[dnssd] DNSSD: DNS-SD discovery for BRSKI and variations
Toerless Eckert <tte@cs.fau.de> Tue, 22 October 2024 22:41 UTC
Return-Path: <eckert@i4.informatik.uni-erlangen.de>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56033C15107C for <dnssd@ietfa.amsl.com>; Tue, 22 Oct 2024 15:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.655
X-Spam-Level:
X-Spam-Status: No, score=-1.655 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vKSkKhOLO2o2 for <dnssd@ietfa.amsl.com>; Tue, 22 Oct 2024 15:41:08 -0700 (PDT)
Received: from faui40.informatik.uni-erlangen.de (faui40.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6506AC151078 for <dnssd@ietf.org>; Tue, 22 Oct 2024 15:41:07 -0700 (PDT)
Received: from faui48e.informatik.uni-erlangen.de (faui48e.informatik.uni-erlangen.de [IPv6:2001:638:a000:4134::ffff:51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by faui40.informatik.uni-erlangen.de (Postfix) with ESMTPS id 4XY6bN2QxKz1R6qZ for <dnssd@ietf.org>; Wed, 23 Oct 2024 00:41:04 +0200 (CEST)
Received: by faui48e.informatik.uni-erlangen.de (Postfix, from userid 10463) id 4XY6bN1YdCzkxdy; Wed, 23 Oct 2024 00:41:04 +0200 (CEST)
Date: Wed, 23 Oct 2024 00:41:04 +0200
From: Toerless Eckert <tte@cs.fau.de>
To: dnssd@ietf.org
Message-ID: <ZxgqAHVI2sZn98QW@faui48e.informatik.uni-erlangen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Message-ID-Hash: 235RJJFX3KOANK776BXEVY77BWAMZCZ3
X-Message-ID-Hash: 235RJJFX3KOANK776BXEVY77BWAMZCZ3
X-MailFrom: eckert@i4.informatik.uni-erlangen.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnssd.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dnssd] DNSSD: DNS-SD discovery for BRSKI and variations
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/rWqgj_c_ZRT6CTGi7gby1r5FdLQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Owner: <mailto:dnssd-owner@ietf.org>
List-Post: <mailto:dnssd@ietf.org>
List-Subscribe: <mailto:dnssd-join@ietf.org>
List-Unsubscribe: <mailto:dnssd-leave@ietf.org>
Dear DNS-SD WG I was wondering if i could bother you folks in taking a look @ and providing feedback suggestions 4 our ANIMA-WG draft: https://www.ietf.org/archive/id/draft-ietf-anima-brski-discovery-05.html This should have a couple of aspects of general interest to DNS-SD enthusiasts, but also some new concepts. If there is interest, i would be happy to present about it at the IETF121 DNS-SD WG meeting. BRSKI is the IETF ANIMA secure onboarding protocol for devices, where for resilience and automation its highly beneficial to discover onboarding servers (registrars), and in the absence of full routing also proxies for them. If this sounds boring, consider that unfortunately several industry groups have diffeent opinions about protocol details, so we have ended up in a set of variations of the protocol where not necessarily all servers are compatible with all clients. So this draft introduces an extensible method to indicate supported variations so clients can pick the right server. More importantly, proxies can discover all possible variations even future ones and create appropriate proxy announcements. Of course, we want discovery to be fast and resilient, so there is also text about the details how to select the best server based on prio & weight and time out in case it's not responding. And how to optimize this in the face of having to do this as a proxy If that's not annoying enough, then there is also no consensus on what discovery protocol is the best, so we have to support DNS-SD, GRASP and CORE-LF... today, tomorrow may be more, and i really don't want to see specs over specs written for a full matrix, so the draft also attempts to reduce this problem into a cross-discovery mechanism IANA registry, so that we hopefully can easily define extensions mostly only through additional registrations in that registry. Which might also be a concept for other protocols with similar interop issues. If thats' not enough, we also needed to discover client devices (which we call pledges) via DNS-SD by their serial number, so we had to define a scheme by which we do that, which is also described. So, if any of this sounds like an interesting application use of DNS-SD that you'd like to check out as DNS-SD folks, please do so! Cheers Toerless
- [dnssd] DNSSD: DNS-SD discovery for BRSKI and var… Toerless Eckert
- [dnssd] Re: DNSSD: DNS-SD discovery for BRSKI and… Toerless Eckert
- [dnssd] Re: DNSSD: DNS-SD discovery for BRSKI and… Chris Box
- [dnssd] Re: DNSSD: DNS-SD discovery for BRSKI and… Toerless Eckert