Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt

Alexander Clouter <alex+ietf@coremem.com> Thu, 12 October 2023 13:28 UTC

Return-Path: <alex+ietf@coremem.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55455C151092 for <dnssd@ietfa.amsl.com>; Thu, 12 Oct 2023 06:28:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=coremem.com header.b="iBdwzZ+R"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="mWTFYR/c"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NZrLBNB5Z_SE for <dnssd@ietfa.amsl.com>; Thu, 12 Oct 2023 06:27:55 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E5D3C14CF18 for <dnssd@ietf.org>; Thu, 12 Oct 2023 06:27:55 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 2F0305C0341; Thu, 12 Oct 2023 09:27:54 -0400 (EDT)
Received: from imap46 ([10.202.2.96]) by compute3.internal (MEProxy); Thu, 12 Oct 2023 09:27:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coremem.com; h= cc:cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1697117274; x=1697203674; bh=CU SBvYsouSKrcjoDj1hzMwKLB+GeSQO4jticIXXNzxs=; b=iBdwzZ+R8RBFr1pR5V 9CswML05fx+V+AnNvxErBJq1N9rIJzLSGOi1yIuxLCQwxlHLVE0HSva0YpMni/iO nd//BV0eh0BmPbdidD+JIHVLaFpXx4ejNhy4CFVLZQb+24TNvuAaQXKtWm7qvCrc AF+6Pf8m4cg9bgvgnE9jDLs6svkgrHJC51U/Ysu8xlwetzweFI+wFoj9pMwzeZ3z rzHN+tQcL1NiRVPitl6PFYNSQvjTxpiXkA3yaLq6guj3FSYMa35CLleuHqq1aguQ 9Ggj4FFpdPIl/o+eCWMWewtHKyrlSNWthWhnfNZpFpGT51nh08Hdilw2ve5ArPJo RLxw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1697117274; x=1697203674; bh=CUSBvYsouSKrc joDj1hzMwKLB+GeSQO4jticIXXNzxs=; b=mWTFYR/ca03nTYKMK1Ysxf8hj208T Ud/iicYsU4nSKXsIenXa6gkEdZ06xV76SoIvKY7nmxleQdw84Is/hNx1vFY4Kt4n XDFrpZX4MQfPVui45hQ7ELm4Q/MzXg44l2CP008J4p47EdelpnPPBqPks+2Q9Dcv 7a+AjqFQ2ab/+7pbI+f266Vq9jRmoYhX0icwoKepmsKlpQ9VKPf0H/IOQ6yNuNgc 6GBeEIP7skWb7J2MfG0nTxpgV5rXvIaFLYznG2QRqMoDIvilxMk1cWD4TLixywX1 lSvDyVFyV4L3YlIeOJtUoLAA2hv+MJiZwUTKoNuLToDCe+rb2GBgo6wZg==
X-ME-Sender: <xms:WfQnZRhZV3ag-M_499nYAgVQFQIwcDgX89e214Pr3YLhJrXg2y2E6Q> <xme:WfQnZWCbUhdZnZKJpzknHoTjMjy3xXfSlOgY30zdDY_Abi_3RL3pDV-Wux7INecMK XB6c-miI1Y4TZn7XQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedriedtgdehkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvfevufgtsehttd ertderredtnecuhfhrohhmpedftehlvgigrghnuggvrhcuvehlohhuthgvrhdfuceorghl vgigodhivghtfhestghorhgvmhgvmhdrtghomheqnecuggftrfgrthhtvghrnhepveeghe ejueevkeevvdfhheeuudefheegudeutdelleeiteehgeffieettddugfdunecuvehluhhs thgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprghlvgigodhivghtfh estghorhgvmhgvmhdrtghomh
X-ME-Proxy: <xmx:WvQnZRHApJl3oQUDpg0UYqxzrTuxR2j6lxVEuZk6oiiO7xufec3KoA> <xmx:WvQnZWR5RILL6pvWyvHVH881KJpBLwHyEdhuEuRk05yfaC1ysXsYuw> <xmx:WvQnZexLq9jxAouCiziCTb01KzQFhJH3nAM1Eo6Jh7VyU1AaJeXVUA> <xmx:WvQnZTvaytSY-SeG60P7yTSrAPk6TYRh7NtpvYSzFJkv4pVadBE38A>
Feedback-ID: ie3614602:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id DB5DC2A20085; Thu, 12 Oct 2023 09:27:53 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-1019-ged83ad8595-fm-20231002.001-ged83ad85
MIME-Version: 1.0
Message-Id: <e20a8d54-69f3-4db3-b45e-daf9e7b4707d@app.fastmail.com>
In-Reply-To: <CAPt1N1nOuhcK-4m7sjP1PO9KaKKYujoe-2aLuNuxTaHsn38c9A@mail.gmail.com>
References: <169118866241.13601.15936262706231533955@ietfa.amsl.com> <ee7f1fcc-ed24-457e-9fad-0248cd2d7fee@app.fastmail.com> <CAPt1N1kxtBAyAMbp=pwneNJEWUE300CGGQtr0wMdPbdUye7YYA@mail.gmail.com> <65676093-1ec8-4693-af49-79141507b6c3@app.fastmail.com> <CAPt1N1ndBC-yqd9T+08xoenT1stm5c0mP=2b2hWBFtF4VExJxQ@mail.gmail.com> <DU0P190MB197824A5BFCF64175FBF48ECFDCDA@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <CAPt1N1nrGnRbkQ6Tt6ztdsKM5YHfSxz2s7deBxfsnh0EKVkDvA@mail.gmail.com> <c66882fb-3495-4cba-b901-067a230100b0@app.fastmail.com> <CAPt1N1nOuhcK-4m7sjP1PO9KaKKYujoe-2aLuNuxTaHsn38c9A@mail.gmail.com>
Date: Thu, 12 Oct 2023 14:27:32 +0100
From: Alexander Clouter <alex+ietf@coremem.com>
To: Ted Lemon <mellon@fugue.com>
Cc: "dnssd@ietf.org" <dnssd@ietf.org>
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/rTiKKMLYbpvPfYrtIMD4IRiuEFQ>
Subject: Re: [dnssd] I-D Action: draft-ietf-dnssd-srp-23.txt
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2023 13:28:00 -0000

On Thu, 12 Oct 2023, at 13:50, Ted Lemon wrote:
> This is why we require a TCP connection for all non-constrained nodes: that
> gives us a three-way handshake.

Sure, but I am still hung up on Source Validation, but if flogging a dead horse happy to let it rest, after all I only rocked up here at the eleventh hour... :)

I am focusing on the non-constrained hosts and think DNS cookies may be able to help.

If spoofing is considered impractical, which I am starting to think the group has settled on, then I'll grab my coat.

Allowing non-TCP registration, even for full hosts, is only a suggestion.

My concern is expecting the administrator of the registrar to have a given amount of control over the local network may be a big ask.

Implementation wise, DNS cookies may mean less need for various administrative controls such "what is the stub interface" and where meeting the (really low bar) of RPF on the router/host may not be possible.

DNS cookies though in themselves are not a trivial amount of work to implement, less work on one side means of course usually more work elsewhere...a type of work someone may consider not worthwhile.

Cheers