IETF Logo Mail Archive

Re: [dnssd] Review of draft-ietf-dnssd-srp-05

Esko Dijk <esko.dijk@iotconsultancy.nl> Thu, 19 November 2020 11:22 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 237BA3A0977 for <dnssd@ietfa.amsl.com>; Thu, 19 Nov 2020 03:22:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RXbZAZiVWum0 for <dnssd@ietfa.amsl.com>; Thu, 19 Nov 2020 03:22:14 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2109.outbound.protection.outlook.com [40.107.21.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CC053A0975 for <dnssd@ietf.org>; Thu, 19 Nov 2020 03:22:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=deZC9Dq3dcjjuGjGVyl/dM4ax6BelzaJv2lLE1oNzeHPmH40Q8oTRgTzFmBxgBqjk5o8JB005oOqhi004wjZCVshtLSYlTFpRE7cSJ5rgy3ZhTJFfNRVfVPUoOJV57Lz7voadH7shgJBQCiF5LrLN9nZaQOT4yz6eyaw9w/inwHxsmSRLp/6uarPq4H7F/Lwp3gP66gv3QeFctx1jLzxvYrRrqOQzoy75kiTqJ6AV2LNf45Bkv+0D25xILFlKuSRRrE/DpJzzwVSawhGGQJDpafs7QXdD6WW+3KUGOjfTCw0w+2//xc5Sdlu9wsMkzN3WufP5/T5rg7Wc83zGnSGBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uwRbpn1pyaUv+2VxOtAEHJgPXEgd1sHFbLt+HGgSUog=; b=jKiB42ygVB7dKHdGHV4kZBOjJususwko0EFKQT+dNXTWzh+Q3/ULHcYzPzU2N6yCdj7QrSz9lavUOWxBlIomiUCu0Nmy22WrvXULJQribjzpRD1LSSHwu5Z9UhAE3q1ZqcZ8PZc8cISHrCIbq0P0/V0t/2R8tA8gvyTptBjmdc1INMvQ2iKZhrjCM/9hLreO5CtdL2e9kF6V92o1QIfbqD4E48vB9VBcsbcVnfv1PcDEJxEw5ZfT636RDwz+ZfxTegyxjRdWLbd1qULAu8Xw8YGdqbZg6h9v5y5HM8KXDlR0lSzZ812Erw3KFvQl+W5IGetSh3IDib2KrYI1PxtafQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uwRbpn1pyaUv+2VxOtAEHJgPXEgd1sHFbLt+HGgSUog=; b=yxe9N83JTx3cHFJ3AOTUtl+umYBjBcQPWGWSbxdDE9HzwrLf4oi/zsL+34nEj6DJJzJR9214OrmKs6csf7viBdQZR8OK+YJCVjDLkadKRmJHrGD9bY0yIMag87HT+ZXxjLd4AFsyqxUNyH61cCsyENtu7iJceKc2kuvOlAwuUjI=
Received: from AM8P190MB0979.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:1d3::8) by AM4P190MB0178.EURP190.PROD.OUTLOOK.COM (2603:10a6:200:62::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.22; Thu, 19 Nov 2020 11:22:10 +0000
Received: from AM8P190MB0979.EURP190.PROD.OUTLOOK.COM ([fe80::b0bf:bd8a:de8f:55fa]) by AM8P190MB0979.EURP190.PROD.OUTLOOK.COM ([fe80::b0bf:bd8a:de8f:55fa%5]) with mapi id 15.20.3589.021; Thu, 19 Nov 2020 11:22:10 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Ted Lemon <mellon@fugue.com>, Manuel Amutio <mamutio@kirale.com>
CC: "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: [dnssd] Review of draft-ietf-dnssd-srp-05
Thread-Index: AQHWtgxfaHtCkbQClkW8r+5qwWox9qnOeomAgADS/wCAAAfsgIAACLtw
Date: Thu, 19 Nov 2020 11:22:10 +0000
Message-ID: <AM8P190MB0979A8AF4C5352F4F040D137FDE00@AM8P190MB0979.EURP190.PROD.OUTLOOK.COM>
References: <CABXuWKtbNjwtVtiRjQwFrF=1WJ6fEUpQaUZz7iNkL4TG260MoA@mail.gmail.com> <843154D5-2D1A-4CD6-9922-64B01FA2DC1A@fugue.com> <CABXuWKvQu7k+MSKq1svQSt=hFO3Hv39ARXCHUo+a2pmt9zdprA@mail.gmail.com> <693293B1-04A9-4F6C-AA0A-BE5F1A099BD4@fugue.com>
In-Reply-To: <693293B1-04A9-4F6C-AA0A-BE5F1A099BD4@fugue.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: fugue.com; dkim=none (message not signed) header.d=none;fugue.com; dmarc=none action=none header.from=iotconsultancy.nl;
x-originating-ip: [2001:1c02:3103:f000:359f:a59d:3362:237]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 66c08c93-667c-4484-5733-08d88c7d5b40
x-ms-traffictypediagnostic: AM4P190MB0178:
x-microsoft-antispam-prvs: <AM4P190MB01788004FE3B6F224401101DFDE00@AM4P190MB0178.EURP190.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: hXtZQ7yfoc8icrrmpVTAFl0NrM/bWEtZ9SCZaikLZbSkO/7qmx3SKuTYlokux8yft8fn0vei913o6awG4QH4D66psNmp9w60bemSjfdeDJk4Te0sUctgbDZZvELrcMkBNqR08KLVdTePXN/w7PFUQ1MELa8hd/N+0Hw+Y5bRSY9qRsJTb8Z4Abu8N8VV4+2Y0phTMqhCbxg94XkUMLXUsuJRWROW9xOU7SIve7fRe7PfLd2nRRVIs6xTvIwnzgqAssRyfOkrOltCe0Rgqwd8q2RtAeeTNWhnLXIScDUxhAtg8ygJC/Fet7NpPc8yci9VC0ZhaKAN6XoKpg/43yOxbg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM8P190MB0979.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(39830400003)(366004)(346002)(396003)(376002)(136003)(508600001)(52536014)(71200400001)(316002)(6506007)(53546011)(8676002)(110136005)(8936002)(66446008)(66946007)(66556008)(64756008)(66476007)(2906002)(5660300002)(33656002)(76116006)(55016002)(44832011)(83380400001)(7696005)(86362001)(186003)(4326008)(9686003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: QNpB865CTKn/DMVvikJCXsk/cvE/ilTJ8UghW6V+v0hUigciStjTad0RIqqmfCPNAOjZ3KK9zklgf3i1Fhnduc0rojBc2qD2zCUs6tu+t43m6Xw4XC8aH1/UTnlf1eOzH6BufE9UpF29tgX++Plq/I1pP0KmxmOyXreqAsoLoHOfka4pWm6M0wfZAyzk28HhgjyuCiPP76B7yYampKkwxOd02A4dVYsVk8xB7QehM4g09ryYQjni/Go/y8Ri8ohm4S2vPB1YbSB4wRs6fcvBo0E+e1/2y0GXbnBnaSTD5wUouQyOBcaZAg2wuJiggWEHI3R7rBdQ+ukcEoiWsdGuwDXtFmfkQCM86mdvLOxJIdHf8jDMr7xGqmL5/c2tRd//R9RYK+pXMu3ZaDkg++IqqzPM5ztU6YpkYnlFzYPSfDuPZB+WU367MkmYMo9uzos67a9SLhQuxF/tJNo0uIxQv3bYFtbGKAA8PAoBGSvsQe8tC+KLfaUl7sa5txFOvCuXP85iBCjsn12VXG/LO2MN18lQlXM4cXcSPLLiwlE+kyLPgKCooxkUm5X4pwSxKF/Y9HlPvRN7Ms/al6iHa6Ey/ocyPgSl16u+L0xLm5qvKlgNS/JVxbUxrQiLhyFH1CZ7+woPx0tLcwj62h8I6TZtrc0DSlbR4WlW2CveB4+YLVD7PFJuLWCI9tCYhHu/XQJ1Sij91KxfI4IdPhCYDIIS4g==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM8P190MB0979A8AF4C5352F4F040D137FDE00AM8P190MB0979EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM8P190MB0979.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 66c08c93-667c-4484-5733-08d88c7d5b40
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Nov 2020 11:22:10.1185 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9OX9Nbup4zhK1uBqLJqmtv5fzVXmLTdsK2rvoXjGsXHNbUX1nO158ZWjIs2GKSggkQsh7djFErOI1HcwINio4sJtBLzqDrFM3cyvGi3xNtc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4P190MB0178
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/xfC1JbP4id07q-LHt2LNMwZK25g>
Subject: Re: [dnssd] Review of draft-ietf-dnssd-srp-05
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2020 11:22:17 -0000

I think many factory resets are done to resolve ‘error’ conditions in products. It is often part of a vendor’s troubleshooting routine, to get the product back to a well-defined state. Especially for IoT type products that don’t have much user-specific data stored inside this can work well. An IoT device vendor could in this case make the public/private key persist across factory-resets of the device; that would be the most elegant option.  Users that reset a device for this reason would typically expect to get the same name back again (at least at UI level – this may or may not be equal to the SRP registered name…)

In case the IoT device is designed to generate a new keypair then the consequence would be that the device can’t claim the same name again, if the SRP server still has the entry stored. So I assume it will try a new name then.

Don’t think that the SRP draft needs to go into these (design) details though, doing any of above scenarios should be feasible for a product.

Esko

From: dnssd <dnssd-bounces@ietf.org> On Behalf Of Ted Lemon
Sent: Thursday, November 19, 2020 11:43
To: Manuel Amutio <mamutio@kirale.com>
Cc: dnssd@ietf.org
Subject: Re: [dnssd] Review of draft-ietf-dnssd-srp-05

On Nov 19, 2020, at 5:14 AM, Manuel Amutio <mamutio@kirale.com<mailto:mamutio@kirale.com>> wrote:
Regarding my first doubt, I still fail to understand how a device which has lost its security material, for instance after a factory reset, could then claim its right to dispose (remove or update) of the service that was created before.

It can’t, and the document doesn’t suggest that it can.

The expectation is that this would be done when the ownership of the object changes, so that it would be deployed in a different context where the name it claimed would not be used.

v2.23.0 | Report a Bug | By Email