[nbs] Name->Locator validation. (Was: Re: A suggestion for an "on-demand API".)

Javier Ubillos <jav@sics.se> Tue, 21 December 2010 16:00 UTC

Return-Path: <jav@sics.se>
X-Original-To: nbs@core3.amsl.com
Delivered-To: nbs@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 353CF3A6B29 for <nbs@core3.amsl.com>; Tue, 21 Dec 2010 08:00:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.944
X-Spam-Status: No, score=-1.944 tagged_above=-999 required=5 tests=[AWL=0.305, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id f63oZFMssZUT for <nbs@core3.amsl.com>; Tue, 21 Dec 2010 08:00:55 -0800 (PST)
Received: from letter.sics.se (letter.sics.se []) by core3.amsl.com (Postfix) with ESMTP id 2DD813A6B08 for <nbs@ietf.org>; Tue, 21 Dec 2010 08:00:55 -0800 (PST)
Received: from [] (bit.sics.se []) (Authenticated sender: jav@sics.se) by letter.sics.se (Postfix) with ESMTPSA id F15A540103; Tue, 21 Dec 2010 17:02:45 +0100 (CET)
From: Javier Ubillos <jav@sics.se>
To: sowmini.varadhan@oracle.com
In-Reply-To: <20101217231322.GB20694@quasimodo.us.oracle.com>
References: <20101214144734.GC12378@quasimodo.us.oracle.com> <1292401029.4804.30.camel@bit> <20101215154556.GE16665@quasimodo.us.oracle.com> <1292500103.4804.1313.camel@bit> <20101217231322.GB20694@quasimodo.us.oracle.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-fym32nZY16FmVcDfINmA"
Date: Tue, 21 Dec 2010 17:02:34 +0100
Message-ID: <1292947354.4804.8395.camel@bit>
Mime-Version: 1.0
X-Mailer: Evolution 2.28.3
Cc: nbs@ietf.org, christian.vogt@ericsson.com
Subject: [nbs] Name->Locator validation. (Was: Re: A suggestion for an "on-demand API".)
X-BeenThere: nbs@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Name based sockets discussion list <nbs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nbs>, <mailto:nbs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nbs>
List-Post: <mailto:nbs@ietf.org>
List-Help: <mailto:nbs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nbs>, <mailto:nbs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Dec 2010 16:00:56 -0000

On Fri, 2010-12-17 at 18:13 -0500, sowmini.varadhan@oracle.com wrote:
> > I don't think names should be re-verified. However, if there would
> be a
> > reason for doing this, it could either be triggered/configured by
> the
> > application or be a default for whichever name-resolution mecanism
> one
> > chooses. In the DNS/FQDN case, I don't see why one would need to
> > re-verify the mapping during the session. If it is due to
> impersonation
> If we store name(A)  with IP(A) for a connection what assertion can we
> make about the state of the system at any instant in time: if
> name(A) and IP(A) diverge, how does one make sense of the 
> observed internal state?
> Stepping back a bit, in your original mail, you had said:
> > At IETF79, at some point after the name-based sockets BoF.
> > Together with Erik Nordmark and Christian Vogt, we sat down,
> discussed a
> > bit about name-oriented APIs and gravitated towards this idea:
> > The cost for behavior and an API should be incremental and optional,
> in
> > the sense that; you should only pay the price for a feature if you
> > really want to have it.
> > E.g.
> > * A web-server only requires a session-handle, the web-server will
> reply
> > to any-one initiating a session. No "extras" are asked for.
> >
> > * Some other application might require authenticity of name->IP
> binding,
> > and is also prepared to pay the cost for that authenticity
> (typically a
> > round-trip).
> I'd interpret that as 
> - a vanilla version of AF_NAME would just move the DNS and addr
>   resolution (currently done in user space, to obtain the addrs needed
>   for setting up AF_INET[6] sockets) under the hood (i.e., behind the
>   socket(..AF_NAME) implementation)
> - if the application desires, the API should allow the socket
>   end-points to exchange names and do any authentication needed, but
>   afaict this can only be done after any intial connection
>   setup/validation etc steps have been completed. Also, it seems to me
>   that if we associate a name with any connection, that name must
> also 
>   be tied to a "last verified timestamp" of some sort, in order for it
>   to be meaningful- that would allow then applications to decide the 
>   when/where/how-often of authentication.  Does that make sense?
> --Sowmini 

I think this is a very sensible idea.

The basic question is, is it enough with the name->locator binding being
OK in the beginning of the connection or must it be valid throughout the

Having a "last verified time-stamp" makes it very explicit that the
name->locator binding was valid at that given point in time.

This leaves it open for a continual polling to the nameing system if
that is what is required by that nameing system and the application.

It also leaves it open to the application to decide whether or not it is
OK to have a valid name->locator binding at the beginning of the
connection or not.

// Javier