On 30 May 2025, at 21:07, Sarah Tarrant <starr...@staff.rfc-editor.org> wrote:
> Ted - Thank you for helping me understand the phrasing with "traditional DNS 
> Update protocol". I spent some time looking through the other instances in 
> the document, and your explanation really helped me understand. 

Yes, it's actually a bit confusing in the document. You touched on this in the 
initial AUTH48 edit, but I think we didn't get rid of all the ambiguity, so 
it's no wonder you are confused. The document uses the terms "DNS Update" and 
"DNS Update message" to mean the same thing, but also uses the term "DNS 
Update" to refer to the "DNS Update protocol." I think an edit to fix this 
would be too much to suggest at this stage in the process, but that's probably 
how this confusion arose. Oh, and we also use "DNS Update" in the context of 
protocol elements, like "DNS Update Adds".

Sigh.

Anyway, I do see an issue here in 3.2.5.1:

hen regenerating a key or or only in the event that the SRP update

This change wasn't fully applied:

In section 3.2.5.3, unplugged is a bit anachronistic these days. OLD:

The lifetime of the KEY records is set using the KEY-LEASE field of the Update 
Lease Option and SHOULD be set to a much longer time, typically 14 days. The 
result being that even though a device may be temporarily unplugged -- 
disappearing from the network for a few days -- it makes a claim on its name 
that lasts much longer.

Therefore, even if a device is unplugged from the network for a few days, and 
its services are not available for that time, no other device can come along 
and claim its name the moment it disappears from the network. In the event that 
a device is unplugged from the network and permanently discarded, then its name 
is eventually cleaned up and made available for reuse.

NEW:

The lifetime of the KEY records is set using the KEY-LEASE field of the Update 
Lease Option and SHOULD be set to a much longer time, typically 14 days. The 
result being that even though a device may be temporarily disconnected or 
powered off -- disappearing from the network for a few days -- it makes a claim 
on its name that lasts much longer.

Therefore, even if a device is unplugged from the network for a few days, and 
its services are not available for that time, no other device can come along 
and claim its name the moment it disappears from the network. In the event that 
a device is disconnected from the network and permanently discarded, then its 
name is eventually cleaned up and made available for reuse.

This change was omitted from Stuart's update:

Also in 3.2.5.4, OLD:

Note that this document does not update the SRV specification [RFC2782 
<https://www.rfc-editor.org/authors/rfc9665.html#RFC2782>]: Authoritative DNS 
servers still MUST NOT compress SRV record targets. The requirement to accept 
compressed SRV records in updates only applies to SRP registrars, and SRP 
registrars that are also authoritative DNS servers still MUST NOT compress SRV 
record targets in DNS responses. We note also that Multicast DNS [RFC6762 
<https://www.rfc-editor.org/authors/rfc9665.html#RFC6762>] similarly compresses 
SRV records in mDNS messages.

NEW:

Note that this document does not update the SRV specification [RFC2782 
<https://www.rfc-editor.org/authors/rfc9665.html#RFC2782>]: Authoritative DNS 
servers still MUST NOT compress SRV record targets. The requirement to accept 
compressed SRV records in updates only applies to SRP registrars. SRP 
registrars that are also authoritative DNS servers still MUST NOT compress SRV 
record targets in DNS responses. We note also that Multicast DNS [RFC6762 
<https://www.rfc-editor.org/authors/rfc9665.html#RFC6762>] similarly compresses 
SRV records in mDNS messages.

I think Stuart didn't understand the purpose of this change. The reason to 
break this into two sentences is not for readability. It's that it makes the 
meaning clearer. "SRP registrars" at the end of the sentence in the new text is 
talking about all SRP registrars. "SRP registrars" at the beginning of the 
second sentence is talking about SRP registrars that are also authoritative DNS 
servers. The current text makes this distinction a lot less clear.

Sorry to add one more cycle, but hopefully this is the last one.


-- 
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org

Reply via email to