Skip to main content

Discovery Proxy for Multicast DNS-Based Service Discovery
draft-ietf-dnssd-hybrid-10

Revision differences

Document history

Date Rev. By Action
2020-06-18
10 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2020-03-19
10 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2020-03-01
10 (System) RFC Editor state changed to RFC-EDITOR from REF
2020-02-07
10 (System) RFC Editor state changed to REF from RFC-EDITOR
2020-02-05
10 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2019-11-22
10 (System) RFC Editor state changed to EDIT from MISSREF
2019-07-10
10 David Schinazi Added to session: IETF-105: dnssd  Thu-1330
2019-07-08
10 Éric Vyncke Shepherding AD changed to Éric Vyncke
2019-03-24
10 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-10.txt
2019-03-24
10 (System) New version approved
2019-03-24
10 (System) Request for posting confirmation emailed to previous authors: Stuart Cheshire
2019-03-24
10 Stuart Cheshire Uploaded new revision
2019-03-11
09 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-09.txt
2019-03-11
09 (System) New version approved
2019-03-11
09 (System) Request for posting confirmation emailed to previous authors: Stuart Cheshire
2019-03-11
09 Stuart Cheshire Uploaded new revision
2018-07-19
08 (System) IANA Action state changed to No IC from In Progress
2018-07-19
08 (System) IANA Action state changed to In Progress
2018-07-19
08 (System) RFC Editor state changed to MISSREF
2018-07-19
08 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2018-07-19
08 (System) Announcement was received by RFC Editor
2018-07-19
08 Cindy Morgan IESG state changed to Approved-announcement sent from IESG Evaluation::AD Followup
2018-07-19
08 Cindy Morgan IESG has approved the document
2018-07-19
08 Cindy Morgan Closed "Approve" ballot
2018-07-19
08 Cindy Morgan Ballot approval text was generated
2018-07-16
08 David Schinazi Added to session: IETF-102: dnssd  Thu-0930
2018-03-22
08 Adam Roach [Ballot comment]
Thanks for addressing my DISCUSS and comments.
2018-03-22
08 Adam Roach [Ballot Position Update] Position for Adam Roach has been changed to No Objection from Discuss
2018-03-21
08 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-03-21
08 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed
2018-03-21
08 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-08.txt
2018-03-21
08 (System) New version approved
2018-03-21
08 (System) Request for posting confirmation emailed to previous authors: Stuart Cheshire
2018-03-21
08 Stuart Cheshire Uploaded new revision
2018-03-20
07 Tim Chown Added to session: IETF-101: dnssd  Thu-0930
2018-03-13
07 Bernie Volz Closed request for Last Call review by INTDIR with state 'No Response'
2018-02-09
07 Ralph Droms Request for Last Call review by IOTDIR Completed: Ready. Reviewer: Ralph Droms. Sent review to list.
2018-01-14
07 Samita Chakrabarti Request for Last Call review by IOTDIR is assigned to Ralph Droms
2018-01-14
07 Samita Chakrabarti Request for Last Call review by IOTDIR is assigned to Ralph Droms
2017-11-30
07 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2017-11-30
07 Kathleen Moriarty
[Ballot comment]
I might be missing it, but I don't see a response to the concern raised by the SecDir reviewer and I am interested …
[Ballot comment]
I might be missing it, but I don't see a response to the concern raised by the SecDir reviewer and I am interested to see how the points can be addressed in this draft:
https://mailarchive.ietf.org/arch/msg/secdir/LUereu5JMsOJrfbIT0TFMBdmRlw

Thank you.
2017-11-30
07 Kathleen Moriarty [Ballot Position Update] Position for Kathleen Moriarty has been changed to No Objection from No Record
2017-11-30
07 Spencer Dawkins [Ballot comment]
Thanks for doing this work (and of course resolving Discusses :-) ...
2017-11-30
07 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2017-11-29
07 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2017-11-29
07 Kathleen Moriarty
[Ballot comment]
I might be missing it, but I don't see a response to the concern raised by the SecDir reviewer:
https://mailarchive.ietf.org/arch/msg/secdir/LUereu5JMsOJrfbIT0TFMBdmRlw

I haven't read …
[Ballot comment]
I might be missing it, but I don't see a response to the concern raised by the SecDir reviewer:
https://mailarchive.ietf.org/arch/msg/secdir/LUereu5JMsOJrfbIT0TFMBdmRlw

I haven't read this draft yet, but plan to prior to the telechat.  I just thought it was important to ask this question now in case I am missing the response or the authors did not see the review question.
2017-11-29
07 Kathleen Moriarty Ballot comment text updated for Kathleen Moriarty
2017-11-29
07 Adam Roach
[Ballot discuss]
First, I'd like to say thanks for your work on this document. I find this work exciting, and hope to see it widely …
[Ballot discuss]
First, I'd like to say thanks for your work on this document. I find this work exciting, and hope to see it widely deployed in the short term.

I do have one major concern that I believe rises to the level of a DISCUSS, although I believe it should be trivial to fix. The reason I believe it to be a barrier to publication is that it makes a broad architectural statement that has implications for all application protocols; which, beyond being outside the remit of the working group per its charter, I seriously doubt received the level of cross-area review appropriate for its scope. The statement of concern is in section 5.5.5:

  As is the case with NAT ALGs, protocol designers are advised to avoid
  communicating names and addresses in nonstandard locations, because
  those "hidden" names and addresses are at risk of not being
  translated when necessary, resulting in operational failures.

I would expect this statement, if evaluated by the IETF community at large, to be extremely controversial: it implies application-layer protocol designs that provide neither confidentiality nor integrity protection for protocol parameters.

Architecturally, it's important to distinguish between NAT ALGs, which are not a party to the security context of the protocols they carry, and DNS discovery proxies, which are. This makes the guidance in here appropriate in the context of DNS-SD records, while being problematic in the broader NAT ALG case cited. I would find no problem with a narrowly-scoped statement that pertains to DNS usage in particular, although I wonder whether designers of DNS TXT record usage in the future are likely to become aware of such guidance.
2017-11-29
07 Adam Roach Ballot discuss text updated for Adam Roach
2017-11-29
07 Adam Roach
[Ballot discuss]
First, I'd like to say thanks for your work on this document. I find this work exciting, and hope to see it widely …
[Ballot discuss]
First, I'd like to say thanks for your work on this document. I find this work exciting, and hope to see it widely deployed in the short term.

I do have one major concern that I believe rises to the level of a DISCUSS, although I believe it should be trivial to fix. The reason I believe it to be a barrier to publication is that it makes a broad architectural statement that has implications for all application protocols; which, beyond being outside the remit of the working group per its charter, I seriously doubt received the level of cross-area review appropriate for its scope. The statement of concern is in section 5.5.5:

  As is the case with NAT ALGs, protocol designers are advised to avoid
  communicating names and addresses in nonstandard locations, because
  those "hidden" names and addresses are at risk of not being
  translated when necessary, resulting in operational failures.

I would expect this statement, if evaluated by the IETF community at large, to be extremely controversial: it implies application-layer protocol designs that provide neither confidentiality nor even integrity protection for protocol parameters.

Architecturally, it's important to distinguish between NAT ALGs, which are not a party to the security context of the protocols they carry, and DNS discovery proxies, which are. This makes the guidance in here appropriate in the context of DNS-SD records, while being problematic in the broader NAT ALG case cited. I would find no problem with a narrowly-scoped statement that pertains to DNS usage in particular, although I wonder whether designers of DNS TXT record usage in the future are likely to become aware of such guidance.
2017-11-29
07 Adam Roach
[Ballot comment]
Minor nit: section five's "four DNS subdomains" seems to be predicated on network designs that always assign segments with netmasks evenly divisible by …
[Ballot comment]
Minor nit: section five's "four DNS subdomains" seems to be predicated on network designs that always assign segments with netmasks evenly divisible by either 8 bits (IPv4) or 4 bits (IPv6). I don't think this is frequently the case any more (e.g., my home network is split into /17 segments, and I have to assume most enterprise deployments are more complex than my house). I believe the reverse delegation records should be described as "one or more per segment."

Substantial comment: the text in section 5.4 seems to assume that all addresses on a segment will *either* correspond to mDNS-discovered addresses, *or* to addresses provisioned in a traditional DNS server. If this is the assumption (and a limitation baked into the design), I think it should be documented. If there's some clever work-around that allows both kinds of addresses to be on a single segment, it would be great to describe that in here instead.

Question: Section 5.6, bullet one (starting "Not using LLQ or Push Notification; no answer in cache") calls for the proxy to return a unicast result as soon as the first valid mDNS response is received. Unless I've misunderstood something, this means that (for example) a query for "_ipp._tcp" on an empty cache will simply return only the single fastest-to-respond printer to the querying client. Was the tradeoff of "faster response but for only one device" explicitly discussed by the WG?

Minor suggestion: Section 5.6, bullet three (starting "Using LLQ or Push Notification; at least one answer in cache") -- this bullet is the only one that is not explicit about whether an mDNS query should be performed by the proxy. I think the intention that it is *not* (due to the RRSet TTL harmonization discussed above), but it would probably help implementors out if you explicitly repeated that no mDNS queries are performed.

Major issue: Section 10 needs to be removed. See https://tools.ietf.org/html/rfc8179#section-10
2017-11-29
07 Adam Roach [Ballot Position Update] New position, Discuss, has been recorded for Adam Roach
2017-11-29
07 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2017-11-29
07 Ben Campbell
[Ballot comment]
Substantive comments:

I support Warren's almost-discuss about non-LDH characters.

Editorial Comments:

- Abstract: It would be helpful to say this document defines a …
[Ballot comment]
Substantive comments:

I support Warren's almost-discuss about non-LDH characters.

Editorial Comments:

- Abstract: It would be helpful to say this document defines a proxy in the abstract.

-3: The draft contains multiple instances of lower-case "should". If that is intentional, please consider using the boilerplate from 8174.
2017-11-29
07 Ben Campbell [Ballot Position Update] New position, No Objection, has been recorded for Ben Campbell
2017-11-29
07 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2017-11-29
07 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2017-11-29
07 Alexey Melnikov
[Ballot comment]
This is a well written document. I have a few clarifying questions which I think will improve the document.

In 5.3:

  To …
[Ballot comment]
This is a well written document. I have a few clarifying questions which I think will improve the document.

In 5.3:

  To accomodate this difference in allowable characters, a Discovery
  Proxy SHOULD support having two separate subdomains delegated to it
  for each link it serves, one whose name is allowed to contain
  arbitrary Net-Unicode text [RFC5198], and a second more constrained
  subdomain whose name is restricted to contain only letters, digits,
  and hyphens, to be used for host name records (names of 'A' and

Am I correct that Punicode encoded A-Labels are still valid here? It would be good to say so.

  'AAAA' address records).

5.5.4.  No Text Encoding Translation

  A Discovery Proxy does no translation between text encodings.
  Specifically, a Discovery Proxy does no translation between Punycode

Punycode needs an Informative reference.

  and UTF-8,
2017-11-29
07 Alexey Melnikov [Ballot Position Update] New position, No Objection, has been recorded for Alexey Melnikov
2017-11-28
07 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2017-11-27
07 Warren Kumari
[Ballot comment]
This was a DISCUSS, but I have changed to NoObj because I couldn't justify to myself which criteria covered it. I've changed to …
[Ballot comment]
This was a DISCUSS, but I have changed to NoObj because I couldn't justify to myself which criteria covered it. I've changed to NoObj, but please address it...

Original DISCUSS point:
----
This is (IMO) easily addressed -- I like the document, this DISCUSS is simply to improve it and help prevent foot-shooting. I'd be a YES or NoObj once addressed.

There are a number of places where the non-LDH names may be configured on a "normal" DNS server. An example of this is in Section 5.2.1.  Domain Enumeration via Unicast Queries:
"db._dns-sd._udp.example.com.  PTR  Building 1.example.com."

Putting this in a zonefile and trying to hand it to e.g BIND makes things sad:
dns_rdata_fromtext: example.com:18: near '1.example.com.': extra input text
zone example.com/IN: loading from master file example.com failed: extra input text
zone example.com/IN: not loaded due to errors.

Another example is in Section 5.3.  Delegated Subdomain for LDH Host Names
"For example, a Discovery Proxy could have the two subdomains "Building 1.example.com" and "bldg1.example.com" delegated to it."

I think that the document needs to do a better job of explaining that you cannot just include non-LDH in a zonefile without escaping -- Section 5.1. (Format) of RFC1035 may be a good pointer.  It may even be a good idea to repeat this (or at least mention the case) whenever there is an example  - readers are likely to just cut and paste without reading the full document, leading to unexpected failures (and then gnashing of teeth on forums)
------


Please also see Joel's OpsDir review - it is relevant.

Questions:
Section 3 - Conventions and Terminology Used in this Document
"A set of hosts is considered to be "on the same link" if: ..."
  I'd suggest "For the purposes of this document a set of hosts..." -- it feels a bit dangerous to be defining what being on a link is more globally, and this probably misses some corner cases and / or conflicts with some other definition.

Section 5.1.  Delegated Subdomain for Service Discovery Records
"In the parent domain, NS records are used to delegate ownership of each defined link name (e.g., "Building 1.example.com")" - can you please provide a pointer here to (I think!) Section 5.5.4.  No Text Encoding Translation?

Section 5.2.1.  Domain Enumeration via Unicast Queries
"The "b" ("browse") records tell the client device the list of browsing domains to display for the user to select from and the "db" ("default browse") record tells the client device which domain in that list should be selected by default."
What if b.[...] contains "foo" and "bar", and db.[...] contains "baz" (i.e the default browse is not in b)? Should "baz" be automagically added to b, or should it be ignored? The decision is likely implemented on the client, but I think worth noting here - I could see a lazy admin relying on the former and then later getting bitten if this changes.

Section 5.4.  Delegated Subdomain for Reverse Mapping
"For example, in the "/usr/include/dns_sd.h" APIs (available on macOS, iOS, Bonjour for Windows, Linux and Android), ..."
Is the API really at /usr/include/dns_sd.h" on Windows? (No idea, and I'm not inclined to go find a Windows box to test, but it sounded wrong so I flagged it!)


Section 5.5.2.  Suppressing Unusable Records
I don't really understand the "MUST NOT" when a Proxy can determine if there are multiple address realms - I get why this is desirable, but if it is important enough to require a MUST NOT, then surely it should be a requirement that all proxies are able to do this (AFAICT, though manual config)? Also, if this is MUST NOT for v4, why is it only SHOULD NOT for v6 ULAs? (please educate me).

Section 5.5.3.  NSEC and NSEC3 queries
"Since a Discovery Proxy only knows what names exist on the local link by issuing queries for them, ..." (specifically the "only")
This may be a nit, but couldn't a DP also know that a name exists because a device advertised it?

Nits:
Section 5.2.2.  Domain Enumeration via Multicast Queries
"Since a Discovery Proxy exists on many, if not all, the links in an enterprise, it offers an additional way to provide Domain Enumeration data for clients."
I think that this should be "many, if not all, *of* the links ..." -- but I'm not sure.
2017-11-27
07 Warren Kumari [Ballot Position Update] Position for Warren Kumari has been changed to No Objection from Discuss
2017-11-27
07 Eric Rescorla
[Ballot comment]

  Discovery, a compromise is needed that combines the ease-of-use of
  Multicast DNS with the efficiency and scalability of Unicast DNS.
A …
[Ballot comment]

  Discovery, a compromise is needed that combines the ease-of-use of
  Multicast DNS with the efficiency and scalability of Unicast DNS.
A diagram would help here.



  one or more others that should be included in the list of automatic
  browsing domains for legacy clients.
It might be clearer to point out that these are defined in 6763.



  types do and do not exist just the specific name queried, and no
  others.
Nit: I think you mean "for just the"



      queries, and allow some time for responses to arrive.
      DNS TTLs in responses are capped to at most ten seconds.
Is this text normative?



  generate authoritative signed data from the local Multicast DNS
  responses it receives.  Off-line signing not applicable to Discovery
  Proxy.
"is not applicable"?



10.  Intelectual Property Rights

  Apple has submitted an IPR disclosure concerning the technique
Nit: "intellectual"



  A mechanism to 'stitch' together multiple ".local." zones so that
  they appear as one.  Such a stitching mechanism will be specified in
  a future companion document.  This stitching mechanism addresses the
Not a sentence.
2017-11-27
07 Eric Rescorla [Ballot Position Update] New position, No Objection, has been recorded for Eric Rescorla
2017-11-27
07 Warren Kumari
[Ballot discuss]
This is (IMO) easily addressed -- I like the document, this DISCUSS is simply to improve it and help prevent foot-shooting. I'd be …
[Ballot discuss]
This is (IMO) easily addressed -- I like the document, this DISCUSS is simply to improve it and help prevent foot-shooting. I'd be a YES or NoObj once addressed.

There are a number of places where the non-LDH names may be configured on a "normal" DNS server. An example of this is in Section 5.2.1.  Domain Enumeration via Unicast Queries:
"db._dns-sd._udp.example.com.  PTR  Building 1.example.com."

Putting this in a zonefile and trying to hand it to e.g BIND makes things sad:
dns_rdata_fromtext: example.com:18: near '1.example.com.': extra input text
zone example.com/IN: loading from master file example.com failed: extra input text
zone example.com/IN: not loaded due to errors.

Another example is in Section 5.3.  Delegated Subdomain for LDH Host Names
"For example, a Discovery Proxy could have the two subdomains "Building 1.example.com" and "bldg1.example.com" delegated to it."

I think that the document needs to do a better job of explaining that you cannot just include non-LDH in a zonefile without escaping -- Section 5.1. (Format) of RFC1035 may be a good pointer.  It may even be a good idea to repeat this (or at least mention the case) whenever there is an example  - readers are likely to just cut and paste without reading the full document, leading to unexpected failures (and then gnashing of teeth on forums)
2017-11-27
07 Warren Kumari Ballot discuss text updated for Warren Kumari
2017-11-27
07 Warren Kumari
[Ballot discuss]
There are a number of places where the non-LDH names may be configured on a "normal" DNS server. An example of this is …
[Ballot discuss]
There are a number of places where the non-LDH names may be configured on a "normal" DNS server. An example of this is in Section 5.2.1.  Domain Enumeration via Unicast Queries:
"db._dns-sd._udp.example.com.  PTR  Building 1.example.com."

Putting this in a zonefile and trying to hand it to e.g BIND makes things sad:
dns_rdata_fromtext: example.com:18: near '1.example.com.': extra input text
zone example.com/IN: loading from master file example.com failed: extra input text
zone example.com/IN: not loaded due to errors.

Another example is in Section 5.3.  Delegated Subdomain for LDH Host Names
"For example, a Discovery Proxy could have the two subdomains "Building 1.example.com" and "bldg1.example.com" delegated to it."

I think that the document needs to do a better job of explaining that you cannot just include non-LDH in a zonefile without escaping -- Section 5.1. (Format) of RFC1035 may be a good pointer.  It may even be a good idea to repeat this (or at least mention the case) whenever there is an example  - readers are likely to just cut and paste without reading the full document, leading to unexpected failures (and then gnashing of teeth on forums)
2017-11-27
07 Warren Kumari
[Ballot comment]
Please also see Joel's OpsDir review - it is relevant.

Questions:
Section 3 - Conventions and Terminology Used in this Document
"A set …
[Ballot comment]
Please also see Joel's OpsDir review - it is relevant.

Questions:
Section 3 - Conventions and Terminology Used in this Document
"A set of hosts is considered to be "on the same link" if: ..."
  I'd suggest "For the purposes of this document a set of hosts..." -- it feels a bit dangerous to be defining what being on a link is more globally, and this probably misses some corner cases and / or conflicts with some other definition.

Section 5.1.  Delegated Subdomain for Service Discovery Records
"In the parent domain, NS records are used to delegate ownership of each defined link name (e.g., "Building 1.example.com")" - can you please provide a pointer here to (I think!) Section 5.5.4.  No Text Encoding Translation?

Section 5.2.1.  Domain Enumeration via Unicast Queries
"The "b" ("browse") records tell the client device the list of browsing domains to display for the user to select from and the "db" ("default browse") record tells the client device which domain in that list should be selected by default."
What if b.[...] contains "foo" and "bar", and db.[...] contains "baz" (i.e the default browse is not in b)? Should "baz" be automagically added to b, or should it be ignored? The decision is likely implemented on the client, but I think worth noting here - I could see a lazy admin relying on the former and then later getting bitten if this changes.

Section 5.4.  Delegated Subdomain for Reverse Mapping
"For example, in the "/usr/include/dns_sd.h" APIs (available on macOS, iOS, Bonjour for Windows, Linux and Android), ..."
Is the API really at /usr/include/dns_sd.h" on Windows? (No idea, and I'm not inclined to go find a Windows box to test, but it sounded wrong so I flagged it!)


Section 5.5.2.  Suppressing Unusable Records
I don't really understand the "MUST NOT" when a Proxy can determine if there are multiple address realms - I get why this is desirable, but if it is important enough to require a MUST NOT, then surely it should be a requirement that all proxies are able to do this (AFAICT, though manual config)? Also, if this is MUST NOT for v4, why is it only SHOULD NOT for v6 ULAs? (please educate me).

Section 5.5.3.  NSEC and NSEC3 queries
"Since a Discovery Proxy only knows what names exist on the local link by issuing queries for them, ..." (specifically the "only")
This may be a nit, but couldn't a DP also know that a name exists because a device advertised it?

Nits:
Section 5.2.2.  Domain Enumeration via Multicast Queries
"Since a Discovery Proxy exists on many, if not all, the links in an enterprise, it offers an additional way to provide Domain Enumeration data for clients."
I think that this should be "many, if not all, *of* the links ..." -- but I'm not sure.
2017-11-27
07 Warren Kumari [Ballot Position Update] New position, Discuss, has been recorded for Warren Kumari
2017-11-12
07 Terry Manderson Placed on agenda for telechat - 2017-11-30
2017-11-12
07 Terry Manderson IESG state changed to IESG Evaluation from Waiting for Writeup
2017-11-12
07 Terry Manderson Ballot has been issued
2017-11-12
07 Terry Manderson [Ballot Position Update] New position, Yes, has been recorded for Terry Manderson
2017-11-12
07 Terry Manderson Created "Approve" ballot
2017-11-12
07 Terry Manderson Ballot writeup was changed
2017-11-12
07 David Schinazi Added to session: IETF-100: dnssd  Wed-0930
2017-10-22
07 Joel Jaeggli Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Joel Jaeggli. Sent review to list.
2017-10-19
07 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Dan Harkins.
2017-10-12
07 (System) IESG state changed to Waiting for Writeup from In Last Call
2017-10-07
07 Joel Halpern Request for Last Call review by GENART Completed: Ready. Reviewer: Joel Halpern. Sent review to list.
2017-10-05
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Dan Harkins
2017-10-05
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Dan Harkins
2017-10-04
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Joel Jaeggli
2017-10-04
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Joel Jaeggli
2017-10-02
07 (System) IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed
2017-10-02
07 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has reviewed draft-ietf-dnssd-hybrid-07, which is currently in Last Call, and has the following comments:

We …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has reviewed draft-ietf-dnssd-hybrid-07, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
IANA Services Specialist
2017-09-28
07 Jean Mahoney Request for Last Call review by GENART is assigned to Joel Halpern
2017-09-28
07 Jean Mahoney Request for Last Call review by GENART is assigned to Joel Halpern
2017-09-28
07 Cindy Morgan IANA Review state changed to IANA - Review Needed
2017-09-28
07 Cindy Morgan
The following Last Call announcement was sent out (ends 2017-10-12):

From: The IESG
To: IETF-Announce
CC: dnssd-chairs@ietf.org, dnssd@ietf.org, tim.chown@jisc.ac.uk, Tim Chown , …
The following Last Call announcement was sent out (ends 2017-10-12):

From: The IESG
To: IETF-Announce
CC: dnssd-chairs@ietf.org, dnssd@ietf.org, tim.chown@jisc.ac.uk, Tim Chown , draft-ietf-dnssd-hybrid@ietf.org, terry.manderson@icann.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Discovery Proxy for Multicast DNS-Based Service Discovery) to Proposed Standard


The IESG has received a request from the Extensions for Scalable DNS Service
Discovery  WG (dnssd) to consider the following document: - 'Discovery Proxy
for Multicast DNS-Based Service Discovery'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2017-10-12. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  This document specifies a mechanism that uses Multicast DNS to
  automatically populate the wide-area unicast Domain Name System
  namespace with records describing devices and services found on the
  local link.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dnssd-hybrid/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-dnssd-hybrid/ballot/

The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/2119/





2017-09-28
07 Cindy Morgan IESG state changed to In Last Call from Last Call Requested
2017-09-28
07 Cindy Morgan Last call announcement was generated
2017-09-28
07 Bernie Volz Request for Last Call review by INTDIR is assigned to Joe Abley
2017-09-28
07 Bernie Volz Request for Last Call review by INTDIR is assigned to Joe Abley
2017-09-27
07 Terry Manderson Requested Last Call review by OPSDIR
2017-09-27
07 Terry Manderson Requested Last Call review by IOTDIR
2017-09-27
07 Terry Manderson Requested Last Call review by INTDIR
2017-09-27
07 Terry Manderson Last call was requested
2017-09-27
07 Terry Manderson Ballot approval text was generated
2017-09-27
07 Terry Manderson Ballot writeup was generated
2017-09-27
07 Terry Manderson IESG state changed to Last Call Requested from Publication Requested
2017-09-27
07 Terry Manderson Last call announcement was generated
2017-09-15
07 Tim Chown
(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? …
(1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header?

Proposed Standard. This is indicated in the header, and is appropriate for the document.


(2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections:

Technical Summary:

Classic mDNS and DNS-SD only operate across the scope of a single link. There is thus a challenge in service discovery for multi-link networks, from home networks through to large enterprises or campuses. This document specifies a type of proxy called a "Multicast Discovery Proxy" (or just "Discovery Proxy") that uses Multicast DNS to discover Multicast DNS records on its local link, and makes corresponding DNS records visible in the Unicast DNS namespace. Host queries are forwarded to proxies on remote links which perform multicast resolution of those queries, returning unicast answers.  Hosts may use LLQ or DNS Push for queries, to subscribe to DNS updates to obtain timely information. Other optimisations are described in other WG documents.

Working Group Summary:

The draft moved fairly smoothly through various iterations. Until late in the process it was referred to the Hybrid Proxy, hence the draft file name, but it was then renamed the Discovery Proxy to allow the potential for a future Advertising Proxy to be defined with a clear, distinct purpose.

Document Quality:

The appendix describes existing implementation status, which includes at least three (part) implementations.  There is interest amongst multiple vendors to take the work forward, beyond just Apple.  There has been a good number of reviews performed on the document over the past year or so, and there has been close cooperation with the DNSOP WG through Tim and Suzanne on the DNS Push and DNS Session Signal drafts that the Proxy can benefit from.

Personnel:

Tim Chown is the document shepherd (and co-chair of the WG), and Terry Manderson is the Responsible AD.


(3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG.

As WG chair I have followed the draft through its development, and am thus familiar with it.  I have read the final version of the document and am satisfied that it is ready for publication. 

The -07 version fixed the one remaining nit, which was the reference to “.home” in the document, which was replaced with “.home.arpa”.


(4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed?

No. The document has been reviewed by a number of experienced IETF contributors through its development.


(5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place.

No.  The DNS Push and related DNS Session Signalling drafts have been produced collaboratively with the DNSOP WG.


(6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here.

No concerns.  The document is perhaps a little hard to read at first for those not familiar with certain aspects of DNS-SD. Given the IETF documents can now include higher quality diagrams, an overview diagram of the querying hosts, authoritative name servers, proxies and services in links, with indicated DNS delegations, might be helpful for a new reader. But this is not required. 


(7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why?

Yes, but see below.


(8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures.

Yes. The disclosure was https://datatracker.ietf.org/ipr/2119/, but it is reported as “removed at the submitter’s request”. This was done in error (when removing the errant disclosure on the DNS-SD Requirements draft). Apple are in the process of having the disclosure restored; we expect this to be resolved soon, and will report the resolution to the WG to ensure the WG supports the resolution.


(9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it?

There is strong consensus to publish the document, as verified in the IETF97 meeting (along with the Discovery Proxy name change).  The document probably hasn’t been that widely read, but there have been a good number of relatively expert reviews undertaken.


(10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.)

No.


(11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough.

There is a small number of minor nits (3 warnings and 0 comments). I’m not convinced that the warnings on non-RFC2606-compliant FQDNs and non-RFC6890-compliant IPv4 addresses are real. The outdated draft reference (for draft-ietf-homenet-dot-07) can easily be fixed in the final version.


(12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews.

Not applicable.

(13) Have all references within this document been identified as either normative or informative?

Yes.


(14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion?

Yes, DNS Push - draft-ietf-dnssd-push-12 - which is being submitted to the IESG very soon (in shepherd write-up stage with Tim Wickinski).
DNS Push in turn has a dependency on draft-ietf-dnsop-session-signal-03, which is being progressed in the DNSOP WG.  The -03 version was published this week. The DNSOP chairs are determining whether to continue to progress the session signal work ‘as is’, in which case we might expect publication soon, or whether a more board review of the approach is required, which would add a not insignificant delay.
Ideally all three documents would be published together.


(15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure.

No.


(16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary.

No.


(17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226).

There are no IANA considerations for this document.


(18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries.

Not applicable.


(19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc.

Not applicable.
2017-09-15
07 Tim Chown Responsible AD changed to Terry Manderson
2017-09-15
07 Tim Chown IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2017-09-15
07 Tim Chown IESG state changed to Publication Requested
2017-09-15
07 Tim Chown IESG process started in state Publication Requested
2017-09-15
07 Tim Chown Tag Doc Shepherd Follow-up Underway cleared.
2017-09-15
07 Tim Chown Changed document writeup
2017-09-13
07 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-07.txt
2017-09-13
07 (System) New version approved
2017-09-13
07 (System) Request for posting confirmation emailed to previous authors: Stuart Cheshire
2017-09-13
07 Stuart Cheshire Uploaded new revision
2017-07-17
06 Tim Chown Added to session: IETF-99: dnssd  Wed-1520
2017-07-17
06 Tim Chown Changed consensus to Yes from Unknown
2017-07-17
06 Tim Chown Intended Status changed to Proposed Standard from None
2017-06-19
06 Tim Chown Tag Doc Shepherd Follow-up Underway set.
2017-06-19
06 Tim Chown IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document
2017-06-19
06 Tim Chown Notification list changed to Tim Chown <tim.chown@jisc.ac.uk>
2017-06-19
06 Tim Chown Document shepherd changed to Tim Chown
2017-03-28
06 Tim Chown Added to session: IETF-98: dnssd  Tue-1640
2017-03-13
06 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-06.txt
2017-03-13
06 (System) New version approved
2017-03-13
06 (System) Request for posting confirmation emailed to previous authors: Stuart Cheshire
2017-03-13
06 Stuart Cheshire Uploaded new revision
2016-11-16
05 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-05.txt
2016-11-16
05 (System) New version approved
2016-11-16
05 (System) Request for posting confirmation emailed to previous authors: "Stuart Cheshire"
2016-11-16
05 Stuart Cheshire Uploaded new revision
2016-11-09
04 Tim Chown Added to session: IETF-97: dnssd  Thu-0930
2016-10-31
04 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-04.txt
2016-10-31
04 (System) New version approved
2016-10-31
03 (System) Request for posting confirmation emailed to previous authors: "Stuart Cheshire"
2016-10-31
03 Stuart Cheshire Uploaded new revision
2016-04-04
03 Tim Chown Added to session: IETF-95: dnssd  Mon-1550
2016-02-04
03 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-03.txt
2015-11-05
02 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-02.txt
2015-10-19
01 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-01.txt
2014-11-13
00 Cindy Morgan This document now replaces draft-cheshire-dnssd-hybrid instead of None
2014-11-13
00 Stuart Cheshire New version available: draft-ietf-dnssd-hybrid-00.txt