Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt

Esko Dijk <esko.dijk@iotconsultancy.nl> Tue, 10 October 2023 16:14 UTC

From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Ted Lemon <mellon@fugue.com>
CC: Alexander Clouter <alex+ietf@coremem.com>, "dnssd@ietf.org" <dnssd@ietf.org>
Thread-Topic: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt
Thread-Index: AQHZxyROoxLcDP8FdEKzoOzOZ1E/t7A4ckUAgAAFdgCAABqVgIAABDOAgArLGiCAAAsVAIAALAlw
Date: Tue, 10 Oct 2023 16:14:29 +0000
Message-ID: <DU0P190MB197868FB3CBACEEAD216DEECFDCDA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <169118866241.13601.15936262706231533955@ietfa.amsl.com> <ee7f1fcc-ed24-457e-9fad-0248cd2d7fee@app.fastmail.com> <CAPt1N1kxtBAyAMbp=pwneNJEWUE300CGGQtr0wMdPbdUye7YYA@mail.gmail.com> <65676093-1ec8-4693-af49-79141507b6c3@app.fastmail.com> <CAPt1N1ndBC-yqd9T+08xoenT1stm5c0mP=2b2hWBFtF4VExJxQ@mail.gmail.com> <DU0P190MB197824A5BFCF64175FBF48ECFDCDA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1nrGnRbkQ6Tt6ztdsKM5YHfSxz2s7deBxfsnh0EKVkDvA@mail.gmail.com>
In-Reply-To: <CAPt1N1nrGnRbkQ6Tt6ztdsKM5YHfSxz2s7deBxfsnh0EKVkDvA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Cp/kqnCaZ7Xh6Qh87/ACHr+c2e1TX2SG0TXQW0jjQyPJz+hdE8m0spBfRSebKu22Qb7zV7o/bFIDkqHAnRDz00JcLAgLjqXetPA1oBFZ2KX8M/yht6o37OO80z5pXe9QTE4EtFlIC1j9tY4u77VKgcvfibbN+KMxW0nEW52XoLtv1MJfQ+Qd8NZdLoMie6JUgrGmfzSXEP1JHdzKUdqhZe1e4xH2TEkrXg0mPzBAlJfc0dgDmoHrzoRsF6rnFNGKHGgKSN7GPB8kIoy0bXMkx3mA2tWL8pXi/F3NXxewdjRwUhu+fFZppUGTdTfFNOG1NUu3S7qK8bT3k0hYzfBQNRqLtROtt1jyjDpfbj2iEndoQYCUHfVf8kSje8O/LdU9Cp9i3u0cYULikczOPzH5jkPHa1sVD0qT4JzJv6iZyYD1J2W+9LX3KesVzLBd8FFIJuY9Bbixr2hatQPdvFMmJjMFmXv722OvPEpTAHZ2oYclzNSBUiMfwV5mhG2+9vLHelBU+nZ8M+A9dFgfA3L43wYOFhV5YG/4rMzfe3LLhFzMy9hBmJd2WZu3Ruo3/BlGXAgK0FbgFtlJXsjEA7j5BIP0ujYU0y6rlbNJIrMXUwJCKqrpShfHpBk3uhe8EaYdEiiKITmpgDaMF8yoqL93JEFbUYbmjDe5q2S6NuL/ka7Yh7DO4myYvhkmi6dlyfiOBJwNAMTzHtB/WAxsB12K9OwheBuSBHtOHtK9bUytaMic5zQ9s5Q5mBfftYMS1cebD0N+3K0UW/OZD0mNcSE7BiGMSyPwvvo3S5s21bZHCI5bKr1K4tB3VnH1TOwwkQF0NvVuwPCpcwLo/wzWn4u148ZzHXo+d/xNCDTYP/+gAh49cWoGyEMHPF2jV+ATGdHe7H2jslXiuCxciG1fD3AcYlxL9wY4qeEF7I77FVcWCwV8DRPV+w7xR75/XB+TA/yFPuNmLwkYGJybIDjQIt5RqufZr75ArbVxama8K5buCFF367PHVvKsRiYLqZ2zBaI2CXZP/6bb8kLWEVbHKh+n0bZy6yorBU9EIEjyOsTPUv1QX+tfXf1Jng3Z3r1d84muWEaAjULprTaEHGqZuZQsRW7uJqam0xCBXntTxO2akiawel/4C/MMk4nA45B5TH2eKpMgG+WxqpvdG1xkoWSDrgnPZa6GXH6V29HbnfM/DFpCcdHczMASc3hh1WdE6+8d8QVoTYfV4YdQlq+sCG6XpJoFr8KlxAsvWPKqRE3C3owwuPuUuoOUcjhArz70ELKvMQHLjUNoKP8C+zxjBcbLUOed4q5OrXp8eaLSz7mQwX/MOAheISeE8mTMsSx3jV7uaqhQNhB+c75jaJ+Mzic/kUOzda2J9pMxOYGjq5QmcVybiyNFvnvX5lFvs9V4q1PdgqyzOfjiC+7eMIgUeztyo0IgxMWFCNoVUkwDgY8EXLTv2Za5UzV2Brwz//r3oLyTmmU0LotbItzWGsB33uOVw9mZD7mAq+ClFTB4tVXV01Cs8ldUVPcO2gS1fIboXRRnpVjuVlBAWjrVVVd5E151MnKjZzW73eVyyZcNBh5mWvZi3LVn8881bgg7MKq7anpI
Content-Type: multipart/alternative; boundary="_000_DU0P190MB197868FB3CBACEEAD216DEECFDCDADU0P190MB1978EURP_"
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 09f2b577-b3eb-4ada-8f75-08dbc9abfb35
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2023 16:14:29.3691 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z0r0jAhPf+nFL8AgVdvjB8p7rAPta0gVMFK0KBpG1I67UjBwoN1hI0P6oi/QsPrfQAsfmeVSPMnSTYstjZ5HZygUc3zObZ2I6wi2RuwSLuo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9P190MB1347
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/ctPObUP-cfgwCF8px94QWIq1Rxk>
Subject: Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2023 16:14:38 -0000

> If we'd had this idea early on, I'd say it was a good idea and worth doing, but at this point maybe what we have is good enough and we should not mess with it.

Agreed!

> A stub network can't have any subsidiary networks, so hop count can never be decremented.

I don’t agree here; in general for IP mesh networks and specifically for 6LoWPAN mesh networks we can have multiple types of routing (per Section 2 of RFC 6775)


  1.  Mesh-under – any number of radio hops through the mesh network is always equivalent to one IPv6 hop. So all radio nodes appear link-local to each other.  (This is usually avoided for performance & scalability reasons.)
  2.  Route-over – every radio hop is equivalent to an IPv6 hop. Hop Count gets decremented every radio hop.
  3.  Hybrid – some mixture of mesh-under and route-over, picking particular aspects from both solutions. Thread is an example of this.

So for types 2 and 3 there could be multiple IPv6 hops in the stub network. Our definition  of stub network doesn’t preclude this; the property that the mesh doesn’t provide IP transit still holds regardless of the number of radio hops or the type of routing.

Esko

From: Ted Lemon <mellon@fugue.com>
Sent: Tuesday, October 10, 2023 15:27
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: Alexander Clouter <alex+ietf@coremem.com>; dnssd@ietf.org
Subject: Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt

A stub network can't have any subsidiary networks, so hop count can never be decremented. However, having reflected on this for a week (?) at this point I have to agree that this is too big a change to make this late in the process. It's true that an off-network spoofed packet with an on-link source address could be used as a DoS attack to the SRP server in theory, but in practice I think that checking the interface on which the packet arrived eliminates most of this risk, certainly for the constrained stub network use case.

If we'd had this idea early on, I'd say it was a good idea and worth doing, but at this point maybe what we have is good enough and we should not mess with it.

[dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt internet-drafts
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Ted Lemon
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Ted Lemon
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Ted Lemon
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Esko Dijk
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Ted Lemon
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Esko Dijk
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Ted Lemon
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Ted Lemon
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Esko Dijk
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Ted Lemon
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter
Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.t… Alexander Clouter