Re: [dnssd] [dnssd-wg/draft-ietf-dnssd-srp] possible non-compliant KEY RR flags field used for example in Appendix C (Issue #24)
Ted Lemon <mellon@fugue.com> Mon, 04 March 2024 16:14 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: dnssd@ietfa.amsl.com
Delivered-To: dnssd@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0363C14CE33 for <dnssd@ietfa.amsl.com>; Mon, 4 Mar 2024 08:14:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFPf__3BA99C for <dnssd@ietfa.amsl.com>; Mon, 4 Mar 2024 08:13:58 -0800 (PST)
Received: from mail-qv1-xf2d.google.com (mail-qv1-xf2d.google.com [IPv6:2607:f8b0:4864:20::f2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAC7FC14CE30 for <dnssd@ietf.org>; Mon, 4 Mar 2024 08:13:57 -0800 (PST)
Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-68f51ba7043so31792046d6.3 for <dnssd@ietf.org>; Mon, 04 Mar 2024 08:13:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20230601.gappssmtp.com; s=20230601; t=1709568836; x=1710173636; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=DUJ8Qq4frmOCnSoAQa6o5bxQrCwd8Rds62Og0G2ig48=; b=m9Yt8CSAFzQcLxG2KIXhMGEC6IApr4sr5IH6uq2CnV5yydyWqi0lFF0Ph1c5b80trU tqHDRsizRwVw6DskStDuR1R+QawPMl4ynXyCmJ/EMCDzSq6THq1NxMYKbahY391n07NX huyvkCNeplieOaUzLVZf5mT4+MFjY9uhccdnwG8MNE+xndR7MWdYBzOKqkMRDOLVu3iU wtKbuz65qcI7WVEedvGD2J5qxCyg80yzajVHLL75kvRALphj/2BSMwzdrjhso0NZ6stX 3YTJetjEpyv2sJ02r8v6GoFAjSbyKR2QaKSHc5fpbra9Kw95kY0LdbYcQT5Tw+Mz4NyW V5gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709568836; x=1710173636; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DUJ8Qq4frmOCnSoAQa6o5bxQrCwd8Rds62Og0G2ig48=; b=bsPBn0/4Ma/wyqesnP/tf4wtsiQlr++VUc/jzEr07y8QUofxdrta5PB4kKDGfzlB4v dVNV6mrGJv0emMq3dE91CcCcNnYbXaN6S0Ro8Bq7SZCD1L5BZmDHpBV0rMjQAaTzifsY rtfuJXq6nhV8osck3gfNBPXneSgk+D+wFQdKBeYKZhGu8yY0qProrGppLoQtNf+nD6kE o4Fs8L7uANgsKETWX6Mt40smYC+KDk4glk80NNdDRDJ/khFg9ojXCNkzyX22D8diLMCl NZvfAMN7i8h/J1kW5mKJvsSup1ZuV8b0S9Z7uDTMVRXs+WEIcbxx+XmnxIHSb99BbnLc Gh1g==
X-Gm-Message-State: AOJu0Ywx4CV8hDpjRh42OJ+8RY3RD+WQqR4la6dtWQD8tj96j4nLsTjG 36aKvY3aJuYZtNI/k4E5/9H2/EZL5gFdBUracF1B6C6hOzqFQhyaDcxzgB/qaZqGnVGbUpWsy/C Z3c6U+egGXu9BWblS/EKhf8kFp0Ot32IRWLaeK6Hv/Bi8XJD7
X-Google-Smtp-Source: AGHT+IE9uMsiuqCBkitAvhfUkAOcYpxqXZD0obwjOc8ac1QzXuCimknTmKI9V5tLm9kiZwHCEXUfIs5mKwyIWlZgYXY=
X-Received: by 2002:a0c:f30a:0:b0:68f:edbc:5db1 with SMTP id j10-20020a0cf30a000000b0068fedbc5db1mr11089034qvl.42.1709568835697; Mon, 04 Mar 2024 08:13:55 -0800 (PST)
MIME-Version: 1.0
References: <dnssd-wg/draft-ietf-dnssd-srp/issues/24@github.com>
In-Reply-To: <dnssd-wg/draft-ietf-dnssd-srp/issues/24@github.com>
From: Ted Lemon <mellon@fugue.com>
Date: Mon, 04 Mar 2024 11:13:19 -0500
Message-ID: <CAPt1N1n3uwEM_bmP3pd2ZH+p2iVmc+ysjMc6D62Ert9+PVef=g@mail.gmail.com>
To: dnssd <dnssd@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002bd0ca0612d803fa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnssd/sZDxxQtgZ_b_PpljL1RFOTLZUEw>
Subject: Re: [dnssd] [dnssd-wg/draft-ietf-dnssd-srp] possible non-compliant KEY RR flags field used for example in Appendix C (Issue #24)
X-BeenThere: dnssd@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion of extensions to DNS-based service discovery for routed networks." <dnssd.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnssd>, <mailto:dnssd-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnssd/>
List-Post: <mailto:dnssd@ietf.org>
List-Help: <mailto:dnssd-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnssd>, <mailto:dnssd-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 16:14:01 -0000
Alexander Clouter identified in a recent github issue on draft-ietf-dnssd-srp that our support for the KEY RR looks like it's based on RFC2535, but RFC2535 was updated by RFC3445. Unfortunately RFC3445 doesn't explicitly update RFC2931, so we missed this. However, the change is, I think, purely editorial, so should be fine to do at this stage. I've updated the example Alexander cites to change the flags value from 513 to 0, and added text in the requestor and registrar sections of draft-ietf-dnssd-srp pointing to RFC3445's requirement for setting the flags to 0 (requestor) and not checking the flags (registrar). On Sun, Mar 3, 2024 at 5:44 AM Alexander Clouter <notifications@github.com> wrote: > Highlighted on the mailing list > <https://mailarchive.ietf.org/arch/msg/dnssd/tGLWlkxs-6-IWQv6P8h3cMMGOgE/>, > RFC3445 section 4 <https://www.rfc-editor.org/rfc/rfc3445.html#section-4> > states that most of the 'flags' field for the KEY RR should be zero. > > The example in Appendix C does not adhere to this (flags is 513): > > demo KEY 513 3 13 ( > qweEmaaq0FAWok5//ftuQtZgiZoiFSUsm0srWREdywQU > 9dpvtOhrdKWUuPT3uEFF5TZU6B4q1z1I662GdaUwqg== > ); alg = ECDSAP256SHA256 ; key id = 15008 > > It would be helpful to provide advice on what flags value to use > <https://mailarchive.ietf.org/arch/msg/dnssd/RXUiWIRiz71pRmtyeTw3_VEBFcY/>, > the only implementations I am aware of to glean hints from also look to be > non-RFC3445 compliant: > > - mdnsresponder > <https://github.com/Abhayakara/mdnsresponder/blob/d7779d704ef6e4724d0d0fd4a11a91ff9caa4004/ServiceRegistration/towire.c#L410> > - openthread > <https://github.com/openthread/openthread/blob/41526d5de27d451179276dff082eeb138e839445/src/core/net/srp_client.cpp#L1372-L1373> > > My reading of both RFC2535 section 3.1.2 > <https://www.rfc-editor.org/rfc/rfc2535#section-3.1.2> and RFC3445 > section 4 <https://www.rfc-editor.org/rfc/rfc3445.html#section-4>, I > think the flags field should now be simply zero, someone needs to check > my homework though... > > The original KEY RR flags: > > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 > +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ > | A/C | Z | XT| Z | Z | NAMTYP| Z | Z | Z | Z | SIG | > +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ > > The new KEY RR flags: > > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 > +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ > | Z | Z | Z | Z | Z | Z | Z | N | Z | Z | Z | Z | Z | Z | Z | Z | > +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ > > Where the 'zone bit' (N, bit 7) is for this use case (SIG(0)) is zero (0). > > — > Reply to this email directly, view it on GitHub > <https://github.com/dnssd-wg/draft-ietf-dnssd-srp/issues/24>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/AA5USALXWH6CL6HVGD2ZUSLYWL5JZAVCNFSM6AAAAABED3KFRWVHI2DSMVQWIX3LMV43ASLTON2WKOZSGE3DKMRZGY3TEOA> > . > You are receiving this because you are subscribed to this thread.Message > ID: <dnssd-wg/draft-ietf-dnssd-srp/issues/24@github.com> >
- Re: [dnssd] [dnssd-wg/draft-ietf-dnssd-srp] possi… Ted Lemon
- Re: [dnssd] [dnssd-wg/draft-ietf-dnssd-srp] possi… Alexander Clouter