Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?

[Nico Williams <nico@cryptonector.com>]

On Fri, May 20, 2016 at 09:37:36AM +0200, Petr Spacek wrote:
> On 17.5.2016 22:43, Nathaniel McCallum wrote:
> > On Tue, 2016-05-17 at 12:25 -0400, Jeffrey Altman wrote:
> >> On 5/17/2016 11:49 AM, Nathaniel McCallum wrote:
> >> Having read the draft I am totally unclear how it is implemented.
> >>
> >>   _kerberos.REALM
> >>
> >> is not a valid DNS URI record name.  To translate the URI
> >>
> >>   https://host[:port][path]
> >>
> >> to an URI record requires
> >>
> >>  _kerberos._https.host
> > 
> > It doesn't actually require this. It just gives examples.

It doesn't have any normative language about it, so I agree.  But
worryingly, section 4.1 says that "[t]he URI owner name is subject to
special conventions."  I wouldn't want to be told late in the game that
this made this section normative!  (It can't, since normative language
is used elsewhere, its non-use here seems clearly definitive to me.)

> More importantly, SRV records did not have any way to specify protocol so
> _proto label was only way to convey the information.
> 
> In contrary, URI can convey information about protocol/scheme and thus
> artificial requirement for _proto label does not make sense.

Yes, this should seem obvious to all.  So why did section 4 even mention
protocols??

> Also, RFC 2782's Applicability Statement clearly states that SRV
> records should be used only for applications which have own RFC
> describing its semantics.
> 
> Considering URI vs. SRV properties mentioned above and the requirement
> for separate RFC, I think that Nathaniel's usage of URI records is
> justified and legal.

Thanks.

I'm in favor of adopting this document and the use of the URI RR type,
with one URI RRset per-realm, not one per-{realm, protocol}, and with a
URI scheme or two by which to express all those things that we need to.

Nico
--