Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?
Nico Williams <nico@cryptonector.com> Thu, 19 May 2016 16:25 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F2D912D5E0 for <kitten@ietfa.amsl.com>; Thu, 19 May 2016 09:25:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xeptOJgEBh0z for <kitten@ietfa.amsl.com>; Thu, 19 May 2016 09:25:49 -0700 (PDT)
Received: from homiemail-a54.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC69012D5B9 for <kitten@ietf.org>; Thu, 19 May 2016 09:25:49 -0700 (PDT)
Received: from homiemail-a54.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a54.g.dreamhost.com (Postfix) with ESMTP id 71B2440130600; Thu, 19 May 2016 09:25:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=xb3G7P8B8yP8rt DGG83j9u+J4s4=; b=RNOCXuSi1ibNm7NwWpi6/rYPV7tcNbW3N77c1+4bIyjH6U R2Ku8vmR5AsYDUvcBEJgBz+vYFQHy0h1Q6Oj9efHbHGYAo4+hZutOghWilaRdnUu Yr65UUjpIBIgT9zMOV4PQt6rVqGdadlPaCoYjhYoQXlNUGvtvssMtiWkl6BPM=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a54.g.dreamhost.com (Postfix) with ESMTPSA id C3D464012E6FE; Thu, 19 May 2016 09:25:47 -0700 (PDT)
Date: Thu, 19 May 2016 11:25:46 -0500
From: Nico Williams <nico@cryptonector.com>
To: Nathaniel McCallum <npmccallum@redhat.com>
Message-ID: <20160519162545.GB19530@localhost>
References: <1463500163.2432.9.camel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1463500163.2432.9.camel@redhat.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/PooLuBMOmnj7rkQ4m9ygIxuvx3Q>
Cc: kitten@ietf.org
Subject: Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 16:25:51 -0000
On Tue, May 17, 2016 at 11:49:23AM -0400, Nathaniel McCallum wrote: > https://tools.ietf.org/html/draft-mccallum-kitten-krb-service-discovery > -02 > > I'd like to propose adoption of this draft: > > 1. It is in the scope of the WG. This is an extension to the discovery > methods already defined in RFC 4120. > > 2. It is beneficial. It provides both speed improvments and additional > functionality (discovery of MS-KKDCP proxies). > > 3. It is small. It avoids defining new: DNS names, DNS semantics, URIs, > or transport semantics. It simply combines the existing tools in a > fairly obvious way. > > Thoughts? - If we use the URI RR type (and maybe even if we don't), we'll need a krbtgt URI scheme, as we have four different options to express, including two over HTTP: raw over TCP, raw over UDP, HTTP w/ POST, HTTP w/ GET. - We should find out why RFC7553 ended up being Informational. There may be some important lessons in that. - Perhaps we should have our own RR type. In principle it's easy to add them, but: - You've mentioned that many DNS hosters don't have UIs or support for URI RRs. This needs more research. If adding support for new RR types is impossible because of this, then the DNS community at the IETF should be asked to address this, and we might need to use TXT RRs instead. Using TXT RRs is frowned upon, and we'd never get an RFC on the Standards track using them today, but if the DNS community confirms that adding new RR types is much harder than previously thought, then TXT RRs will have to become the DNS extension mechanism to use instead of new RR types. Ideally we could get the DNS hosters to support arbitrary RR types. Yes, there is also a UI issue (see below), but it's manageable. - If new RR types are the answer, then the DNS community needs to do something about UIs. For example, there could be an XML schema defining RR types' RDATA contents and UI elements. Then implementors could automatically translate those to code to implement UIs for new RR types. - Can you research whether the DNS community at the IETF has addressed these issues before? If they have not, then we'll have to bring this up to them. If they have, what was the outcome? Have conditions in the market changed? Should the IETF review these issues again? - Can you ask some DNS hosters to inveigh as to whether they would be willing to add arbitrary new RR types? (Presumably with a UI that requires the user to paste base64-/hex-encoded RDATA.) I think this research will be very valuable in reviewing this document, and perhaps using alternative designs (e.g., defining a new RR type, or using TXT, or updating RFC7553 and perhaps promoting it to Proposed Standard). - You might want to seek several ADs' input on this early. The DNS issues here seem very real, and dealing with them may require help from the ADs. The WG chairs might help with this. Nico --
- [kitten] Adoption of draft-mccallum-kitten-krb-se… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Jeffrey Altman
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Rick van Rein
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Jeffrey Altman
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Jeffrey Altman
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Benjamin Kaduk
- Re: [kitten] Adoption ofdraft-mccallum-kitten-krb… tom p.
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption ofdraft-mccallum-kitten-krb… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nathaniel McCallum
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Nico Williams
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek
- Re: [kitten] Adoption of draft-mccallum-kitten-kr… Petr Spacek