Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?
Jeffrey Altman <jaltman@secure-endpoints.com> Tue, 17 May 2016 16:25 UTC
Return-Path: <prvs=1945b5244a=jaltman@secure-endpoints.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D699412D707 for <kitten@ietfa.amsl.com>; Tue, 17 May 2016 09:25:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.79
X-Spam-Level:
X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=secure-endpoints.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KoxzLiZ8rlj7 for <kitten@ietfa.amsl.com>; Tue, 17 May 2016 09:25:38 -0700 (PDT)
Received: from sequoia-grove.secure-endpoints.com (sequoia-grove.ad.secure-endpoints.com [208.125.0.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C35B12D6FC for <kitten@ietf.org>; Tue, 17 May 2016 09:25:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=secure-endpoints.com; s=MDaemon; t=1463502315; x=1464107115; i=jaltman@secure-endpoints.com; q=dns/txt; h=VBR-Info:Subject:To: References:From:Openpgp:Organization:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; bh=pltK8rt4hNfGd4msidAWgn rX9Osoe6ueU+lb9sCRgaI=; b=a6NFE3+ZaRClxTP01fTwmo2SCkeRuokp3sOFH0 p7il53i7PGGz15p0OeDC3dKBJWX4+6E3h/rBrClPO33d4T78ePW9u42JEfs7dGAY M4lvMaT8Mn8Z9NrSDeSOoLLrGb+AfST7uMTDb6QYt1OWBVFqlKjKxVsVXcFJntq2 5gWJ0=
X-MDAV-Result: clean
X-MDAV-Processed: sequoia-grove.secure-endpoints.com, Tue, 17 May 2016 12:25:15 -0400
X-Spam-Processed: sequoia-grove.secure-endpoints.com, Tue, 17 May 2016 12:25:15 -0400
Received: from [x.x.x.x] by secure-endpoints.com (Cipher TLSv1:AES-SHA:256) (MDaemon PRO v16.0.2) with ESMTPSA id md50001089424.msg for <kitten@ietf.org>; Tue, 17 May 2016 12:25:14 -0400
VBR-Info: md=secure-endpoints.com; mc=all; mv=vbr.emailcertification.org;
X-MDRemoteIP: 208.125.0.246
X-MDArrival-Date: Tue, 17 May 2016 12:25:14 -0400
X-Authenticated-Sender: jaltman@secure-endpoints.com
X-Return-Path: prvs=1945b5244a=jaltman@secure-endpoints.com
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kitten@ietf.org
To: kitten@ietf.org
References: <1463500163.2432.9.camel@redhat.com>
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Openpgp: id=FA444AF197F449B24CF3E699F77A735592B69A04; url=http://pgp.mit.edu
Organization: Secure Endpoints Inc.
Message-ID: <54c900f2-399c-0ff0-c292-91baba495a21@secure-endpoints.com>
Date: Tue, 17 May 2016 12:25:10 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <1463500163.2432.9.camel@redhat.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms030508040400040104020901"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/7-JHZAK-sXJ3n7_zgB47WUcB6Z0>
Subject: Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2016 16:25:40 -0000
On 5/17/2016 11:49 AM, Nathaniel McCallum wrote: > https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discovery > -02 > > I'd like to propose adoption of this draft: > > 1. It is in the scope of the WG. This is an extension to the discovery > methods already defined in RFC 4120. > > 2. It is beneficial. It provides both speed improvments and additional > functionality (discovery of MS-KKDCP proxies). > > 3. It is small. It avoids defining new: DNS names, DNS semantics, URIs, > or transport semantics. It simply combines the existing tools in a > fairly obvious way. > > Thoughts? > Having read the draft I am totally unclear how it is implemented. _kerberos.REALM is not a valid DNS URI record name. To translate the URI https://host[:port][path] to an URI record requires _kerberos._https.host not _kerberos.host DNS URI records according to RFC 7553 work just like DNS SRV records in that they require both a service name and a protocol name. Switching to URI records does not solve the problem of multiple DNS queries. To find a KDC that supports https, use the DNS SRV record _kerberos._https.REALM registering additional service types such as "kpasswd" can be done but the fact is implementations such as Heimdal already perform SRV lookups for _kpasswd,_tcp.REALM and _kpasswd._udp.REALM Can you make a case for something that DNS URI records provides that DNS SRV records do not? The introduction of DNS URI records will only mean that in practice that Kerberos client libraries will need to issue the DNS URI queries in addition to the existing DNS SRV records. Jeffrey Altman
- [kitten] Adoption of draft-mccallum-kitten-krb-se… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Jeffrey Altman
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Rick van Rein
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Jeffrey Altman
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Jeffrey Altman
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Benjamin Kaduk
- Re: [kitten] Adoption ofdraft-mccallum-kitten-krb… tom p.
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption ofdraft-mccallum-kitten-krb… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek