Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Internet Engineering Task Force / 112 / 12 Nov 2021
Internet Engineering Task Force / 112 / 12 Nov 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: IETF112-DNSSD-20211112-1600

Description

DNSSD meeting session at IETF112
2021/11/12 1600

https://datatracker.ietf.org/meeting/112/proceedings/

A

All right folks, remember standards. Work is a contributive process that we all do together and we need volunteers to keep things moving. So it's not a whole lot of work. It's just for one hour. You kind of keep track of the conversation and write it down on a shared document and barbara will help and fill in bits if you missed where. But we need someone to do this.

B

Hi everyone- this is um dnssd, um as hopefully, you've gathered. um So we are currently sending out a call for volunteers to write up some decisions in the notes and we can't proceed until we got one. So please consider volunteering. We promise it won't be too difficult and we'll be eternally grateful.

C

Say this is an excellent way to help you pay attention during the session.

C

Don't know what to say.

A

All right, I'm gonna, start the slides and uh we have one for the minutes and then we'll pause there for the rest of the session until we find someone um okay good morning good afternoon, good evening, good middle of the night everyone and welcome to dns service discovery.

A

um My name is david kanazi and with our co-chairs, barbara stark and chris box we're going to be talking about dns service discovery, let's begin first, the notewell, so all activities during this meeting are subject to the note.

A

Well, this is the last session of the week, so you've probably seen it before, but if you haven't actually read it, you should because contributing here input has uh various various sets of rules in particular in terms of like, if you're aware of patents, uh you are like, you have to disclose them, and also this meeting is covered by the itf code of conduct.

A

uh If you haven't read that I highly encourage you to um in a nutshell, it says, be nice, be kind, be professional and anyone who doesn't follow these. uh You know whether in the chat or on the microphone or on the list will be asked to leave. So we have never had a problem in this working group, but just want to always highlight this um okay. So as as we mentioned, we are looking for a volunteer from the audience to take minutes and we can't start the session without one.

A

So we're just gonna sit here and stare at the empty room until someone volunteers.

D

So if nobody else is willing to take notes, I can at least note what people have told me since it's great for me.

A

Oh go ahead: jonathan.

E

This is jonathan I can. I can help take notes.

A

ah Thank you so much that is extremely appreciated and uh barbara will be there to assist. uh I can take care of jabber scribing because, like with the meet echo chat, that is a very small responsibility anymore, and um so, uh but if you want to say something and you don't like want or don't have a microphone, you can say mick mic colon in the chat and I will repeat what you said for you all right here are some useful links. If you're looking at the pdf later that you can click on.

A

As a reminder, we have a working group, github organization in other working groups. The switch to github has been incredibly useful for tracking comments on documents. I personally really enjoy it, because it's very easy, with email to like forget one of the 12 comments that were sent to one email, whereas if they're issues, it's pretty clear when the issue is still open, that you need to address it, this we're not forcing anyone to use github. It is the responsibility of the editors of a given document to choose if they want to use it or not.

A

uh If they do so wish, please reach out to us and we'll help you set up and give you admin rights and everything.

A

We have some news today, so I'd like to introduce our new co-chair chris box, so thanks chris for stepping up to join dnssd, looking forward to all working together, and the sad news, unfortunately, is that barbara is stepping down at the end of this meeting. So I would, if you're so inclined, please unmute and join me in a round of applause for barbara's three years of service thanks so much barbara. It's been great co-chairing with you.

A

Thank you.

B

And hello everyone, so yes, I'm I'm new, but uh yeah hoping to do what I can to serve. The working group awesome.

A

uh In terms of working group adopted document status, we currently have three documents, so the one that we've had for the longest time is srp. It's. We started working group last call in july, so this one's almost done. um We had a recent round and recent revision, which addressed those comments a few weeks ago and some more comments since then, um so that one seems to be pretty close. We're mainly waiting on you know, authors addressing comments to make progress on them here.

A

We did, however, notice a bit late in the game that that draft had a normative reference on an individual draft which would block publication. So we adopted that individual draft, which is the second item here, the update lease in september- and uh there were so we're right now we're waiting on the on the editors to take into account some comments that were made during the adoption call and then the third one is the advertising proxy document which we adopted.

A

uh We need the editors to reupload that with the draft.etfd and ssd, to make it clear that it's working now a working document and similarly to start addressing the issues that were brought up during adoption in terms of individual drafts. uh We have three uh with uh ted and co-authors from apple.

A

uh The first two at the top on uh replication and discovery of zones were first published, like at the last meeting in a little bit discussed there, and then we have a new one that uh ted just published a few weeks ago, uh and our agenda really flows from this list of documents. We're going to start off with the three that are that are adopted by the working group and then, with the time remaining, the three that are individual drafts.

A

Would anyone like to bash this agenda.

A

Going once going twice done all right: I'm gonna stop presenting and ted you're up. Please stand in the pink box.

A

uh Actually, don't do the share the screen option go to the just to the right of the join queue. You should be asked to share slides.

A

So, on the top left of your screen, you should have a join cue button and like there you go, grant pre-loaded slides and then you can pick like starting off with the srp one.

A

Perfect yeah that uses a lot less bandwidth and gives like a really nice.

D

uh I'm in control.

A

Exactly.

D

That's.

A

Right all right so.

D

Yeah, so uh basically, I think I think dave has already pretty much summed up the current status, uh so we can move right on to the sleep proxy question.

D

uh The issue with the sleep proxy is um this is something that's um it's a it's an mdns feature that that uh I think at least exists in in apple's, mdns implementation, uh possibly and others, um and currently uh relies on mdns updates, and so it seemed like it would make sense to uh use srp since srp is a dns update and all that the problem is that, uh as opposed to all of the other work that's been going on in srp, we really haven't spent much time on the uh the sleep proxy section of the document, and so it's not in very good shape, and that put us in the position where you know.

D

I got some comments on the sleep proxy part of the document, and I basically just couldn't really address them easily, um and my conclusion was: let's take this out of the document and do it in a different document so that we don't hold up the srp work based on the sleep proxy work.

D

Conveniently there is already another document, so um so just a few things about this, uh so reasons for removing it, uh it's not ready to go. uh It's not really the same thing as srp, although it's related, um we have sorry, we have. um We have another document. We could do it in really easily the eds zero owner option is basically the thing that was originally done to document the mdns sleep proxy.

D

So we could just shovel the you know section whatever it is into that document and advance that separately, which I think would make sense, um and then, uh let's see uh yeah so and smaller chunks of work is good and um yeah uh eds zero owner like we might actually want to to be able to put that into into regular dns, not just for advertising proxies. So when I hang up, that means I'm not ready to answer the phone, not that I'm bitter.

D

um So uh sorry, uh and then you know the the argument against it is that there really isn't a whole lot going on on the owner option right now- and I don't know if anybody's gonna do this work. So if we don't do it in the srp document, it may just not happen.

D

I don't think that's a good argument against, but I'm open to the working group commenting on that. So basically, what does the working group think about this? Should we should we keep this around in srp and delay srp or move it into eds zero owner option.

A

Or something else, a clarifying question ted in the options of what to do. You mentioned moving it to another document, and you said. Luckily, we have another document which document were you referring to well.

D

When I say we I mean a document has been has been worked on and uploaded to the tracker. It's not a working group document. um That document is uh draft cheshire, edness, zero owner option um and oh.

A

I see it and it's uh yeah it's expired, but it could be revived right right.

D

Exactly.

A

And it's, I think it's in.

D

It's you know, we would need to revive it anyway if we were going to advance this in srp. So it's not like you know we we might as well we might as well. uh I think we might as well shovel the work in there as well and and finish that as a separate as a separate item, because then it just decouples these two pieces of work.

F

I think the right thing to do is to move this to another document.

F

um We might want to keep owner options separate as a small self-contained thing in its own right, originally ted, and I thought that srp and sleep proxy had sufficient overlap, that it made sense to discuss them in one document, because they're both using dns updates with a lifetime to put data into some server, then does something with it.

F

But um I agree with what ted is proposing now, which is um the sleep proxy work is kind of moribund and it's still potentially useful in the future, but uh tying it to the srp document no longer makes sense. So if we want to pick that up later, we can make a new document for that. It shouldn't hold up srp.

A

So it sounds like uh what uh everyone's or the proposal is like leave it out of this and then bring it in another document either. You know revive that expired one or or a separate one uh at some later date. um If, if someone wants to, uh is there any uh objection to this in the working group or any other stops by the way.

A

All right ted, I think you have your answer.

D

Okay and now the question is ah here: we go so our next topic is the edns zero owner option and I'm getting a big, oh here here we go. Okay, uh sorry, the eds zero update lease option. um So this is this is yeah that there's uh our adrik in the queue.

G

Just wanted to jump in the queue it's kind of impolite, but I just want to be sure. The previous document has been looking good last called right.

A

uh That is correct.

G

And is only such a change deserve another working group last call: oh.

A

Sorry so we are actually we already did that so um that uh sorry, the sleep proxy section was removed in version 11 or 12 during working hoop last call, and when that version was submitted, we extended the working group last call by two weeks and we are in the middle of those two weeks right now. So I should.

G

Have trusted my chairs and my authors. Thank you so much david, no.

A

It's no! No, it's worth double. Checking this and and just and to clarify. I haven't seen any objections to the removal on the list.

D

Kind of the whole point of of bringing this up here is just to make sure that we don't. You know somebody doesn't miss the fact that we're talking about removing this and then later say well so anyway, um so the eds zero uh update lease option. This is basically just like a piece of of plumbing that we need in order to get srp to work. um uh The problem is that, and it's sort of a general problem: it's not just srp when you do a dns update.

D

This adds an owner name and a bunch of ours. You know one or more rr's to um to a dns zone and uh then those just kind of stay there. Unless somebody does something either. You know the client removes it. The administrator removes it or it just sits there.

D

And additionally, you know, as we all know, srp requires a lease because we actually wanted to solve that problem, at least for srp, but it's also the case that other dns updates could benefit from the same functionality.

D

Srp is a specific refinement of dns updates, specifically for doing sort of permissionless advertising using dns updates, and so it's not the only dns update type that exists and- and we might want this for others as well. um So we have this this new option. It's got a lease time in it. um It's actually got two lease times got.

D

One is the lease time for the resource record that you're adding and the other is at least time for a key record, which you might also provide- and this is generally specific to srp, because srp uses the key record plus 60 to authenticate the update and the idea. There is just that the key record is going to allow us to keep ownership of the name. Even if the service being advertised is not hasn't, been renewed and therefore is assumed not to be present.

D

So it's just a way to avoid um uh names being sort of snarfed, just as the service that was advertising. The name is you know away from the network briefly, so um so that's that's the basic idea um and then uh the document is in pretty good shape. I think david mentioned there were some comments. I haven't actually had a chance to to look at the comments, but I don't get the sense that there's anything uh that's likely to be a show stopper.

D

um So uh the question really is um you know right now: we've got some text that talks about dns updates uh and, and so we've got it's there's some protocol, along with the um along with the uh the sort of nuts and bolts of like what the option looks like and what the pieces of it do, and uh that has been somewhat moribund.

D

uh It's kind of it's kind of in stewart's, ballpark and stewart's um uh stewart's up it's it's up to stewart to update that in a sense, but stuart doesn't have a lot of time for doing updates, and so it hasn't been updated. So the question is: can we do that um and then finish the document.

D

So I think the document's ready to read uh my personal feeling is I'd like to make the document as lightweight as possible, but I'm curious to know what the working group thinks about that and whether we can make progress on this quickly. If the working group wants to you know, depending on what the working group decides, so that's kind of that's kind of where it's at I. I guess I didn't actually put this in the slides because it didn't occur to me. But what does that I do?

D

The question of the working group is kind of do we do we want to just like cut out all the fat and progress this quickly or should we really get the uh you know, dns update part of this solid so that we can publish that? I don't think it's a big problem to do the the second. So I'm not I'm not really advocating against that. I'm just saying you know there is some additional work. If we go that route.

A

um Thanks ted, uh so if anyone has opinions on any of these questions, please come to the microphone. Otherwise, I'm thinking of doing a poll to see like where we are in terms of having read it uh peter go ahead.

E

Hello um on this option, do I understand correctly that it would also apply outside of dns sd situations like dhcp leases in a normal bind server or whatever.

D

Yeah, the idea is that if you provide a lease you're you're telling the server you know, if I want this to stay around, I'm going to renew it, so you don't have to take care of that.

D

So it's not required like it's. Not we're not saying all. Dns updates must have this option. We're just.

B

Saying.

D

If this option is present, here's what you do.

E

Right and vendors of servers doing 2136 might expect this feature request at some point, then.

D

Yes, definitely.

E

Okay, please let dns hope no at the right time.

D

Yeah.

E

With lost course, something.

A

Absolutely um our our goal as uh chairs is to um sorry our.

E

Goal.

A

Is chairs is to, uh and we we had a discussion when we first adopted this document between uh all the chairs of the various dns working groups and your corresponding ads, and the conclusion was that we would adopt and progress this document indian ssd, but that the working group last call would be sent to the nsop. Absolutely so that's that's definitely going to happen perfect. Thank you.

F

I can just add a bit more background on this. um The the lease time for dns updates is uh something that is, I believe, generally useful. When dns update was originally defined, uh it was. um It was sort of an alternative to making the edits to a zone file.

F

uh So, instead of editing his own file with uh vi and reloading the name server, you could use the ns update command, but all the edits were permanent. There was sort of an unstated assumption. It was being done by a human and what the update lease does is. It makes it more suitable for machine-to-machine style communication, just like a dxep lease has to be renewed or it goes away automatically.

F

This is it's intentionally modeled like a dhcp lease that the client requests a lifetime. The server can grant that or more or less, and if the client gets unceremoniously disconnected from the network, it prevents stale data from persisting indefinitely.

A

Quick background, uh stuart, uh that's helpful, um so it sounds. Let's see so I have a poll open um if you like either it popped up somewhere on your screen. Otherwise, if you click on the show of hands tool on the top right on whether or not you've people have read this draft and I'm going to end it. It looks like we have nine people who have read the deaf, which is good, um so I would say in terms of next steps.

A

uh I think the responsibility right now is on the authors to address the comments that were raised during adoption published a new revision, mention it to the working group and then see we can have a discussion on there to see if folks like it. If there's not um too much contention, we can then progress the document pretty quickly move on to work group last call which will then trigger review from various other working groups. uh So at that point I ideally perhaps we have that um timed.

A

uh So we can do a few rounds of edits and then have working with last call like during the next atf. So that way, maybe it can be discussed at the end of the dns op meeting there. If, uh if the chairs over there are interested um all right, any other thoughts from folks on the update lease document.

A

Okay, I think ted you can switch gears to advertising proxy.

D

Yeah, so um this document hasn't actually gotten a lot of love in the last. uh You know, since the last ietf um there's been a lot of implementation, work on it, but uh but we haven't had a chance to do much to update the document.

D

um So uh the idea is uh for those who aren't aware the advertising proxy is a way that we can do srp updates uh and then advertise the result of those srp updates using mdns rather than using dns, and the reason for doing that was uh primarily to enable stub networks to advertise services on infrastructure networks. So this stub network being like an iot network. That's just one hop away and doesn't have any transit, but just provides reachability to clients that have different.

D

uh You know 802.15.4 radios or something like that, um and then another uh nice feature of this uh that um uh that comes up is that uh it makes it possible to to sort of eliminate using mdns but still allow, that is to say, eliminate, allow a client to stop using mdns to advertise stuff, but allow clients that do use mdns to still discover the stuff. um So those are kind of the two things the document does.

D

um It's been adopted, I haven't uploaded it yet, as I said it's in pretty good shape, but um there are some issues with name conflicts that we haven't really addressed, um and uh so in fact, you'll notice. There's a new document that I'm proposing the tsr document, which addresses some of the name name conflict issues. The problem is that our model for uh for dealing with name conflicts in mdns is not really oriented towards proxies and I'll talk more about that in the tsr document.

D

But but basically we need to update this document to describe that stuff as well, so that so that it you know, first of all, it needs to have a normative reference to the tsr document and secondly, I think it needs some additional text to talk about how to deal with um with conflicts generally.

D

So um so I think it needs some more work um and uh you know I I would not encourage people to read the document yet, because I think that we need to to do an update and then once that update is done. I really appreciate some reads and reviews.

A

Thank you, ted. I'm gonna. Similarly, do a poll just to get a feel for um who's. Read it um oh well! I guess I forgot to put a title sorry, so this one is: have you read uh this document? uh I don't know where that window went, but you can raise hand to say you've, read this one or or not raise um well, while we're doing that. uh If anyone has any uh questions comments on this document, uh please join the mic line.

A

All right cool, so we have seven folks, who've read it uh nice um esco go ahead.

H

Yeah, I did send my comments by email, so I'm not sure if I'm supposed to reiterate them here, I'm not sure if that has had the time even to to check out these most recent comments.

D

I don't think I did um I'll double check, but uh yeah. I don't think we really need to work on it here. We don't have a. We don't have a lot of time, so it's probably not worth going into it in detail here, but.

E

I'll take.

D

A look at your comments and, as I said, I'm going to update a new document. So so that would be the time to to review and see if I missed something or dealt with with the issues you raised.

H

Yeah, I think the main point was uh that I think one section really needs to be simplified in some way and maybe some other people can also have a look at it see you yeah see if that can be done, because it just looks to me uh like, like it's almost too complex to just parse when you casually read it.

H

Maybe the implementers don't have a problem with it, but yeah for our audience. It should also be clear enough, simple enough. I think, but that's the main comment I had for the rest looks good.

A

Thank you for that esko. um So I think, in terms of next steps here um ted you have some edits that you want to make to the doc and then we have some comments from esco that need to be addressed.

A

So one actually item is on you to have those uh submit a revision of the draft and then let the mailing list know so we can have people review that uh that revised version yep um okay, if unless we have some something else on this document, I think we can move on to the next one.

A

So these uh yeah we're transitioning from the working group documents. You know current work to individual drafts future work. um The.

A

uh What what I'm noticing here, though, is that a lot like all the action items appear to be on uted, so maybe from a chair's perspective, um I mean let's discuss this new work, that's good, but I think we should probably focus on the existing work and getting that out the door before we add more things to our plate.

D

Fair enough yeah, um I will say that that I have gotten some offers uh so uh they're, uh one of the uh other implementers of this protocol, uh who is here in the room today. I'm not gonna mention his name, but he can.

D

He can mention his name if he wants um has authored to has offered to to help out- and you know with the replication protocol document, and uh so I'm thinking that it would be nice to add him as a co-author and that would potentially reduce the workload on me and that would be good, whether we, whether we adopted immediately or not, but but basically I just want people to be aware of this, and and um and thinking about it and- and you know, maybe even trying an implementation or or criticizing it, because uh you know it well I'll I'll, get to the end of the document and then talk about this.

D

um So.

A

I wanted to just sounds good just uh just to answer to that quickly. um I think that's a great idea, uh because I think you're pretty and both steward and you are bandwidth limited these days, which I totally understand. We all have day jobs, and so adding a co-author before asking for adoption sounds like a great idea. It'll definitely give us more confidence that the document will be worked on. um So that sounds absolutely great.

D

Thanks all right go ahead sure, so I just wanted to give a quick overview of what what's going on here, because you know there there's a lot of stuff in fly. uh You know. Obviously, dnssd has been working on dnssd generally for quite a while. We have mdns we've had that since before the working group started dnssd on dns, we had. These are all in the base document, 6762 and 6763..

D

The working group produced the discovery proxy document which allows us to do to use dns to do mdns discovery on a on a link and then srp, which we're almost done with lets us register servers with register services with an authoritative server and the advertising proxy lets us advertise services in from that authoritative server using mdns.

D

So that's kind of the stuff. That's that that we're already working on and most of that stuff is fairly mature and we should be able to shove it out the door pretty quickly.

D

um So uh then, there's srp replication, srp replication addresses the problem that when I started doing the um the uh srp work, I was just assuming that we were updating like by nine or something like that. I wasn't really thinking about it. In terms of of uh you know, home networks um and uh so srp assumes an authoritative server, but um that turns out not to be a very realistic assumption on a home network on a home network, the home router is usually some little like.

D

You know box that, like they were trying to, they were trying to reduce the the the materials cost to the lowest possible amount, so they put in less memory less flash everything so having that act as a as a resource for doing uh service registration turns out not to be uh it just doesn't work right now that could change we'd like that to change, but that's the way it is right now, um and so uh the existing uh implementations of srp that that are out there in the world are actually devices that are that are srp plus advertising proxy, and wouldn't it be nice to be able to have sort of the the reliability of a managed dns server without without a manager, and so srp replication allows us allows a bunch of devices a bunch of srp slash advertising proxy servers to um to collaborate in producing that reasonably stable namespace without there being an operator so like you could have, for example, like a couple homepod minis each one of those has an srp server.

D

Each one of them is doing srp replication if any one of them gets an update. All of the other ones get that update. It's really nice. So that's kind of the goal of srp replication is just to like fill that that that box, in the block diagram with something that doesn't have to be managed by a network administrator.

D

And then the other work that I'm going to be talking about uh permissionless advertising of dns zones is basically once you have that stable dns server or reasonably stable, dns server. Wouldn't it be nice to be able to just query it using dns or dns push rather than multicast dns. You can eliminate some of the dns, so so, basically, what this allows us to do is um what the the permissionless advertising work is going to. Allow us to do is to allow dnssd clients to query srp.

D

uh They can basically discover the srp server and then start using it as an srp server as a dns server, rather than using the advertising proxy way of talking to it.

D

And similarly, uh if, if your infrastructure supports, um you know delegating dns zones, uh then we have a way to uh to advertise a discovery proxy or to advertise an srp server into the infrastructure um in a way that that just cleanly, you know, works, and then we can actually eliminate mdns entirely um and still get all of the functionality that we currently get with mdns we get the you know the support, for um uh you know service discovery we get immediate, like we can have an ongoing query and get immediate results, because we have dns push, so it basically gives us all of the stuff we're used to with mdns without any multicast, um so uh back to srp replication.

D

um The first question is: why do we need a new protocol and um the problem is like my initial thought was to use dns and ixfr, but uh I couldn't actually come up with a way to do it that I could figure out how to implement and that I thought was going to work well.

D

You know we have this problem, that that dns expects there to be a primary and the primary replicates everything to the secondaries. But we can't assume that any one of the servers in an srp cloud is stable. So it might go away at any time.

D

So that means that when it goes away we have to, we have to pick a different primary and we have to figure out if the data that that server has is correct- and it just becomes like this big challenging problem um and the biggest problem is, we don't actually have a way to establish trust.

D

So the only real trust that we have is that when we get um an srp update, that update was signed by the client, and so we know if we get another update for the same name, we can tell if it came from the same client, and so I kind of wanted to leverage that source of truth for srp replication, and that meant that I couldn't just um we couldn't just have a zone because the zone doesn't have the information that we need to to actually validate that that a new change to the to the database actually came from an srp client.

D

It didn't just come from a rogue srp replication server. So that's kind of why I invented a new protocol, sorry, so the new protocol. The idea is that there's an arbitrary number of srp replication peers which can come and go. We could limit the number if we wanted to, and I think that might make sense. But I don't know what the limit would be. There is no authority uh we're trying to maintain a common data set.

D

um All the servers are communicating, they're all peers, but we do have a precedence because we've got to we've got to figure out some way to decide who talks to who whom um and uh you know we have a database sync and reconciliation process, and then, whenever you know we just whenever something changes, we we replicate those updates to all of the other servers.

D

um So uh so the way this works is that so we're assuming that the srp client is only going to update one server. So there's going to be some advertisements for servers, clients going to pick a server, it's going to advertise to that server.

D

We can identify the client using crypto because it has a public key. uh So we know if we get an update. We know that it's from the same client or that it's not from the same client uh for any given host record, um and we know when we got the update. So so, if a client sends an update, uh it's either newer than what we have or it's older than we.

D

But if we received an srp update, it's always going to be newer than what we have so um so essentially, the the client winds up being the authoritative server for its data, and uh we just maintain this data set. We try to keep the data set in sync: it's not a catastrophe. If it's not in sync the worst case scenario, if we, if we totally lose a client update, is that we'll get that information the next time the client renews?

D

So it's it's it's as stable as it needs to be for what we're trying to do. It's not perfect, but it doesn't have to be perfect.

D

um So what we're replicating is um you know the the the data, uh but but we actually replicate the the srp updates, not the data. The srp updates are then applied to our local version of the database and that winds up replicating the data, but because we're replicating the updates, we can validate them.

D

um So uh so you guys can read the slide again later, if you, if you want to get more details, but that's the basic idea so um so the flow of the protocol is that first, when an srp server comes online, it needs to figure out what data set. It's replicating um and that's somewhat situationally dependent and there's some language in the document that talks about how to do that. But but it may be implementation dependent.

D

We can't necessarily specify it in full detail or there may be sort of uh documents that specify like, if you're trying to do srp replication in this situation. This is what it looks like um so in other words, for example, the stub networks document's probably going to have some text about that. So we choose a data set. We try to find srp replication peers that are replicating that data set and if we find them, then we start we just join in.

D

If we don't, then we become the first and we start advertising um and uh and that's pretty much it um so then the next step in the protocol is connecting um and reconciliation. So we connect to a peer, um and then we compare our databases uh and uh what we're looking for is um if the.

D

If the peer has newer data than we have, then we want the newer data, and if we have newer data than the peer has, then then we want to give that newer data to the peer, and so that means even if we got some updates before reconciliation occurred, we can still reconcile them and we we can feel secure that it's actually going to be correct because um the uh because we're we're passing around the actual updates, um including the time at which the update occurred, which lets us validate it.

D

So um so uh and the other thing is um it's possible that that uh an srp replication peer might have gotten an update, replicated it around and then gone offline, and so during rep during during the reconciliation process. Those updates are still going to be part of the reconciliation process, even though they weren't received by the server.

D

That's that's offering them, because we want to make sure that we replicate the whole database, even if the server that originally got the information is gone um so and then once we're up to date, uh then, whenever appear gets an update, it just sends it to the other peers um and whenever and so from the perspective of an individual peer, it's sending updates whenever it gets an update and occasionally it receives updates from other peers.

D

We don't expect this to happen a lot, but you know happens from time to time, and during this period we don't do secondhand updates, because at this point these are live updates. So so, if something goes wrong in this process, it's basically going to have to be resolved at the srp level, not at the replication level. But generally speaking, it's you know. Usually stuff won't go wrong in the situation.

D

So that's the basic protocol, uh current statuses. We have two implementations, uh there's an implementation, if you, if you have tvos 15, which is the current release that has this code running in it um slightly different version than than what's documented, but uh you know that's sort of par for the course.

D

When you're inventing new protocols, uh open thread has done an implementation, I haven't looked at the implementation yet, but I've had some conversations with the implementers and it sounds like they're doing a great job and I'm looking forward to us doing some interop at some point. So um so, basically uh I don't know if I put it. No that's so. Basically, my goal is to ultimately get this work adopted by the working group. This is probably the biggest ask that I'm ever going to make of this working group, because this is a fairly complicated spec.

D

I think the people who are interested in this are more likely to show up here than somewhere else. So I think this is the place to do the work.

D

You know david made the good point that we don't want to overload the working group given how many people are participating, um but but this is to me it seems clear. This is the place to do the work. So basically, this is kind of your fair warning that this is there's I'm going to be asking for adoption at some point. You know if I thought or if I thought david wouldn't laugh at me. I would ask for adoption now, but he'll probably laugh at me. So so that's where we are.

B

So any thoughts from the working group.

B

Just join the queue if you do or type in the chat.

F

I'm going to thank ted for bringing this introduction to the group, and I'm also going to suggest in the interest of time that we move on, because we just have 15 minutes left and I think two more topics to cover.

D

Yep yeah, we don't have to make a decision right now.

A

That that sounds good um from the church perspective. I'd, say: yeah, let's. uh If, if you could prioritize going through the action items you have on the adopted working group drafts and those look like they're, no longer blocked on you and making good progress, then I think you know then, and taking a co-author then bringing this back. I think the problem there should be appetite at that point as long.

E

As we you.

A

Know as long as my only concern is, I want to make sure that this new work doesn't um delay the existing work. But as long as it doesn't do that, assuming there are multiple folks from different uh affiliations that are interested, then we can definitely consider adopting this I'll double check the charter. But I'm I'm not yet worried I'll double check that with our id and everything.

D

Okay, cool all right, um so, let's see, I think the next on the agenda is the discovering dns zones.

D

So actually it's discovering an advertising dns zone so so kind of a crap shoot what what lands in the title. um So this is some work that that I've been working on with another uh colleague uh and uh you know, there's actually an implementation of this in the latest version of tvos as well.

D

The problem is um that you know so so our our goal here is to be able to discover a lot of services on and these are, these would be like iot devices so like light bulbs and outlets and sensors and stuff like that, you can have quite a few of those on a network.

D

The sort of the original uh model of mdns was, you were going to discover printers or something like that, and usually you don't have like a thousand printers, or I mean you probably don't have a thousand light bulbs, but usually you don't have even 50 printers you have like, maybe two or three um and with uh with iot you really could have like 50 or 100 devices.

D

And now you do an mdns query, you're, getting back a lot of answers, and so that's a lot of stuff to be putting on multicast, um and so that's one. One problem is the amount of stuff.

D

The other problem is that there are devices um that like to go to sleep and for them to uh to notice um you know to to to to have a complete set of data about what's going on in in md s um they have to, they have to be either listening all the time or they have to like do a point query, but even then, there's no guarantee they're going to get all the data, um and so so being able to to have a tcp connection that is open and doing.

D

Dns push um is a lot cleaner solution to both of these uh to both of these issues, um and so what we propose to do. The problem is, of course, what we'd like is to be able to just advertise the stuff to the infrastructure.

D

Have the infrastructure pick it up, delegate the domain and then have have all the discovery, stuff sort of work and that's certainly our end goal, but in the meantime we also need to be able to have this stuff work, even if the infrastructure doesn't support it, which at the moment it definitely doesn't so uh so the way to do that is to advertise the zone using mdns um so essentially, or you know, and and by extension dnssd.

D

So um so we we still using mdns, but we're only doing one query instead of 50.. So it's a big improvement and also like you know, if you're, if you're, using a device that sleeps a lot um your iphone or your watch or you know, I'm sure there are equivalent products and other from other companies. um Then uh dns push is a much uh it's much easier to make that work.

D

Even if you have to re-establish a connection every time you wake up, you can get a complete list of all of the data that you want to know about very easily. But ideally, the connection just survives your sleeps, because you're sleeping momentarily right, you're, like sleeping for a second at a time and waking up every second or something like that, and so so when there's an update, you'll just get it as soon as you reconnect and the wi-fi the wi-fi base station will probably have remembered it for you.

D

So um so uh the way this works, we have to choose a name that won't appear that it's never going to appear in the dns. So we actually need to create a new, a new name like uh home.rpa, but something.

F

That's specifically.

D

For this purpose, yes,.

F

Just add something which I don't think you actually said. um The idea here is that, instead of multicasting a query to every device on the network, the client that wants to do discovery talks to a server using unicast, which is much more efficient on wi-fi, and the bootstrapping issue is: how does it figure out what entity on the network is the unicast server? It should be talking to.

D

Yeah or to put it slightly differently, what entities on the network are available that can act as that unicast server, because there might be more than one um so anyway, so so so the the idea is we don't want to create a security vulnerability here by allowing arbitrary devices on your network to use mdns to override your dns configuration.

D

So therefore, we'll allocate a zone, that's only for this purpose, and so it'll just be devices that are doing the same thing competing with each other and if one of them is malicious, that's not great, but at least it's not going to be able to, like you know, do a man-in-the-middle attack on your bank transaction or something like that. um So uh and then, uh basically the idea is you advertise data.

D

Sets that you have so you might have an srp database data set if you're doing srp replication, you might have one or more discovery proxy links, um and so, if you have any of those you just advertise them with mdns, the client goes out and tries to find the list of zones that that have data sets. It cares about, and um and then uh so, when a when a dnssd query comes in that, doesn't specify what domain to look in you. You know.

D

Sometimes the query will specify looking.local and then you only look with mdns, but but if the query doesn't specify a particular domain, then uh then we're going to set up the browsing domains so that so that this, these zones, that we've discovered are browsing domains and so we'll now do dns push queries to get answers in those domains, and so uh and and the idea is that that any server that's advertising a particular data set, should work, so data set could be an srp replication data set uh where data set could be a discovery proxy uh link and in both of those cases, srp replication gives you a uniform data set, whichever server you talk to and discovery proxy gives you a uniform data set because you're using mdns on a particular link, and so any mdns client on a particular link is going to see the same information, so it doesn't matter which server you connect to in either of these cases, um so current status there's an implementation in tbos.

D

um The current implementation is not doing exactly what I think we should do. It's using ns records and advertising legacy browsing domains and it only works with mdns, um and my for you know, after after having played with that for a while, I came to the conclusion that we probably wanted to just advertise this as a service, so the service will say hi, I'm a service that that does uh you know you can use to do to do.

D

Dns push- and here here are here- are the databases that I replicate and uh or here here are the data sets that you can query and, um and then just kind of have the plumbing be done based on that so, um and then also an additional service that could be advertised is discovery proxy for this link.

D

So now, uh if again, if you have a sleepy device, um it can just connect to the discovery proxy for this link and get the same information that it would get um if it were doing mdns itself, except without having to do the having to be awake all the time.

D

So uh so that's where we are uh the request of the working group is, you know, please take a look at this comment on it and again at some point, I'd like to recommend this for adoption. um So that's that.

A

Does anyone have questions or comments on this document? Please join the mic line now, um otherwise, I think in terms of conclusion kind of similar to the previous draft.

A

If we, you know, looks like we're making good progress on the existing work and potentially, if you I would encourage you to find a co-author with a different affiliation on this one as well. I think that'd be helpful.

A

um It sounds like you know, you're using this for your matter technology is that correct, or so uh sure, okay. Well, if this is being used by uh like for for us who will want to adopt this is the implication would be that it's a general purpose specification that.

D

Everyone so- and that's that's the intention- my goal here is actually to to so remember like I was trying to do the home net naming architecture back in the day and that basically failed because we tried to bite off too big a chunk at once. So what I'm trying to do is address each of the things that we want the home net naming architecture to do piecemeal, so you could say: well you know it's a matter specific thing, but no it's not!

D

The idea is to to fill in all of those little building blocks so that then we get to the point where we actually can have what we were trying to do in the beginning with the naming architecture. So so it's more that I'm using matter as an excuse to to to to succeed in this hobby. Then it is the opposite, but that.

A

Makes perfect sense, um I'm just saying like for us to you know, adopt this. The goal would be to have interest for various folks. If it's just a protocol between an iphone and apple tv, then you don't need a working group document, obviously yeah. That makes sense david.

F

Let me answer your question. um Actually, I want to start off by thanking ted for the enormous amount of work he's done, both on coding and debugging, and writing the documents too. I also want to thank chris box for stepping up as a new co-chair.

F

The reason ted has been working so hard is because there is a lot of use for this and there's lots of activity going on outside the ietf.

F

uh We are trying to encourage those people to engage with the ietf.

F

One thing that some people in this group know about, but many will not is the work going on with thread.

F

Threads quarter make a bit wireless mesh technology for home devices like light switches and motion, sensors and thermostats, and on that network thread is using srp to reduce the reliance on multicast, which we know works very poorly on wireless networks.

F

Thread is being used by mata, which used to go by the working title project chip connected home over ip, and that work is done by the csa. The connectivity standards alliance, which also changed its name, that used to be the zigbee alliance, and it changed its name recently to reflect its new focus on ip technologies, so mata will be using thread as one of its lower layers.

F

It's also using wi-fi people in mata are looking at the work done on thread using unicast discovery, to make it more reliable and less expensive on the network, and there's now been discussions about, we should do the same for wi-fi. Wi-Fi access points should all have srp servers in them, so I'm not pre-announcing anything there, because this is a long way from being done, but there's already discussions going on there that mata would like to see wi-fi doing.

F

Slp just like thread is so there's a ton of stuff, and this is what is keeping ted busy with with so many groups interested in this, and- and I'm mentioning this, because all of that is largely invisible in the ietf to people who are not involved with those groups, and we are actively trying to educate those people about ietf and uh explain to them how they can participate.

A

Thanks for the backup, stuart and thanks for like doing that, work, I think having a fresh set of new eyes and new ideas in the working group is always a good thing. So that's what we're looking for in terms of bringing uh new work, uh great, all right! So ted! You have your last document. We have four minutes left and I want to keep like one for the chairs. So if you could just zoom through it, please go ahead.

D

Yep, I will do my best um so uh so. The issue is that we have um a problem when we have srp replication or when we have enter independent advertising proxies, which is that we can get conflicts, even though, what's actually happened is a legitimate update.

D

um Mdns uh assumes that uh if something has registered a service and something else comes along and tries to ever register a service under the same name, that the something else is uh the interloper and should be rejected and the original should stay, but with a proxy, the new update is we're able to validate with srp that it came from the same device. So it's not an interloper, it's the same device, but we still get a conflict, and so the idea is in the case of proxies to have a resource record.

D

That's mdns specific um that just says when we got the update so that if we get so when we send an mdns probe, um we include that information and then uh an mdns server that has uh that's doing the same thing sees that probe uh and sees that there is a conflict, but that the new information is that the information being advertised is newer.

D

Then it's going to uh not report a conflict because the new and the information is newer and so it'll ultimately just drop the information, the stale information that it has and allow the new information to be advertised and with srp replication. Of course. Ultimately, both of them will wind up advertising the same information, but this gives us this just prevents all these messy conflicts that can occur and the renamings that can occur so so, uh as requested. I don't think, there's a reason to go into too much more detail about that.

D

The slides are up on the on the server um and, uh of course, you can read the document which I think explains the situation pretty well. uh So the request to the working group is uh to take a look at this. uh It's pretty simple. I think it's pretty necessary for actually for the advertising proxy work. So I think we we want to include this in the advertising proxy work, um but I don't think this is a really big task for the working group.

D

I mean I wrote this up in, like you know an hour and I I'm sure that it can use some review, but I think it's pretty solid. So um so that's where we are- and you have a minute.

A

All right, thank you, ted uh we're gonna, take questions on this specific presentation to the list, um boop uh and then put these back. There done um all right so uh and I think uh same kind of conclusion as the other ones uh ted. This looks interesting. It appears to be in scope, uh especially if, uh in the context of advertising proxy, if the working group thinks that advertising processes should have a dependency on this that'll help motivate bring it in but similar to the previous ones.

A

We want to see progress on the other drafts and we would love to see some co-authorship with diversity of affiliation. All right thanks. Everyone for joining our dnssd session and this uh great ietf week now comes to an end. We're all going to be able to sleep. It's going to be amazing um and best parting words see you all on the list and thanks so much barbara for everything uh we're going to miss you here, and I hope you still show up, even if you're, not in the at the chair table.

C

Everybody thank.

A

You barbara bye everyone. Thank you.

B

um Yeah, please keep coming we'd love to see you.

B

You.