Re: [DNSOP] [homenet] My assessment of .homenet as described during the WG session yesterday.
Mark Andrews <marka@isc.org> Thu, 30 March 2017 05:20 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6878B129522; Wed, 29 Mar 2017 22:20:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PP_MIME_FAKE_ASCII_TEXT=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I6IrfwjqTSVG; Wed, 29 Mar 2017 22:20:12 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7276E12948D; Wed, 29 Mar 2017 22:20:12 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id 73E8D24AE08; Thu, 30 Mar 2017 05:20:07 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 5B20A16003A; Thu, 30 Mar 2017 05:20:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 4541816004F; Thu, 30 Mar 2017 05:20:07 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TLRklVDkJlmu; Thu, 30 Mar 2017 05:20:07 +0000 (UTC)
Received: from rock.dv.isc.org (107-1-12-170-ip-static.hfc.comcastbusiness.net [107.1.12.170]) by zmx1.isc.org (Postfix) with ESMTPSA id E413616003A; Thu, 30 Mar 2017 05:20:06 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 008D66A4B0BE; Thu, 30 Mar 2017 16:20:05 +1100 (AEDT)
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: Mark Townsley <mark@townsley.net>, Michael Richardson <mcr+ietf@sandelman.ca>, HOMENET <homenet@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, Terry Manderson <terry.manderson@icann.org>
From: Mark Andrews <marka@isc.org>
References: <DAC83E33-A206-4EAA-BC96-E26ACCC013A6@icann.org> <29150.1490800075@obiwan.sandelman.ca> <D04E5190-AEE4-4F0A-9879-A913D5E65C28@townsley.net> <CAH1iCiozhJ3CxRDXh8R1kfv40SZvA2MqPmsstx__+34BRowwUw@mail.gmail.com>
In-reply-to: Your message of "Wed, 29 Mar 2017 23:41:00 -0500." <CAH1iCiozhJ3CxRDXh8R1kfv40SZvA2MqPmsstx__+34BRowwUw@mail.gmail.com>
Date: Thu, 30 Mar 2017 16:20:05 +1100
Message-Id: <20170330052006.008D66A4B0BE@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/QSi_nAcbLc8KiXyAiVxEZOSoR9w>
Subject: Re: [DNSOP] [homenet] My assessment of .homenet as described during the WG session yesterday.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 05:20:14 -0000
In message <CAH1iCiozhJ3CxRDXh8R1kfv40SZvA2MqPmsstx__+34BRowwUw@mail.gmail.com>, Brian Dickson writes: > On Wed, Mar 29, 2017 at 5:07 PM, Mark Townsley <mark@townsley.net> wrote: > > > > > > On Mar 29, 2017, at 10:07 AM, Michael Richardson > <mcr+ietf@sandelman.ca> > > wrote: > > > > > > > > > Terry Manderson <terry.manderson@icann.org> wrote: > > >> B) seek a .homenet special use domain WITHOUT the delegation request > > >> AND ask the IETF/IESG/IAB to commence the discussion with the ICANN > > >> community to achieve an insecure delegation > > > > > >> c) seek a <SOMETHING>.arpa insecure special use delegation > > > > > >> d) go for "B" and if that doesn't work shift to "C" > > > > > > Is there some reason we can not proceed with "C", concurrently with (B). > > > > I think that would require a new consensus call. There was a lot of work > > done to get to the point of agreeing on a path forward at the last IETF, > > and this path would be rather different than that. > > > > > This might cause stub resolvers to have to have two cases > > > (SOMETHING.arpa, and .homenet) eventually, but at least we could deploy > > > and attempt interop with SOMETHING.arpa NOW, and it would more clearly > > > permit "home." to be removed from code. > > > > > > > /chair-hat-off > > > > I donât think we want to have two defaults in our specs. Itâs bad enough > > that we are already going to end up with .home and .homenet depending on > > the version of code used or forked from, I really donât want to do anything > > that could lead to a third if we can avoid it. > > > > - Mark > > > > Taking a STRICTLY devil's advocate position here: > > Isn't it the case that the thing that knows what the <homenet> label is, > should be able to masquerade on behalf of anything that isn't aware of the > divergence of the three possible values for <homenet>? If you end up with > some boxes thinking it is ".home", some ".homenet", and some > ".homenet.arpa", as long as one of them knows about all three, it should > be possible to resolve the differences. > > The scope of the namespace is "the home network", and never reaches the > real DNS (roots), so at worst it would be folding the three fake > namespaces into a unified (three-headed) fake namespace. Can we please stop with this "and never reaches the real DNS (roots)" garbage. Queries for homenet/DS *will* reach the roots. That is how DNSSEC validation is designed to work. They *need* to be answered with a signed NOERROR NODATA response. Lots of Linux distributions ship with DNSSEC validation enabled for on machine clients and they are also configured to forward to the nameservers that are returned by DHCP. These machines behave *exactly* like a validating stub resolver from the DNSSEC perspective. This isn't something that will be in the future. It is the PRESENT. > I.e. avoid it if you can, but if you can't, I think the issues are > solvable, even if they get a little funky/ugly under the hood. > > None of that should be visible to users, I don't think. > > Brian > > P.S. Guide to implementers - never expose multiple handles for the same > object; over-exuberant users may be tempted to try to "clean up" the > duplicates. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] My assessment of .homenet as described du… Terry Manderson
- Re: [DNSOP] [homenet] My assessment of .homenet a… james woodyatt
- Re: [DNSOP] [homenet] My assessment of .homenet a… George Michaelson
- Re: [DNSOP] [homenet] My assessment of .homenet a… Michael Richardson
- Re: [DNSOP] [homenet] My assessment of .homenet a… Terry Manderson
- Re: [DNSOP] [homenet] My assessment of .homenet a… Terry Manderson
- Re: [DNSOP] [homenet] My assessment of .homenet a… Mark Townsley
- Re: [DNSOP] [homenet] My assessment of .homenet a… Brian Dickson
- Re: [DNSOP] [homenet] My assessment of .homenet a… Mark Andrews
- Re: [DNSOP] [homenet] My assessment of .homenet a… Brian Dickson
- Re: [DNSOP] [homenet] My assessment of .homenet a… Paul Vixie
- Re: [DNSOP] [homenet] My assessment of .homenet a… Steve Crocker
- Re: [DNSOP] [homenet] My assessment of .homenet a… Paul Vixie
- Re: [DNSOP] [homenet] My assessment of .homenet a… Mark Andrews
- Re: [DNSOP] [homenet] My assessment of .homenet a… Ted Lemon
- Re: [DNSOP] My assessment of .homenet as describe… Terry Manderson
- Re: [DNSOP] [homenet] My assessment of .homenet a… Ted Lemon
- Re: [DNSOP] [homenet] My assessment of .homenet a… George Michaelson