IETF Logo Mail Archive

Re: [port-srv-reg] "xmp" service type and the unified IANA Service Name and Port Number Registry

Joe Touch <touch@isi.edu> Fri, 26 August 2011 05:39 UTC

Return-Path: <touch@isi.edu>
X-Original-To: port-srv-reg@ietfa.amsl.com
Delivered-To: port-srv-reg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2818421F88A0 for <port-srv-reg@ietfa.amsl.com>; Thu, 25 Aug 2011 22:39:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.601
X-Spam-Level:
X-Spam-Status: No, score=-104.601 tagged_above=-999 required=5 tests=[AWL=1.998, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vb25nZ7dJB5p for <port-srv-reg@ietfa.amsl.com>; Thu, 25 Aug 2011 22:39:37 -0700 (PDT)
Received: from boreas.isi.edu (boreas.isi.edu [128.9.160.161]) by ietfa.amsl.com (Postfix) with ESMTP id 9A4BD21F871E for <port-srv-reg@ietf.org>; Thu, 25 Aug 2011 22:39:37 -0700 (PDT)
Received: from [192.168.1.91] (pool-71-105-81-169.lsanca.dsl-w.verizon.net [71.105.81.169]) (authenticated bits=0) by boreas.isi.edu (8.13.8/8.13.8) with ESMTP id p7Q5eTuI021774 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 25 Aug 2011 22:40:38 -0700 (PDT)
Message-ID: <4E5731CD.1020407@isi.edu>
Date: Thu, 25 Aug 2011 22:40:29 -0700
From: Joe Touch <touch@isi.edu>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20110812 Thunderbird/6.0
MIME-Version: 1.0
To: Joe Hildebrand <joe.hildebrand@webex.com>
References: <CA7C879E.F7AE%joe.hildebrand@webex.com>
In-Reply-To: <CA7C879E.F7AE%joe.hildebrand@webex.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: port-srv-reg@ietf.org
Subject: Re: [port-srv-reg] "xmp" service type and the unified IANA Service Name and Port Number Registry
X-BeenThere: port-srv-reg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of updates to service name and transport protocol port registry <port-srv-reg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/port-srv-reg>, <mailto:port-srv-reg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/port-srv-reg>
List-Post: <mailto:port-srv-reg@ietf.org>
List-Help: <mailto:port-srv-reg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/port-srv-reg>, <mailto:port-srv-reg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2011 05:39:38 -0000

On 8/25/2011 10:13 PM, Joe Hildebrand wrote:
> On 8/25/11 7:36 PM, "Joe Touch"<touch@isi.edu>  wrote:
>
>> Many other manufacturers deploy both OS's and network software without
>> Bonjour as well, and yet somehow apps keep running at the same
>> astonishing rate. Is that an indication we don't need SRV records either?
>
> I assume you're being a troll here, since I can't imagine that you don't
> realize that SRV is handy without Bonjour.

Sure, but you need to deploy something like Bonjour. I've been around 
that block a few times, and that's a substantial hurdle outside systems 
for which Bonjour is already installed (unless you want to sign Apple's 
licensing agreement and distribute Bonjour with your code, but that 
hurdle is unacceptable to many too).

To see just how many, take a look at the IANA port assignments, and look 
for UDP services named "-disc". All were asked to use SRV records, and 
all gave detailed reasons why that was not acceptable, most focusing on 
Bonjour licensing and the lack of a suitable alternative.

> In case that wasn't just a rhetorical flourish, look up the XMPP federation
> information for GoogleTalk:
>
> $ dig +short -t SRV _xmpp-server._tcp.gmail.com.
> 5 0 5269 xmpp-server.l.google.com.
> 20 0 5269 alt3.xmpp-server.l.google.com.
> 20 0 5269 alt4.xmpp-server.l.google.com.
> 20 0 5269 alt1.xmpp-server.l.google.com.
> 20 0 5269 alt2.xmpp-server.l.google.com.
>
> It's nice that they're running on a registered port (5269/tcp), so that
> people that want to do XMPP federation can open up a single outbound hole in
> their firewall -- but at no point did we need /etc/services.

Sure - because, *as I said*, you've replaced the /etc/services entries 
with an SRV lookup.

Why is this even in the lookup table, though? By Stuart's argument, 
everyone should be burning 5269 in their code.

>  If we used
> "xmpp-server" instead of 5269,

You just did, above...

> then Google wouldn't be *able* to run their
> servers on a port other than 5269, since 5269 would be set in stone on the
> connecting side, where the admin has no clue about how GoogleTalk needs to
> be deployed.

Services need to be on coordinated port numbers. There are many ways to 
do that coordination - one is SRV records, one is a common 
/etc/services, and one is to burn portions of /etc/services in code. 
However, if /etc/services were used inside an enterprise, the sysadmin 
should be able to move xmpp-services by rewriting that file - that can 
be used inside a common enterprise together with an edge NAT to shift 
services around.

This can be useful when services are shifted to other port numbers due 
to attacks that are based on port number values, FWIW. When it isn't 
defeated by poor coding.

Joe

v2.23.0 | Report a Bug | By Email