: <dnssd-wg/draft-ietf-dnssd-srp/issues/24@github.com> <CAPt1N1n3uwEM_bmP3pd2ZH+p2iVmc+ysjMc6D62Ert9+PVef=g@mail.gmail.com>
Date: Mon, 04 Mar 2024 18:20:37 +0000
From: Alexander Clouter <alex+ietf@coremem.com>
To: dnssd@ietf.org
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/QbqZgyyGr_JRw-TeNrIRyQN8uRA>
Subject: Re: [dnssd] [dnssd-wg/draft-ietf-dnssd-srp] possible non-compliant KEY RR flags field used for example in Appendix C (Issue #24)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 18:21:04 -0000

Hello,

On Mon, 4 Mar 2024, at 16:13, Ted Lemon wrote:
> Alexander Clouter identified in a recent github issue on
> draft-ietf-dnssd-srp that our support for the KEY RR looks like it's based
> on RFC2535, but RFC2535 was updated by RFC3445. Unfortunately RFC3445
> doesn't explicitly update RFC2931, so we missed this. However, the change
> is, I think, purely editorial, so should be fine to do at this stage. I've
> updated the example Alexander cites to change the flags value from 513 to
> 0, and added text in the requestor and registrar sections of
> draft-ietf-dnssd-srp pointing to RFC3445's requirement for setting the
> flags to 0 (requestor) and not checking the flags (registrar).

The 'key id' comment also requires amending to 14495:
----
$ cat demo 
;demo. 10 IN DNSKEY 513 3 13 ( qweEmaaq0FAWok5//ftuQtZgiZoiFSUsm0srWREdywQU 9dpvtOhrdKWUuPT3uEFF5TZU6B4q1z1I662GdaUwqg== )
demo. 10 IN DNSKEY   0 3 13 ( qweEmaaq0FAWok5//ftuQtZgiZoiFSUsm0srWREdywQU 9dpvtOhrdKWUuPT3uEFF5TZU6B4q1z1I662GdaUwqg== )

$ dnssec-dsfromkey -A -f demo 
demo. IN DS 14495 13 2 7FB66BEDBD76E23593FBCF637BD912717F11376198A3CBA74F7BE6304C026574
----

The calculation is effectively a rolling sum so those with a keen eye will notice 15008-513=14495.

Thanks

v2.23.0 | Report a Bug | By Email