IETF Logo Mail Archive

Re: [dnssd] WG last call on draft-ietf-dnssd-mdns-dns-interop-01

Andrew Sullivan <ajs@anvilwalrusden.com> Mon, 20 July 2015 11:11 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9459F1A1BB3 for <dnssd@ietfa.amsl.com>; Mon, 20 Jul 2015 04:11:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q0fscTgn19aq for <dnssd@ietfa.amsl.com>; Mon, 20 Jul 2015 04:11:35 -0700 (PDT)
Received: from mx2.yitter.info (mx2.yitter.info [IPv6:2600:3c03::f03c:91ff:fedf:cfab]) by ietfa.amsl.com (Postfix) with ESMTP id D96DE1A1B8F for <dnssd@ietf.org>; Mon, 20 Jul 2015 04:11:34 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx2.yitter.info (Postfix) with ESMTP id 835BA10012 for <dnssd@ietf.org>; Mon, 20 Jul 2015 11:11:33 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx2.yitter.info ([127.0.0.1]) by localhost (mx2.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s5qwFJhXEUQ7 for <dnssd@ietf.org>; Mon, 20 Jul 2015 11:11:32 +0000 (UTC)
Received: from mx2.yitter.info (dhcp-b10d.meeting.ietf.org [31.133.177.13]) by mx2.yitter.info (Postfix) with ESMTPSA id 21DAD10370 for <dnssd@ietf.org>; Mon, 20 Jul 2015 11:11:31 +0000 (UTC)
Date: Mon, 20 Jul 2015 13:11:28 +0200
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnssd@ietf.org
Message-ID: <20150720111127.GA22122@mx2.yitter.info>
References: <DA1638C9-346B-49A9-BA2D-8894785F43A0@cisco.com> <681D46F1-4DCA-442D-946D-AEE7D53C1F68@cisco.com> <BY2PR03MB412D01C2E26F5DAC3E84BF9A3870@BY2PR03MB412.namprd03.prod.outlook.com> <20150718202937.GC18337@mx2.yitter.info> <55AB2827.6080003@gmail.com> <20150719072113.GE18688@mx2.yitter.info> <55AB8E0D.302@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <55AB8E0D.302@gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnssd/RifxYxZipN4uuFZU_Gea8tvyDTU>
Subject: Re: [dnssd] WG last call on draft-ietf-dnssd-mdns-dns-interop-01
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussion of extensions to Bonjour \(mDNS and DNS-SD\) for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2015 11:11:36 -0000

Hi,

On Sun, Jul 19, 2015 at 01:46:21PM +0200, Douglas Otis wrote:
> 
> I see mDNS and DNS-SD when populated from a hybrid scheme as
> representing the same fruit.

You seem to have a category mistake here.  DNS and mDNS are both
resolution technologies -- two of the ones that can be used with
DNS-SD.  DNS-SD really just specifies various records, the relevant
record formats, and how to interpret the owner name of those records.
In DNS-SD, like in SRV, a pattern in the owner name is used as an
in-band signal to pack three distinct data into a single message
carrier (the owner name).  So don't actually understand what it means
to say "mDNS and DNS-SD when populated from a hybrid scheme".

> to respond with sizable RRsets by design.  Responses that
> may only be suitable with local exchanges structured to
> facilitate service browsing.

What are "Responses that may only be suitable with local exchanges"?
What is a "local exchange" anyway?

> Also, in the case of the hybrid scheme, a TLD of say '.home'
> is using Ambiguous Local Qualified Domain Name (ALQDN) space
> (see RFC7368). TLDs containing such resources are not held
> to common conventions and may allow visual conflicts, for
> example.

It seems to me that, if you're looking up ALQDNs, you're already out
of the DNS.  If the service isn't limiting that lookup, isn't there a
problem anyway?

> As such, a common naming convention may not exist. When a
> naming dichotomy is ignored, whether '.home', '.onion', or
> perhaps '.domů', resulting incongruities may carry
> substantial security risks.

Yes.  That's an excellent reason to prefer a single global resolution
namespace, because unless you're following a single set of rules you
run the risk of opening a hole.  I think we've established that we
want to add some sort of sentence to the security considerations that
says that there's some danger in having multiple resolution contexts.  But is there something _else_ to say?

> A practical solution may demand
> a strategy that excludes the majority of mDNS resources
> structured as DNS-SD from being directly seen on the
> Internet. Establishing guidance to handle very different
> name spaces might be seen as a type of profile.

That all may well be, but I think it's not what this document is
about.  You seem to understand that, because it's what you're
complaining about, yet you want to change it.  But it's as though
you're complaining about the cargo-hauling capacity of a sports car: I
think if you want what I think you want, you need a different
document.  I'm not even sure it is a document that belongs in this WG;
maybe mif?

Best regards,

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com

v2.23.0 | Report a Bug | By Email