Re: [kitten] Draft Action: draft-vanrein-dnstxt-krb1-01
Benjamin Kaduk <kaduk@MIT.EDU> Tue, 16 December 2014 20:03 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 565EC1A8744 for <kitten@ietfa.amsl.com>; Tue, 16 Dec 2014 12:03:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.611
X-Spam-Level:
X-Spam-Status: No, score=-3.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_35=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UKsfahlP3Y-s for <kitten@ietfa.amsl.com>; Tue, 16 Dec 2014 12:03:42 -0800 (PST)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50E2B1ACD8A for <kitten@ietf.org>; Tue, 16 Dec 2014 12:03:38 -0800 (PST)
X-AuditID: 12074425-f798e6d000000d1a-32-54909019af7f
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id FD.C6.03354.91090945; Tue, 16 Dec 2014 15:03:37 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id sBGK3aU6019766; Tue, 16 Dec 2014 15:03:37 -0500
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id sBGK3YHv029509 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 16 Dec 2014 15:03:36 -0500
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id sBGK3YcB029477; Tue, 16 Dec 2014 15:03:34 -0500 (EST)
Date: Tue, 16 Dec 2014 15:03:34 -0500
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Rick van Rein <rick@openfortress.nl>
In-Reply-To: <8338B5E2-26C7-45E4-BC0D-423ECBC258A7@openfortress.nl>
Message-ID: <alpine.GSO.1.10.1412161502070.23489@multics.mit.edu>
References: <5C562C9B-4421-4CB1-9F5D-E354AE2C0104@openfortress.nl> <alpine.GSO.1.10.1412091708280.23489@multics.mit.edu> <8338B5E2-26C7-45E4-BC0D-423ECBC258A7@openfortress.nl>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="-559023410-658937764-1418760214=:23489"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmphleLIzCtJLcpLzFFi42IRYrdT15WcMCHEYEKzsMXRzatYLJ6+usfm wOSxZMlPJo8N/5rYApiiuGxSUnMyy1KL9O0SuDLWfVzAVPBPomL2uunsDYyvhbsYOTkkBEwk zvyYwgJhi0lcuLeeDcQWEljMJDFpfkAXIxeQvZFRYu+ct+wQziEmiZPH5jFDVDUwSkyeFg1i swhoS1w6/hGsm01ARWLmm41gtoiAhsTnX1PBbGYBYYn152aA9QoLOEicXbAKzOYUcJY4/hek noODV8BR4sG1Uohd6xklvnY8ZQWpERXQkVi9H+JSXgFBiZMzn7BAzAyQWHZ1AfMERsFZSFKz kKQgbHWJxgdn2SBsbYn7N9vYFjCyrGKUTcmt0s1NzMwpTk3WLU5OzMtLLdK10MvNLNFLTSnd xAgObBfVHYwTDikdYhTgYFTi4Q0o7A8RYk0sK67MPcQoycGkJMq7oGdCiBBfUn5KZUZicUZ8 UWlOavEhRgkOZiURXuZGoBxvSmJlVWpRPkxKmoNFSZx30w++ECGB9MSS1OzU1ILUIpisDAeH kgTv3D6gRsGi1PTUirTMnBKENBMHJ8hwHqDhP3tBhhcXJOYWZ6ZD5E8xKkqJ8wb0AyUEQBIZ pXlwvbDE84pRHOgVYV4rkCoeYNKC634FNJgJaPDkz/0gg0sSEVJSDYxMXy+HO9wwNTvRyPOS j/Xqw+mcwRVPKyPE25Kc5sdEtRj9unR/14ZFLLIzuQ27636uX/XpsPkbDvvYF/scr8S9VNXq Mbh2Tr14w3XvSUEd5yY0ijn0ztUULnsvfzd7z5VfPV0fZWKvL29btlOgf/YTaxXpg91q1o9z crn65xpmH4w8e+np3TIlluKMREMt5qLiRACny+fYFwMAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/bvMFuhOfoTzeCvlC_MAJ8tnDh0g
Cc: kitten@ietf.org
Subject: Re: [kitten] Draft Action: draft-vanrein-dnstxt-krb1-01
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Dec 2014 20:03:49 -0000
On Tue, 16 Dec 2014, Rick van Rein wrote: > Hi Benjamin, > > > I did a fairly quick read and did not spend a whole lot of time trying to > > process everything. > > Thanks, and sorry for the late reply. It’s that time of year that everything must be finished. Understood. > > The utility of the concept of a "Home Record" (and related) is not clear > > to me. It seems the document could be shorter if it didn't bother with a > > distinction, and I'm not sure what would be lost if it did. This is not > > to say "you should remove them", but if you want to keep them, please help > > the reader understand why they are there :) > > OK. Since I’m following the suggestion to define general tag=value setups, > and subsequently proposed an IANA register for tags, I felt a need to > separate these two classes of records. > > The idea is a security matter; and should perhaps be explained better. > > A record for EXAMPLE.COM situated at example.com has more right > to speak about the realm than a record for EXAMPLE.COM situated > under example.org. The first is a “home” record, the second would be > a mere reference. In the second case, when an application needs info > from a "home tag”, it would first resolve example.org to point to the > EXAMPLE.COM realm, then lookup the home record under example.com > and from there harvest the additional tag value. > > The general idea being that a “home record” is DNSSEC-signed to be > authoritative for the realm, which is not true for a mere reference. > > Does that help? That does help, yes. > I am not actually using this distinction in the document, so it is purely for > the sake of the general registry and possible future expansion that it > enables. I do not believe that it is valid to remove the home record > distinction without also removing the registry of tags. > > Whether putting up a registry is useful for future expansion, or merely > added administrative minutia is open for dicussion as far as I’m concerned. > There is definately something to gain from sticking to a fixed set of tags: > simpler syntax, simpler parsing and simpler processing. > > > The general structure seems like a reasonable chunk to bite off at once, > > handling a bit more than just realm names, and providing a reasonable > > mechanism for future extension. > > Glad you like that. Have I convinced you that future tags might be > specific for references, and/or specific for home records? I don't think you have quite convinced me, but neither do I remain unconvinced. I would need to think about it for longer than I can right now (and it's unclear that the issue is important enough for me to spend that time in the near future). -Ben
- [kitten] Draft Action: draft-vanrein-dnstxt-krb1-… Rick van Rein
- Re: [kitten] Draft Action: draft-vanrein-dnstxt-k… Benjamin Kaduk
- Re: [kitten] Draft Action: draft-vanrein-dnstxt-k… Rick van Rein
- Re: [kitten] Draft Action: draft-vanrein-dnstxt-k… Benjamin Kaduk