Minutes IETF97: dnssd
minutes-97-dnssd-00

IETF97, Seoul
Thursday November 17th 2017
09:30am - 11:00am local time

Minutes: Ole Troan

Chairs’ Introduction
Slides:
https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-chairs-slides-02.pptx

Tim Wicinski deputising for Ralph.
* Document status
  Nothing to note

* Goals
* Agenda
  No comments

Hybrid Unicast/Multicast DNS-Based Service Discovery, Stuart Cheshire
https://tools.ietf.org/html/draft-ietf-dnssd-hybrid-04
Slides:
https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-hybrid-proxy-00.pdf

Question for the group: Change naming of hybrid proxy?
Suggestion:
    s/Hybrid proxy/Discovery proxy
    and Advertising proxy

Tim Chown: You might call it hybrid discovery proxy?
Comments from room (several): Prefer Discovery proxy.

Chairs: 1) Hum if you want to change to discovery proxy?
        2) Hum if not, or
        3) hum if you want something else.
*All hums in agreement for name change.*

DNS Push Notifications, Stuart Cheshire
https://tools.ietf.org/html/draft-ietf-dnssd-push-09
Slides:
https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-dns-push-00.pdf

No comments.

DNS Session Signalling, Stuart Cheshire
https://tools.ietf.org/html/draft-ietf-dnsop-session-signal-01
Slides:
https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-dns-sd-session-signal-00.pdf

Ray: I would still prefer to have the full DNS header. It was Mark Andrews who
wanted the abbreviated version. Mark Andrews: It depends on what the opcode is
going to do. You need at least 12 or more bytes. Stuart: It makes sense, will
do another round of editing and will go back to the standard 12 byte header.
Mark A: The last 8 bytes can be payload. Stuart: If the payload is too short
you may have to add padding then? Mark A: You only need one TLV it is just
padding either way. Stuart: Wireshark/tcpdump will work as expected if the 8
bytes are the standard header, if we used them for payload they wouldn't. Mark
A: I'd be tempted to have a length field after the 4 first bytes. Stuart: The
TLV has lenght (L), but if 0 length would not meet 8 byte minimum. ... Mark A:
I'm thinking of the sum of TLV length. We can deal with it later. Ray: We got
some ideas on this one. Whatever happens we need a wireshark update. What Mark
said that 12 bytes was minimum was new to me. So we have to take this offline.

Open question 1 (No additional record section) - slide 3
Problem:
    No TSIG
    No EDNS(0)
    No EDNS(0) Padding option for security RFC7830

Opinions on this problem, please discuss on the DNSOP list.
*Question to be resolved on list. Must be resolved before document can proceed.*

Tim C: Interesting to see what other uses will appear when people become aware
of this. To be discussed in DNSO

Sara Dickinson: We have DNS keepalive defined at the moment. Not a great
solution. I see this as completely superceeding this. Rick Taylor: General
danger that you are forking the DNS packet format? Let's make it look like the
rest of DNS. Separate code path... Stuart: I'm hearing broad agreement to use
the standard 12 byte header.

Open question 2 - does every message require a response?

-> No opinions in the room. Must be resolved on the list.

Open question 3 - Change IDLE TIMEOUT to KEEPALIVE INTERVAL?

-> No comment in room

Bernie Volz: Question 2. For the TCP case the reply has to be acked, so you
aren't winning anything of setting a reply. Stuart / Bernie: Discussion.
Bernie: The only benefit if you send a reply back, is that the client could
have a short timeout, cause the client would know it gets a reply. Tim: Carry
on that discussion on the DNSOP list.

Chairs: Stuart has promised a new revision.
Stuart: Umm, yes. I'm working on it. Proxy having some short-comings, e.g.
merging links. Stuart discussing possibly future directions this work could
take.

Ralph Droms (remote): Moving along a spectrum towards a centralized unicast
DNS-SD? Stuart: Yes. Hard to predict. Expected a move to unicast DNS-SD, but
vendors appear OK with mDNS. Lots of things have mDNS support but not a DNS
Update client.

Stuart: On future roadmap. We've been talking about how this technology can be
helful for Apple's new campus. You don't want to discover everything in a large
network. Some sort of sliding window model where I discover where I am, and
discover things close to me. I call it an aggregating proxy. ...

Tim: A similar issue at our campus where we have VLAN pooling implemented on
the Wireless LAN Controllers, so you can be stood next to someone, yet be in a
different subnet. Ralph: Lots of different ways to put these building blocks
together. Tim: We need a guidance document on how to deploy this in an
Enterprise environment. Ralph: The "aggegate proxy" might have some benefits,
possibly being centrally managed. Stuart: Yes, taking it to the its logical
solution, it can be centrally managed in a big iron server. The server could
talk to distributed discovery proxies.

* Open discussion continuing about the possible future of this work*

Tim: The BCP document on enterprise/campus scalable DNS-SD would be useful to
move forward. Rick Taylor: Use case for advertising proxies. Container use
case, where a composite device creates containers for 3rd party devices.

No conclusion.

Privacy Extensions for DNS-SD, Ralph Droms (remote)
https://tools.ietf.org/html/draft-ietf-dnssd-privacy-00
Slides:
https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-dns-sd-privacy-01.pptx

Six people have read the DNS privacy draft and the pairing draft.

Tim: *Discussion on how scaling can be done*. We have agreement from an AD that
someone in the Security Area is going to do a formal review. Henning S(?): It
would require some level of crypto would be recquired to get this right. And
how much pre-configuration would be required. Tim: If both parties want to
communicate this way it is incrementally deployable. The WG need to keep the
that in mind. Ralph: ... You only have to do the set of printers once. It is
incremental. Tim: Described in the pairing document. With the alternative
approaches. Henning S: Can you reuse existing security relationships

Need review.

Device Pairing Using Short Authentication Strings, Ralph Droms (remote)
https://tools.ietf.org/html/draft-ietf-dnssd-pairing-00
Slides:
https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-dns-sd-pairing-protocol-01.pptx

Will also be reviewed in the Security Area.

Stateful Multi-Link DNS Service Discovery, Ted Lemon
https://tools.ietf.org/html/draft-lemon-stateful-dnssd-00
Slides:
https://www.ietf.org/proceedings/97/slides/slides-97-dnssd-stateful-multi-link-dns-based-service-discovery-01.pdf

Stuart C: I agree with you. DNS Update seems like a pain in the arse. It is
very complicated trying to combine all the updates into something that is
efficient. Large precedent to do it over HTTPS.

Tim: Where do we go next on this?

Ted: I think I need to do more homework before the WG takes a serious look at
it. Henning Schulzrinne: Confused what the practical use case is. Ted: The use
case at this point is your device discovers a device inside the home and you
want that device to have the same name outside of the home. I want in my home
to publish services available outside of the home. Henning/Ted: ...discussing
the use case. And vendor implementations / security aspects of publishing it in
the DNS. Stuart: Thanks for doing this Ted it is interesting. It is a good area
to explore. Happy to work with you here.

*Stuart volunteers to work with Ted on the document*.

Discussion: Other drafts, implementations, and next steps, Chairs
- includes recommendations for using the hybrid proxy in campus environments
- noting
https://github.com/pusateri/draft-pusateri-hybridproxy-impl/blob/master/draft-pusateri-dnssd-hyp-impl.txt

Chair reviews where we are with other drafts, milestones and outcomes of today.

Close and summary of actions, Chairs

Chair summarizing actions:
1) The hybrid proxy draft will be submitted to the IESG as the DNS-SD Discovery
proxy.  Stuart Cheshire to update -05. 2) Stuart will produce a new I-D on the
DNS-SD Advertising Proxy 3) The DNS Push draft is close to being ready for
WGLC; chairs to check with authors. 4) Open issues with the DNS Session
Signalling draft will be resolved in dnsop; action on Tim Wicinski (dnsop
co-chair) to push it forward 5) Chairs to ensure SAAG review of both privacy
drafts happen soon; authors to progress work; TLS decision required;
implementation reports expected in IETF98. 6) New draft required on stitching
links together (from naming perspective); of particular interest in homenet
scenario; chairs to solicit authors. 7) Volunteers required to assist Ralph
Droms and Tom Pusateri in producing a -00 of BCP for enterprise/campus
scenarios 8) Chairs to review WG milestones with AD 9) Chairs will provide
shepherd writeup for label interop draft so it can go to the IESG.

Meeting closed at 10:54.