Re: [dnssd] draft-sctl-service-registration call for adoption

Toke Høiland-Jørgensen <toke@toke.dk> Thu, 19 July 2018 19:18 UTC

Return-Path: <toke@toke.dk>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 069D7130E8B for <dnssd@ietfa.amsl.com>; Thu, 19 Jul 2018 12:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=toke.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZUddYWfgLy8u for <dnssd@ietfa.amsl.com>; Thu, 19 Jul 2018 12:18:16 -0700 (PDT)
Received: from mail.toke.dk (mail.toke.dk [IPv6:2001:470:dc45:1000::1]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74A5C130DC6 for <dnssd@ietf.org>; Thu, 19 Jul 2018 12:18:16 -0700 (PDT)
From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= <toke@toke.dk>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=toke.dk; s=20161023; t=1532027894; bh=SiFPprHdhAMhFvTb/pKw059uXhxFROqrQNeyMpeLLKI=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=OenRk7/g3jlareIndSeYzlgh5Dn62h18D2gCoqGy6Cl3mePadFWsZmILPiskan/5O kKg8QovjsIQUzWGKWPNCMOq2sOqj16sd/uBPdLtN7m/lY5TtHjSYfGSwK5JMUxiWdu YNnJILvfCoXp2oTIwrac3XONc+Ti05FNSogJg4x/NpU2dssH5iPZ28Aw2xKS3bKaLB JzFOK6a/iGMmbZAX6F4IQPWTpUzPnFnibROXndvBKIoz1oOEKhO/coGtagXRruCBFb sq+ieHmFZdRSkQAOvO6aA8NBIUudtHKyTOqlag5dZIy9WVdGIcAR5sL3/TBwW8lHkk rPMpcJSI7qgYA==
To: Ted Lemon <mellon@fugue.com>, Tom Pusateri <pusateri@bangj.com>
Cc: dnssd <dnssd@ietf.org>
In-Reply-To: <CAPt1N1=XTYr9VDhivAEBxn9O=3woe4r-fLt1HLG9A7rFs6nRVg@mail.gmail.com>
References: <9CEB602B-87CA-4F5A-A0B9-C514528AB9AD@bangj.com> <CAPt1N1mg24bD9h6+N7EsBLbo9sDpwyAsN1TnopuZ0eAcdiNw0g@mail.gmail.com> <87y3e719eu.fsf@toke.dk> <8FF70F87-733C-4DBB-9AAC-85BEA1067105@bangj.com> <CAPt1N1=XTYr9VDhivAEBxn9O=3woe4r-fLt1HLG9A7rFs6nRVg@mail.gmail.com>
Date: Thu, 19 Jul 2018 21:18:06 +0200
X-Clacks-Overhead: GNU Terry Pratchett
Message-ID: <87pnzj3uhd.fsf@toke.dk>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/iv7I3bjRyNlmUJG44GIOHuBE2_E>
Subject: Re: [dnssd] draft-sctl-service-registration call for adoption
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 19:18:20 -0000

Ted Lemon <mellon@fugue.com> writes:

> You actually talked in your presentation on the charter about an SRP
> relay. I think that is a good approach for Toke's use case.

I disagree. I don't want to run a relay.

> I don't think there is any way to do service registration across
> administrative boundaries without some kind of trust mechanism of this
> sort.

Sure there is: source address validation.

Say I run a dyndns service at dyndns.example.org. I provide an admin
interface where someone can register and pick a subdomain, say
myhome.dyndns.example.org, and register their IPv6 prefix. I then
configure my registration server to accept updates from that v6 prefix
for subdomains of myhome.dyndns.example.org on a TOFU basis. All the
user then has to do is add regserver.dynsdns.example.org as their
_dns-update._tcp.myhome.dynsdns.example.org SRV record on their home
network, and presto, all their devices can now register themselves in
global DNS.

-Toke