IETF Logo Mail Archive

Re: [DNSOP] [homenet] Fwd: WGLC on "redact" and "homenet-dot"

Brian Dickson <brian.peter.dickson@gmail.com> Thu, 15 December 2016 03:30 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DCAB129712; Wed, 14 Dec 2016 19:30:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zz-pcD23YC3; Wed, 14 Dec 2016 19:30:22 -0800 (PST)
Received: from mail-wj0-x236.google.com (mail-wj0-x236.google.com [IPv6:2a00:1450:400c:c01::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66091129531; Wed, 14 Dec 2016 19:30:22 -0800 (PST)
Received: by mail-wj0-x236.google.com with SMTP id tg4so54713839wjb.1; Wed, 14 Dec 2016 19:30:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=3gqWr6MjN5AO3AcptJUNdcHFbjLdEVw0PIySkYk1bfg=; b=cVJhxofy9FJwuDjNcbJGDKKaasLyaqrGbfYYDhJVYNcJHfIwCRpMYz7sk3F4aLMYSI YcQM10ik+hTg82paK4zRxhY4Xj0rDqOpIRuVb6ookt016sT95IK2J0jZOdMEdmXDQS2G YYGO0GZXlSbC1hoVyHKZTyQ+t+/TZGgN26bM7tAZb++YdrTOdlTgkS5L0Cfrg9SHepIk fv3v5uwPJ6CyZWb+RIUpsUOVcQysCZ+wrTLCPRgNoNrD/ni+jnwjPd8iXHM394pbHLOp 1CGaibUHX1n6Jl8+FnTiL0kmwj4XD8URs4EMXoi8V5OK+yO5/JNAj/XaxX2yG/4MGIJJ PSlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=3gqWr6MjN5AO3AcptJUNdcHFbjLdEVw0PIySkYk1bfg=; b=Ec2LR5l3BMl/3Q3ZPi/R7QlzbxAFSab23ZFSnKPXSdvMMgrXXYliCFW7mqDefcavXx rcWiKbMkOrEcjwGxleHBPB6mEmtcUWihEeGt8auQYFwBOFDv344MwWNSV3o/A4gGQ8E2 VE9KhOwudaitOW3SPSgvIB1m74YXj81+Ed61BPfd7TOVRBuFc95uL3UFJfoN2hrNIxpR AV8s/4/BtZACbfkyD/fTzvgrIsFGxyHu7A4xh3ElAc+fmThaGFE9d9N/kmCTVxBLRVAW Ohjy7ly/ZR+8Qp9IXWsB1N0nbSlk3LfSK+7bIy6rgmHsrIEaJh2B5D+5XDFp/zqehYnA v8Aw==
X-Gm-Message-State: AKaTC01Uey53u18AwsNuB39SflIV7D/+oULBBCWFIwzBtUEFarSp7e1Efa4qLLWijkGwnB4cGPPdJ452os+APg==
X-Received: by 10.194.9.8 with SMTP id v8mr118078wja.140.1481772620913; Wed, 14 Dec 2016 19:30:20 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.203.70 with HTTP; Wed, 14 Dec 2016 19:30:20 -0800 (PST)
In-Reply-To: <CAPt1N1=Mw=LSQ+dwFX2MFKTzSHMzWKAMLrW9fQPaAggMb+GJ-A@mail.gmail.com>
References: <20161214220428.1688.qmail@ary.lan> <9EC2695D-5CC5-479F-9998-27810608E71E@fugue.com> <CAH1iCioPZiO78j478BV7t=pTN9LZXQbweeBZQF2w3O1gKwx3XA@mail.gmail.com> <20161215011803.A2B705CE7CAA@rock.dv.isc.org> <CAH1iCir6R=DG+RM1BoMn1s31x3ZoN4bHLO7dWdVL-yCD3u3R0A@mail.gmail.com> <CAPt1N1=Mw=LSQ+dwFX2MFKTzSHMzWKAMLrW9fQPaAggMb+GJ-A@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Wed, 14 Dec 2016 19:30:20 -0800
Message-ID: <CAH1iCirFZtCWVkMqFp8Fb=wJLzmBNb2k5PfxKBRNUtgVR7cMXA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Content-Type: multipart/alternative; boundary="047d7b5d8965b520090543aa12c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/sTd985AZrnhYJ7AMIBx13eeGrL0>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, John Levine <johnl@taugh.com>, HOMENET <homenet@ietf.org>, Michael StJohns <msj@nthpermutation.com>
Subject: Re: [DNSOP] [homenet] Fwd: WGLC on "redact" and "homenet-dot"
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Dec 2016 03:30:24 -0000

On Wed, Dec 14, 2016 at 6:37 PM, Ted Lemon <mellon@fugue.com> wrote:

> Brian, there's no need for the complexity you are describing.   The
> unsecured delegation of .homenet would just point to AS112.   Any trust
> anchor bootstrapping would not involve the root at all.
>

Is the intent just to have a global NXDOMAIN, provided with no DNSSEC?

That works at preventing homenet from working unless every resolver inside
the home network is homenet-aware.
(And yes, I realize as currently specified in RFC 7778, that is a
requirement.)

However, I don't believe that is only (or optimal) path for the homenet.

Their stated goal is that they want everything to work, plug-and-play.

What I'm proposing will (I believe) actually produce a working network as
long as a single resolver is homenet-aware.
It automatically gets non-homenet-aware resolvers to point at homenet-aware
resolvers (ie homenet routers), as long as the default address for homenet
routers' DNS service, is the same as the value assigned in the AS112-like
delegation.

I.e. it turns a broken hybrid of "today" networks plus a "homenet", into a
fully functional homenet with a minimum of
deployments/upgrades/replacements. It also minimizes the "broken Christmas
light" aka "missing terminator" class of problem, if any host is running
its own recursive resolver (which would then fail to properly integrate
into the homenet.)

(Also, I think having things with built-in firmware-based crappy resolvers
actually work without any patching, would be nice.)

I agree that an unsigned delegation is sufficient for non-hybrid
homenet-aware gear to provide hosts a correct homenet experience.

Brian

v2.23.0 | Report a Bug | By Email