Re: [dnssd] Genart last call review of draft-ietf-dnssd-push-20

Tom Pusateri <pusateri@bangj.com> Thu, 11 July 2019 21:46 UTC

Return-Path: <pusateri@bangj.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43E2E120112; Thu, 11 Jul 2019 14:46:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HpwI8zS2pFZI; Thu, 11 Jul 2019 14:46:44 -0700 (PDT)
Received: from oj.bangj.com (69-77-154-174.static.skybest.com [69.77.154.174]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DA801200F8; Thu, 11 Jul 2019 14:46:44 -0700 (PDT)
Received: from [172.16.25.146] (69-77-155-155.static.skybest.com [69.77.155.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by oj.bangj.com (Postfix) with ESMTPSA id 62625347B2; Thu, 11 Jul 2019 17:46:43 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3564\))
From: Tom Pusateri <pusateri@bangj.com>
In-Reply-To: <BF75518F-25E9-4283-B647-6382F50A5CCA@bangj.com>
Date: Thu, 11 Jul 2019 17:46:42 -0400
Cc: Stuart Cheshire <cheshire=40apple.com@dmarc.ietf.org>, Eric Rescorla <ekr@rtfm.com>, DNSSD <dnssd@ietf.org>, draft-ietf-dnssd-push.all@ietf.org, David Schinazi <dschinazi.ietf@gmail.com>, Robert Sparks <rjsparks@nostrum.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <ED99C670-3149-417C-B465-99A48D70C584@bangj.com>
References: <156175221593.21875.9525138908968318905@ietfa.amsl.com> <9E6DE124-9262-4870-A920-4E707A38DC08@bangj.com> <CAPDSy+7om=cBW51cyuPea9nabgJuRV3M+++gA7sy8VzfNpkn6Q@mail.gmail.com> <9F8CFF4A-ABC1-4005-AE65-6CE64940B59F@apple.com> <CAPDSy+6V+ooWDe7XezmWA_XKNQXRAOex8DE5CiTnZdz8zc-9CA@mail.gmail.com> <F6DD5CEF-E644-46E3-84B5-18309F6B44C5@apple.com> <270A8516-8BE8-441A-A6CC-4FDE8EFE2B10@fugue.com> <BF75518F-25E9-4283-B647-6382F50A5CCA@bangj.com>
To: Ted Lemon <mellon@fugue.com>
X-Mailer: Apple Mail (2.3564)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/bN6FioS_MnJe86YhN4rh0yl6IrA>
Subject: Re: [dnssd] Genart last call review of draft-ietf-dnssd-push-20
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 21:46:46 -0000


> On Jul 11, 2019, at 2:20 PM, Tom Pusateri <pusateri@bangj.com> wrote:
> 
> But I think it would be helpful to outline the actual errors that could occur on either end and verify this works in every case. Sending as much information to the other side as possible is helpful for determining bugs. TCP RST signaling doesn’t convey much information.
> 
> Tom


Here are all the places a TCP RST was suggested in -20. These are all likely BUGS.

1. CLIENT receives SUBSCRIBE from server
2. SERVER receives duplicate SUBSCRIBE
3. CLIENT receives PUSH with no change notifications
4. CLIENT receives PUSH notification with ‘collective remove’ TTL and non-zero RDLEN
5. CLIENT receives PUSH notification with DNS message length larger than 16k
6. CLIENT receives UNSUBSCRIBE from SERVER

In cases 1, 3, 4, 5, and 6, the CLIENT will likely mark the SERVER as buggy, close the connection and not try to reconnect for a period of time or use another SERVER if available. A RETRY DELAY isn’t applicable and the CLIENT can close the connection either with a TCP RST or a TLS close_notify. The consensus seems to be to send a TCP RST in this case.

In case 2, the SERVER should send a RETRY DELAY TLV and then send a TLS close_notify or it could wait for the CLIENT to close_notify or RST but the SERVER shouldn’t RST because it wants the CLIENT to get the RETRY DELAY.

There are also cases where the server sends a RETRY DELAY TLV because of a SUBSCRIBE error and the CLIENT is supposed to close the connection. However, if the CLIENT does not close the connection, the SERVER may choose to close it in which case it should close with TLS close_notify to make sure the RETRY DELAY is received.

I think it would be better for the CLIENT to try to send a TLS close_notify after receiving a RETRY DELAY so it can resume later especially in the cases when a SUBSCRIBE fails.

Tom