IETF Logo Mail Archive

Re: [dnssd] Adoption call for draft-sctl-advertising-proxy

Ted Lemon <mellon@fugue.com> Tue, 17 August 2021 22:46 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97C273A0DB3 for <dnssd@ietfa.amsl.com>; Tue, 17 Aug 2021 15:46:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hWWxp6GgzwgR for <dnssd@ietfa.amsl.com>; Tue, 17 Aug 2021 15:46:24 -0700 (PDT)
Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3FA93A0DBA for <dnssd@ietf.org>; Tue, 17 Aug 2021 15:46:23 -0700 (PDT)
Received: by mail-oi1-x235.google.com with SMTP id u25so1585895oiv.5 for <dnssd@ietf.org>; Tue, 17 Aug 2021 15:46:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:in-reply-to:references:mime-version:date:message-id:subject:to :cc; bh=VoKLKmaJbGhNlegbseMm3oYNps4VUCWfbFjLG6/68a4=; b=QfxYB2BmsBs34TUdQvDJiSeCg1RxQq+UEY2GYSEOT78OSM9fA6wbiPNwmdhsVGkbfP d+KXwMFQwTHDxcPfmjSEbOBXTjtLd+e2NRwFDvSuoPd/h3qpX6DTSCPqNF/CEZQZslf6 BNrifNRAAEl9VOuTgyInW0QVWkjivMPsQw/cQJOt2XYIZ97eMnWrLvb7USdTEyouowfD K/11jDoffp1Nv4DelyLiuSeSw9VBy8j9E0/VJ4FQwoT3TOQeWIsZbINoZlmkojXsgZfM 8GUFBW5+u4lLJq2n3lKfTg8fNeyoLKY2o1FdvBDBG/g3xclEzWeVG7+UNbzpiEnJJvcI DdEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=VoKLKmaJbGhNlegbseMm3oYNps4VUCWfbFjLG6/68a4=; b=WJJKEdQYDCA9jOxdfjXQiPnSUK05xdD+hwQ6vZtGZr1VYXNH3VGwQbHsOjfiddyHIb Z1DhcE4uOvCoBwbKcDiN0tfEiYKhFxy/jT0XQjj4JPPNIkWNT1pHx1Rh342c1o7/6/vZ xxdX0o9afiR74uRL8lM82+shkA+B+zeUg8hfIghe1PR1y0em1wy0oGryc88ii73zHRzD 1IGshipN7UOVxkMdtT1Yg9bumJASKW1CXS3bgGeQUFxkzNaeGDWeuYnFOzn+zOocS1df P1fRvu0JzoJSFObmF7w51gcuSda6keh7MR6V9krkN3QIGQsFOw8xv4ZFWO9zBWbLnJrJ zGQw==
X-Gm-Message-State: AOAM531178oSpxDiWVp1NX8GdyFCFq6ufF+FS7e41eymyRFEOqnKlY+h CfNzevnXEIr+3KUBpynPXvMlmB+zneo14H0bhye1NA==
X-Google-Smtp-Source: ABdhPJyGRjPBKx4tucTPBirGrTFbrdb4DAhWiCKur5A4n8tH0k/xZRfljIAQI0n8RQPRcHwe8sSnxwwQMQQ2Dqqja20=
X-Received: by 2002:aca:2b05:: with SMTP id i5mr4406138oik.55.1629240381002; Tue, 17 Aug 2021 15:46:21 -0700 (PDT)
Received: from 1058052472880 named unknown by gmailapi.google.com with HTTPREST; Tue, 17 Aug 2021 15:46:20 -0700
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <CANLjSvV45ki5ZjGut62uJTtyJ8+J8AwXcPKNMUTimDUoga5qkA@mail.gmail.com>
References: <CADPZrgTu8QeR=yAM+9w0zDJ45Uz7Lgs12-6PKzutTW_p1RkA4Q@mail.gmail.com> <CAPt1N1=NgRRVnD1L_dJ_mZYuE5ReXOv0sK_cL6RcjcmpdQZOYg@mail.gmail.com> <CANLjSvV45ki5ZjGut62uJTtyJ8+J8AwXcPKNMUTimDUoga5qkA@mail.gmail.com>
MIME-Version: 1.0
Date: Tue, 17 Aug 2021 15:46:20 -0700
Message-ID: <CAPt1N1myE-01aNhTS69OU4Xr+6dhfyzZCXO_Piov2LFpjbNsNw@mail.gmail.com>
To: Lanlan Pan <abbypan@gmail.com>
Cc: Simon Lin <simonlin=40google.com@dmarc.ietf.org>, dnssd <dnssd@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002a084205c9c91695"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/h1veaZ5XC7nsauMyXK5UzgWqMWg>
Subject: Re: [dnssd] Adoption call for draft-sctl-advertising-proxy
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2021 22:46:27 -0000

On August 17, 2021 at 10:33:00 AM, Lanlan Pan (abbypan@gmail.com) wrote:

I don't think dnssd-zone-discover helps with this. I think the client needs
to either unregister itself with SRP before migrating, or follow the same
protocol I mentioned earlier with respect to its service advertisement:
advertise without asserting uniqueness.

+1,  advertise without asserting uniqueness.
To join in a Thread zone,  srp client should be authenticated through
J-PAKE or other protocols. the srp client only its own the srp server, the
srp server can only ensure the uniqueness in its zone, but not asserting
the uniqueness with other zones.
If srp client migrating to a mdns client, just follow the mdns conflicts
policy.

Actually that's not really an issue we address. Yes, on a network like
Thread, the commissioning process guarantees that the client has the right
to connect, but it doesn't guarantee a unique hostname. Some other part of
the onboarding process might do that, or might not, but SRP doesn't really
pay attention to that. Rather, devices are expected to have a unique
public/private key pair that's used to claim the name, and conflicts are
detected by noticing that the client making a claim to a name has signed
their claim with the wrong key (wrong meaning not the key that was used
last time). And then that client doesn't get the name. This is FCFS naming.

As long as there is a single SRP namespace, it's fine for it to span more
than one network link, because the FCFS naming process ensures that there
will be no duplicate names. If a device moves from Thread to WiFi, we want
it to keep the same name.

The problem is that mDNS currently lacks the capability to defend names
using FCFS, and so when this roaming occurs, if there is an overlap between
the lifetime of the SRP registration and the lifetime of the mDNS
advertisement, we need a strategy for dealing with that.

The strategy I'm proposing is that we allow the conflict to exist, and let
the application figure out which information to use. Ultimately though we
want WiFi clients to use SRP, with FCFS naming, and that solves the problem.

We could do what the Discovery Proxy does and give each link its own name,
but I didn't suggest going that route because I think it's confusing. Is a
device with the same name in a different domain the same device that's
moved to a different network, or a different device? The application still
has to figure this out, so we haven't gained anything. Additionally, the
app needs to do more work, because now it has to have a list of domains to
query (or the API for finding names has to know to query multiple domains).

Also, with that model, when a device roams to a new link, until it's
discovered to have roamed, there is no name the app can use to immediately
reference the device, because now the name changes from link to link. So
the app has to always be doing discovery just to find the device when it
roams, even if it isn't interested in other devices that have the same
service type.

So that's why I tend to prefer the model where we do our best to avoid
conflicts, but when we have duplicate information, we allow it to coexist.
The app should be able to fairly easily figure out which information to
use, and the period of coexistence should be brief, so if there is a cost
to disambiguating, it will be paid only infrequently.

v2.23.0 | Report a Bug | By Email