IETF Logo Mail Archive

Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt

Ted Lemon <mellon@fugue.com> Tue, 31 October 2023 21:30 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90251C15155F for <dnssd@ietfa.amsl.com>; Tue, 31 Oct 2023 14:30:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LiEroaMtUTHy for <dnssd@ietfa.amsl.com>; Tue, 31 Oct 2023 14:30:39 -0700 (PDT)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D6BDC151090 for <dnssd@ietf.org>; Tue, 31 Oct 2023 14:30:39 -0700 (PDT)
Received: by mail-yb1-xb2d.google.com with SMTP id 3f1490d57ef6-da0cfcb9f40so4981802276.2 for <dnssd@ietf.org>; Tue, 31 Oct 2023 14:30:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1698787838; x=1699392638; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=M6kaudPMNVwkpZVI1CiTuM1B8uupCK7BTbB1LKokS/E=; b=j3iv//QcEKp1xSmYV8/bg+QGJAZKfRlKlYcP7pWByaz2sXfbmoan3W+Ju5TCsqjYl5 0y6KruW2pQCVkAaxgU4W5P/AnG8mvnpkrfWkoX89VXWSRdFNvYAK1sMxvAD00GBG3A/U WCy7XTPhGPLcbhXb7neRENJiywLJUc2r7iEMXhfeWxsWFnykPB5VgZtdrYUp/zubB5H5 cQcGm+CVErjTnWtuu6nTdD9eIef4yPgJ/2iuE0XBRQyoZzDr+rp1Nz4d32bSrfDzgotc 6NsjoYAN0fl9KDqgNVILq1q3EM3HtnZDIrC6j6jE72kgebetE7qAYYIO2FYEw/AUsCLu nhfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698787838; x=1699392638; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=M6kaudPMNVwkpZVI1CiTuM1B8uupCK7BTbB1LKokS/E=; b=iGuQ9KROmdtFCaBcHd2ZEf2gz1yh9hN/KPPRBN+BiukKpWSizfD79INMe7ggowV8eg L1baxRXL/OGq+qghySbs8ZWveTI9dV65vTz+rw7ntuFdFYxzVEfAvJzLU0sV3ftjI1V7 StJH3YMEr2gIgnz9LrRta5dI2Ol2QktvAbQNUcGYfGdBwq7bs0DuXila2ExgTfAt0WDZ bevH9M+Y+oJANwsq38t3Lz07nwEpX/atXEele4r6uLGGyrygrEoMTwoOxL62dO8moEJ6 Aa7yAYbFzyMdhXVZzBoQnnxxJPrRGYRiBIi6eCchm140ez0g6YAYvKFjibm/6+u5QNVD 51kg==
X-Gm-Message-State: AOJu0YxpJaJqciYHJ5UzFcfqcDHywoafYZ0+9zZhF1I/xEKv2U6gGiHV FjRqzo/pBK0Y1ehZLcfjqmu71gp8dSe4GVd3b/mAkyAescW3b06IeWk=
X-Google-Smtp-Source: AGHT+IGx96GBY3HNPq7/UlmR0W+Eivi7olyysxftOl+S28HJC8nLswmlfJiwJGjYu6a3AD87UVnfZ6x/OtirwcvOqsg=
X-Received: by 2002:a25:d2d0:0:b0:d9c:28df:87e3 with SMTP id j199-20020a25d2d0000000b00d9c28df87e3mr12133406ybg.35.1698787838113; Tue, 31 Oct 2023 14:30:38 -0700 (PDT)
MIME-Version: 1.0
References: <169118866241.13601.15936262706231533955@ietfa.amsl.com> <8e212aa0-dd57-4733-8992-6d4f9b5aa3a5@app.fastmail.com>
In-Reply-To: <8e212aa0-dd57-4733-8992-6d4f9b5aa3a5@app.fastmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Tue, 31 Oct 2023 22:30:02 +0100
Message-ID: <CAPt1N1=dd+a-x6RYFW9YP2-zHj3eR+mry15YL=zq=MigvpggDQ@mail.gmail.com>
To: Alexander Clouter <alex+ietf@coremem.com>
Cc: dnssd@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a3d04a060909dd74"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/XaTdJVWXj_VO2uEAealBdR61PO4>
Subject: Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2023 21:30:40 -0000

Hm, good question. I think I was sufficiently under pressure when I did
that code that I may have forgotten to document why I used that value. I'll
have to revisit it. Next week. :)

On Tue, Oct 31, 2023 at 5:15 PM Alexander Clouter <alex+ietf@coremem.com>
wrote:

> Hello,
>
> On Fri, 4 Aug 2023, at 23:37, internet-drafts@ietf.org wrote:
> > A New Internet-Draft is available from the on-line Internet-Drafts
> > directories. This Internet-Draft is a work item of the Extensions for
> Scalable
> > DNS Service Discovery (DNSSD) WG of the IETF.
> >
> >    Title           : Service Registration Protocol for DNS-Based Service
> Discovery
> >    Authors         : Ted Lemon
> >                      Stuart Cheshire
> >    Filename        : draft-ietf-dnssd-srp-23.txt
> >    Pages           : 40
> >    Date            : 2023-08-04
>
> I've been working on my own implementation and stumbled onto some greyness
> around the KEY RR.
>
> I have not been able to find anything definitive on what the flags should
> be set to, maybe I missed it though.
>
> Appendix C provides an example where flags=513 and if you go spelunking
> through the mdnsresponder[1] and openthread[2] sources you find they both
> use this value too.
>
> >From this you can of course go an swot up on RFC2535 section 3.1.2 to
> decode 513, and it mostly makes sense why the values are as they are, but
> as a reader I only came to this conclusion after reading another
> implementation and not from this draft.
>
> It would be helpful to include a suggestion guiding the reader as right
> now I personally am using '513' as a magic interop number instead of
> because I consciously decided it suited my needs.
>
> Maybe something along the lines of a new section just before section 6.6
> ('Required Signature Algorithm'):
> ----
> Section 6.X: Guidance on the KEY RR Flag Field
>
> RFC2535 section 3.1.2 breaks this field up in to several parts and it is
> RECOMMENDED:
>
>  * A/C: set to 0b01 (prohibit confidentiality)
>  * NAMTYP: set to 0b10 (ie. HOST/ENTITY[3])
>  * SIG: set to 0b0001 (ie. GENERAL)
>
> It is RECOMMENDED you use 16897 (0b0100001000000001) but as an SRP
> registrar you MUST accept 'A/C & 0b10 == 0'.
> ----
>
> I am proposing A/C=0b01 as I do not know enough about the DNSSEC crypto
> sausage making machine to state what should be and hoping this prompts
> someone who knows this to suggest something more appropriate.
>
> Cheers
>
> Alex
>
> [1]
> https://github.com/Abhayakara/mdnsresponder/blob/d7779d704ef6e4724d0d0fd4a11a91ff9caa4004/ServiceRegistration/srp-client.c#L1203
> [2]
> https://github.com/openthread/openthread/blob/7074a43e4577d32d5535d52e7940ed2ea7e3a528/src/core/net/srp_client.cpp#L1309
> [3] wonderfully you can only tell the difference between ENTITY and HOST
> by reading the bind9 source[4] to find out they map to the same value
> [4]
> https://github.com/isc-projects/bind9/blob/3f205f3218915e00d5a7162d7665adfef473d8ba/bin/dnssec/dnssec-keygen.c#L589
>
> _______________________________________________
> dnssd mailing list
> dnssd@ietf.org
> https://www.ietf.org/mailman/listinfo/dnssd
>

v2.23.0 | Report a Bug | By Email