Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:
> I think that the IETF already has the answer to the problem you are raising.
> But it is spread out so that while the existing standards essentially
> constrain the space, there is no RFC that puts them together and so I wrote
> one myself:
> https://tools.ietf.org/html/draft-hallambaker-web-service-discovery-00
> This has expired but will be replaced in a few hours time. I am in fact
> updating the whole document set right now.
okay, I see it now, and I'll read it.
> So my response to Michael is that you don't want your version numbers in the .
> well-known path, you want them in the DNS records because then they can be
> used to select the host to connect to according to capabilities.
Interesting. I think that I agree.
> Lets say we have 10 hosts and we are upgrading them to a new version of the
> spec over a two year period (licenses sometimes cost money, people always
> do). So we might upgrade 2 hosts to start with and advertise the fact with
> host specific TXT records.
It might also be that operating both versions is more than one wants to do
with a single host, so one wants to upgrade only as the clients upgrade in
order to match traffic loads.
I like that our document includes load balancing as a built-in goal.
> Of course, to actually make use of a scheme like this in actual deployment,
> the DNS records have to be 100% reliable. Which is not going to happen if
> they are being maintained by hand. So an adjunct specification that would be
> required is a means of automating the management of the DNS records. When the
> service comes up and every n minutes thereafter, it should ping the outbound
> DNS to tell it that it is still alive and what current configuration
> information it needs to publish.
> The ability to secure attributes of this type gives DNSSEC the potential to
> improve application security. We can now specify that the service MUST be
> encrypted.
+1
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature
