Re: [kitten] Kerberos Service Discovery using DNS
Nico Williams <nico@cryptonector.com> Tue, 10 March 2015 18:29 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 031931A8795 for <kitten@ietfa.amsl.com>; Tue, 10 Mar 2015 11:29:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.044
X-Spam-Level:
X-Spam-Status: No, score=-1.044 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8K0u7ZtqammX for <kitten@ietfa.amsl.com>; Tue, 10 Mar 2015 11:29:33 -0700 (PDT)
Received: from homiemail-a107.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id D8DBF1A87A7 for <kitten@ietf.org>; Tue, 10 Mar 2015 11:29:31 -0700 (PDT)
Received: from homiemail-a107.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a107.g.dreamhost.com (Postfix) with ESMTP id 56C402004F4D4 for <kitten@ietf.org>; Tue, 10 Mar 2015 11:29:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=DqLr2BcjazljHrUomucZ 0qgdn1E=; b=ha5uoOfOb70OKnfV+TDSAcVqx9AdesnVVaLs9OW4+vJ0JGGrTNm1 KRE6hhS3f0KPeoW+6jrGsefDk5PWgEY9bTurCHoIKuIqvlRTdbvu6iwvrr3cFkh4 s8ZBIIaH8Afh4yHWVohBVV2IHiNNquhv7w+S7AWce4b9YyyMqwTx2Ao=
Received: from mail-ig0-f174.google.com (mail-ig0-f174.google.com [209.85.213.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a107.g.dreamhost.com (Postfix) with ESMTPSA id 2D6AF2004F4CA for <kitten@ietf.org>; Tue, 10 Mar 2015 11:29:30 -0700 (PDT)
Received: by igbhn18 with SMTP id hn18so34029365igb.2 for <kitten@ietf.org>; Tue, 10 Mar 2015 11:29:29 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.42.85.82 with SMTP id p18mr36280047icl.58.1426012169052; Tue, 10 Mar 2015 11:29:29 -0700 (PDT)
Received: by 10.64.130.66 with HTTP; Tue, 10 Mar 2015 11:29:28 -0700 (PDT)
In-Reply-To: <1425578271.2715.5.camel@redhat.com>
References: <1425578271.2715.5.camel@redhat.com>
Date: Tue, 10 Mar 2015 13:29:28 -0500
Message-ID: <CAK3OfOiXFk63Q6K2eYB4_1y8dwyVkcyRyThM-p_a1QMROjDOCg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Nathaniel McCallum <npmccallum@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/cdLQrAe82U3IRwO1ucR4CNQZbFo>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Kerberos Service Discovery using DNS
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Mar 2015 18:29:34 -0000
I am in favor of adopting this proposal, or any proposal like it. Using SRV RRs turns out to be somewhat problematic. As we add transports, we add DNS lookups. It'd be nicer to do one lookup, and get all the information. URI RRs allow this, though I'm not sure that URIs are really what we need here (but that's a detail we can discuss after we adopt). Nico --
- Re: [kitten] Kerberos Service Discovery using DNS Petr Spacek
- Re: [kitten] Kerberos Service Discovery using DNS Nathaniel McCallum
- Re: [kitten] Kerberos Service Discovery using DNS Greg Hudson
- Re: [kitten] Kerberos Service Discovery using DNS Petr Spacek
- [kitten] Kerberos Service Discovery using DNS Nathaniel McCallum
- Re: [kitten] Kerberos Service Discovery using DNS Greg Hudson
- Re: [kitten] Kerberos Service Discovery using DNS Nathaniel McCallum
- Re: [kitten] Kerberos Service Discovery using DNS Simo Sorce
- Re: [kitten] Kerberos Service Discovery using DNS Nico Williams
- Re: [kitten] Kerberos Service Discovery using DNS Rick van Rein
- Re: [kitten] Kerberos Service Discovery using DNS Nathaniel McCallum
- Re: [kitten] Kerberos Service Discovery using DNS Rick van Rein
- Re: [kitten] Kerberos Service Discovery using DNS Greg Hudson
- Re: [kitten] Kerberos Service Discovery using DNS Rick van Rein
- Re: [kitten] Kerberos Service Discovery using DNS Viktor Dukhovni
- Re: [kitten] Kerberos Service Discovery using DNS Nathaniel McCallum
- Re: [kitten] Kerberos Service Discovery using DNS Benjamin Kaduk
- Re: [kitten] Kerberos Service Discovery using DNS Benjamin Kaduk
- Re: [kitten] Kerberos Service Discovery using DNS Nathaniel McCallum
- Re: [kitten] Kerberos Service Discovery using DNS Greg Hudson
- Re: [kitten] Kerberos Service Discovery using DNS Benjamin Kaduk
- Re: [kitten] Kerberos Service Discovery using DNS Nathaniel McCallum
- Re: [kitten] Kerberos Service Discovery using DNS Nathaniel McCallum
- Re: [kitten] Kerberos Service Discovery using DNS Jeffrey Altman