IETF Logo Mail Archive

Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?

Jeffrey Altman <jaltman@secure-endpoints.com> Wed, 18 May 2016 00:36 UTC

Return-Path: <prvs=194665a7e1=jaltman@secure-endpoints.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8428412D54A for <kitten@ietfa.amsl.com>; Tue, 17 May 2016 17:36:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.79
X-Spam-Level:
X-Spam-Status: No, score=-1.79 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=secure-endpoints.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DklOKlRJ3qhR for <kitten@ietfa.amsl.com>; Tue, 17 May 2016 17:36:33 -0700 (PDT)
Received: from sequoia-grove.secure-endpoints.com (sequoia-grove.ad.secure-endpoints.com [208.125.0.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F4BA12D543 for <kitten@ietf.org>; Tue, 17 May 2016 17:36:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=secure-endpoints.com; s=MDaemon; t=1463531770; x=1464136570; i=jaltman@secure-endpoints.com; q=dns/txt; h=VBR-Info:Subject:To: References:From:Openpgp:Organization:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; bh=MIICBqaYoRzA6Qv6xvQJVK UFtpx/vXIBbOWQ5TXYsDg=; b=FI8PheDJBpm7MKibCfdRX/HlDpwiJKxaQb5zVJ JHY491brPD004RNdOBvKH4E+Gqb3a08F0/kxZD6ahtJRXVmHBpiehR+ws4Vhv0oD gPu3F0feRd9fQVdyzLd4DDtHk0jxGKINXTzAUu57AQ4wdp3RHXxoGOzP+8AAmEio Akgzo=
X-MDAV-Result: clean
X-MDAV-Processed: sequoia-grove.secure-endpoints.com, Tue, 17 May 2016 20:36:10 -0400
X-Spam-Processed: sequoia-grove.secure-endpoints.com, Tue, 17 May 2016 20:36:10 -0400
Received: from [x.x.x.x] by secure-endpoints.com (Cipher TLSv1:AES-SHA:256) (MDaemon PRO v16.0.2) with ESMTPSA id md50001089700.msg for <kitten@ietf.org>; Tue, 17 May 2016 20:36:07 -0400
VBR-Info: md=secure-endpoints.com; mc=all; mv=vbr.emailcertification.org;
X-MDArrival-Date: Tue, 17 May 2016 20:36:07 -0400
X-Authenticated-Sender: jaltman@secure-endpoints.com
X-Return-Path: prvs=194665a7e1=jaltman@secure-endpoints.com
X-Envelope-From: jaltman@secure-endpoints.com
X-MDaemon-Deliver-To: kitten@ietf.org
To: Nathaniel McCallum <npmccallum@redhat.com>, kitten@ietf.org
References: <1463500163.2432.9.camel@redhat.com> <54c900f2-399c-0ff0-c292-91baba495a21@secure-endpoints.com> <1463517801.2432.24.camel@redhat.com> <490bd7aa-81ca-9199-6687-222bb65caddf@secure-endpoints.com> <1463520360.2432.46.camel@redhat.com>
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Openpgp: id=FA444AF197F449B24CF3E699F77A735592B69A04; url=http://pgp.mit.edu
Organization: Secure Endpoints Inc.
Message-ID: <3911bb56-b9a1-a5e5-cc6c-c742f779536c@secure-endpoints.com>
Date: Tue, 17 May 2016 20:36:04 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <1463520360.2432.46.camel@redhat.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms090702010905040801050806"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/dU3aPzru_X70mloQIMqUOn0uEEY>
Subject: Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2016 00:36:34 -0000

On 5/17/2016 5:26 PM, Nathaniel McCallum wrote:
>
> I've described a reason why a URI record lookup is requied for MS-
> KKDCP. However, I've also described a system which presents a 50%
> reduction in DNS lookups. I don't see any reason to neglect this second
> feature.

And when the DNS URI record is not published or cannot be queried the
Kerberos library will have a 50% increase in the number of DNS lookups.
Not only does the library have to query for DNS URI but it still must
query for the DNS SRV records.

I will also point out that a large number of the DNS hosting providers
do not support URI records and many of the DNS proxy servers do not
support them either.   As a result there is no ability for DNS URI
records to be published and the queries are will be blocked.

Sincerely,

Jeffrey Altman

v2.23.0 | Report a Bug | By Email