Re: [Geopriv] LIS discovery implementation thoughts
"Richard L. Barnes" <rbarnes@bbn.com> Tue, 25 January 2011 02:52 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: geopriv@core3.amsl.com
Delivered-To: geopriv@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 366873A6A16 for <geopriv@core3.amsl.com>; Mon, 24 Jan 2011 18:52:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.496
X-Spam-Level:
X-Spam-Status: No, score=-102.496 tagged_above=-999 required=5 tests=[AWL=0.103, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uXK12Zfw4kFY for <geopriv@core3.amsl.com>; Mon, 24 Jan 2011 18:52:03 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id E28923A6A0E for <geopriv@ietf.org>; Mon, 24 Jan 2011 18:52:02 -0800 (PST)
Received: from [128.89.255.108] (port=55037 helo=[192.168.1.16]) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.71 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1PhZ3a-000O9y-CQ; Mon, 24 Jan 2011 21:54:58 -0500
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: "Richard L. Barnes" <rbarnes@bbn.com>
In-Reply-To: <8B0A9FCBB9832F43971E38010638454F03FEA148D3@SISPE7MB1.commscope.com>
Date: Mon, 24 Jan 2011 21:54:54 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <AC7C2EEB-EDA1-4A61-9C89-B2A1FB6BD0E0@bbn.com>
References: <E969A511-E6D1-4437-829D-8A08437431DD@bbn.com> <5125204A-95F5-42E3-9EE5-DEAC5F3273A1@bbn.com> <8B0A9FCBB9832F43971E38010638454F03FEA148D3@SISPE7MB1.commscope.com>
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
X-Mailer: Apple Mail (2.1082)
Cc: "geopriv@ietf.org" <geopriv@ietf.org>
Subject: Re: [Geopriv] LIS discovery implementation thoughts
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/geopriv>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2011 02:52:04 -0000
I'm assuming you mean the authentication against the input to the U-NAPTR process?
The way we have things structured, we have separate modules that communicate via pub/sub:
measurements ---+
+--> held --> zeus-locator [== application API]
lis-discovery ---+
(DHCP location is parallel to the HELD module, and also feeds the application API.)
The messages that the the lis-discovery module emits are of the form:
struct LisDiscoveryInfo {
std::string lisUri;
std::string domain;
}
So:
1. We could in principle do authentication against the input to U-NAPTR -- if it's supported by the underlying HTTP library. Right now, we're using libcurl, which does not support changes to the name that it authenticates.
2. At the same time, it would be awkward for the lis-discovery module to do HELD requests required to "verify that the LIS is able to provide location information". It's not impossible (there's actually a separate HeldRequest object (think like XMLHttpRequest) that could be used), but it would feel kind of like a circular dependency.
--Richard
On Jan 24, 2011, at 7:43 PM, Thomson, Martin wrote:
> What are your thoughts on the server authentication requirements? Or is that another part of the validation that you aren't performing?
>
> I have to commend the approach you are using. I always hoped that this is how discovery would be implemented.
>
> --Martin
>
> On 2011-01-14 at 15:47:58, Richard L. Barnes wrote:
>> One additional note: Our client is not technically compliant with RFC
>> 5986, since it doesn't validate the URI with a HELD request:
>> "
>> A Device that discovers a LIS URI MUST attempt to verify that the
>> LIS
>> is able to provide location information. For the HELD protocol, the
>> Device verifies the URI by making a location request to the LIS.
>> "
>>
>> --Richard
>>
>>
>> On Jan 13, 2011, at 11:45 PM, Richard L. Barnes wrote:
>>
>>> Hey all,
>>>
>>> Just wanted to share some impressions of the LIS discovery process,
>> including NAT traversal, based on our experience implementing this
>> function in the igtk project [1]. (Note: The techniques here haven't
>> yet been merged into the sourceforge version.)
>>>
>>> The basic flow-chart in RFC 5986 is pretty easy to implement,
>> although it wasn't really clear what to do for step (3), "Check URI",
>> beyond verifying that it's a well-formed URI. In pseudo-code, we ended
>> up with something like this:
>>>
>>> foreach (NetworkInterface iface) {
>>> DomainIterator it(iface);
>>> while (it.hasNext()) {
>>> string lisUri = performDdds(it.next());
>>> if (valid(lisUri)) { return lisUri; }
>>> }
>>> }
>>>
>>> Here the DomainIterator supplies the following domains, if they are
>> available:
>>> 1. Option 213 [NB: Not DHCPv6 capable]
>>> 2. Option 15
>>>
>>> The DomainIterator construct also allows us to easily extend the
>> process to support NAT traversal. If neither of the above options
>> works, the DomainIterator looks at the IP address for the interface,
>> and if it's private (any of the IANA reserved ranges [2]), then it does
>> a STUN request to find a public address. Using either the interface
>> address or the STUN address, it then provides the following domains:
>>> 3. The reverse domain
>>> 4. The reverse domain with the first label dropped
>>> 5. The reverse domain with the first two labels dropped
>>>
>>> The entire LIS discovery service, which listens for network interface
>> changes and emits alerts when it finds a new LIS URI, required 584
>> lines of C++. A very basic STUN client was another 293.
>>>
>>> So in a nutshell, extending a client from RFC 5986 to draft-thomson-
>> geopriv-res-gw-lis-discovery was pretty trivial, just a matter of
>> adding a few domains to the search list. We hope to have the code
>> posted to the igtk site soon; if you're interested in an advance copy,
>> let me know and I can send you an interim snapshot.
>>>
>>> --Richard
>>>
>>>
>>> [1] <http://igtk.sourceforge.net/>
>>> [2] <http://www.iana.org/assignments/ipv4-address-space/ipv4-address-
>> space.xml>
>>> _______________________________________________
>>> Geopriv mailing list
>>> Geopriv@ietf.org
>>> https://www.ietf.org/mailman/listinfo/geopriv
>>
>> _______________________________________________
>> Geopriv mailing list
>> Geopriv@ietf.org
>> https://www.ietf.org/mailman/listinfo/geopriv
>
>
- [Geopriv] LIS discovery implementation thoughts Richard L. Barnes
- Re: [Geopriv] LIS discovery implementation though… Richard L. Barnes
- Re: [Geopriv] LIS discovery implementation though… Thomson, Martin
- Re: [Geopriv] LIS discovery implementation though… Richard L. Barnes