IETF Logo Mail Archive

Re: [kitten] Kerberos Service Discovery using DNS

Nico Williams <nico@cryptonector.com> Tue, 10 March 2015 18:29 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 031931A8795 for <kitten@ietfa.amsl.com>; Tue, 10 Mar 2015 11:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8K0u7ZtqammX for <kitten@ietfa.amsl.com>; Tue, 10 Mar 2015 11:29:33 -0700 (PDT)
Received: from homiemail-a107.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id D8DBF1A87A7 for <kitten@ietf.org>; Tue, 10 Mar 2015 11:29:31 -0700 (PDT)
Received: from homiemail-a107.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a107.g.dreamhost.com (Postfix) with ESMTP id 56C402004F4D4 for <kitten@ietf.org>; Tue, 10 Mar 2015 11:29:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=DqLr2BcjazljHrUomucZ 0qgdn1E=; b=ha5uoOfOb70OKnfV+TDSAcVqx9AdesnVVaLs9OW4+vJ0JGGrTNm1 KRE6hhS3f0KPeoW+6jrGsefDk5PWgEY9bTurCHoIKuIqvlRTdbvu6iwvrr3cFkh4 s8ZBIIaH8Afh4yHWVohBVV2IHiNNquhv7w+S7AWce4b9YyyMqwTx2Ao=
Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a107.g.dreamhost.com (Postfix) with ESMTPSA id 2D6AF2004F4CA for <kitten@ietf.org>; Tue, 10 Mar 2015 11:29:30 -0700 (PDT)
Received: by igbhn18 with SMTP id hn18so34029365igb.2 for <kitten@ietf.org>; Tue, 10 Mar 2015 11:29:29 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.42.85.82 with SMTP id p18mr36280047icl.58.1426012169052; Tue, 10 Mar 2015 11:29:29 -0700 (PDT)
Received: by 10.64.130.66 with HTTP; Tue, 10 Mar 2015 11:29:28 -0700 (PDT)
In-Reply-To: <1425578271.2715.5.camel@redhat.com>
References: <1425578271.2715.5.camel@redhat.com>
Date: Tue, 10 Mar 2015 13:29:28 -0500
Message-ID: <CAK3OfOiXFk63Q6K2eYB4_1y8dwyVkcyRyThM-p_a1QMROjDOCg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Nathaniel McCallum <npmccallum@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/cdLQrAe82U3IRwO1ucR4CNQZbFo>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Kerberos Service Discovery using DNS
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 18:29:34 -0000

I am in favor of adopting this proposal, or any proposal like it.

Using SRV RRs turns out to be somewhat problematic.  As we add
transports, we add DNS lookups.  It'd be nicer to do one lookup, and
get all the information.  URI RRs allow this, though I'm not sure that
URIs are really what we need here (but that's a detail we can discuss
after we adopt).

Nico
--

v2.23.0 | Report a Bug | By Email