IETF Logo Mail Archive

Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?

Nico Williams <nico@cryptonector.com> Thu, 19 May 2016 16:59 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1338212DAE0 for <kitten@ietfa.amsl.com>; Thu, 19 May 2016 09:59:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IU2motGAzsaQ for <kitten@ietfa.amsl.com>; Thu, 19 May 2016 09:59:23 -0700 (PDT)
Received: from homiemail-a32.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3EEB12DADA for <kitten@ietf.org>; Thu, 19 May 2016 09:59:23 -0700 (PDT)
Received: from homiemail-a32.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a32.g.dreamhost.com (Postfix) with ESMTP id 1B2B1584083; Thu, 19 May 2016 09:59:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=WPQ2PifJdtsj52 4spQOi/dg89TQ=; b=aRyVIEjvvu7xCIuZPZyEy+tAjJ24Fzh8ah6N8DucB0OAiH hDX8rQ2sdGm0pzEIXYsI0n5gYeCbNeUDAeEijutmpiQ1/ECs6mVm+SqzUeDhilTf yLHTXuddFsUtih6xObrOQsswy3YVdyF617fu4luotdo2V/5daAFZTp228ze3s=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a32.g.dreamhost.com (Postfix) with ESMTPSA id 44290584074; Thu, 19 May 2016 09:59:19 -0700 (PDT)
Date: Thu, 19 May 2016 11:59:14 -0500
From: Nico Williams <nico@cryptonector.com>
To: Nathaniel McCallum <npmccallum@redhat.com>
Message-ID: <20160519165913.GD19530@localhost>
References: <1463500163.2432.9.camel@redhat.com> <20160519162545.GB19530@localhost> <1463676437.31173.36.camel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1463676437.31173.36.camel@redhat.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/xTVW1M6czu6RXs5gZS95yDvdQDw>
Cc: kitten@ietf.org
Subject: Re: [kitten] Adoption of draft-mccallum-kitten-krb-service-discovery?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 16:59:25 -0000

On Thu, May 19, 2016 at 12:47:17PM -0400, Nathaniel McCallum wrote:
> Agreed to a URI scheme.
> 
> However, HTTP w/ GET is undefined and only exists in one codebase. It
> also has some real idempotency and space limitation drawbacks.

Idempotency is not an issue (the KDC exchanges are idempotent, with the
sole exception of account lockout on N incorrect passwords, which is and
always has been a very bad idea and which will not be relevant in any
way once we have PAKE), but the URI size limitations are real.

But this is a distraction.  The point is that we have enough options to
express, and that's why we need a URI scheme.

> > - Can you research whether the DNS community at the IETF has
> >   addressed these issues before?
> > 
> >   If they have not, then we'll have to bring this up to them.
> > 
> >   If they have, what was the outcome?  Have conditions in the market
> >   changed?  Should the IETF review these issues again?
> 
> Yes. I'm working on this now. However, I'm less sure that UX designers
> will be keen to back a "generic record" interface. I do think it will
> be possible to get buy-in for URI records.

That seems probable, yes.

> > - Can you ask some DNS hosters to inveigh as to whether they would
> >   be willing to add arbitrary new RR types?  (Presumably with a UI
> >   that requires the user to paste base64-/hex-encoded RDATA.)
> > 
> >   I think this research will be very valuable in reviewing this
> >   document, and perhaps using alternative designs (e.g., defining a
> >   new RR type, or using TXT, or updating RFC7553 and perhaps
> >   promoting it to Proposed Standard).
> 
> I plan to ask some of the providers I know.

Thanks,

Nico
--

v2.23.0 | Report a Bug | By Email