IETF Logo Mail Archive

Re: [Geopriv] Security considerations for LIS discovery

Ray Bellis <Ray.Bellis@nominet.org.uk> Tue, 25 May 2010 13:57 UTC

Return-Path: <Ray.Bellis@nominet.org.uk>
X-Original-To: geopriv@core3.amsl.com
Delivered-To: geopriv@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5C93A3A6BCF for <geopriv@core3.amsl.com>; Tue, 25 May 2010 06:57:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.142
X-Spam-Level:
X-Spam-Status: No, score=-9.142 tagged_above=-999 required=5 tests=[AWL=-0.032, BAYES_05=-1.11, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 59866xQZVO-d for <geopriv@core3.amsl.com>; Tue, 25 May 2010 06:57:41 -0700 (PDT)
Received: from mx3.nominet.org.uk (mx3.nominet.org.uk [213.248.199.23]) by core3.amsl.com (Postfix) with ESMTP id C29C93A6B8B for <geopriv@ietf.org>; Tue, 25 May 2010 06:57:40 -0700 (PDT)
DomainKey-Signature: s=main.dk.nominet.selector; d=nominet.org.uk; c=nofws; q=dns; h=X-IronPort-AV:Received:Received:Received:From:To:Subject: Thread-Topic:Thread-Index:Date:Message-ID:In-Reply-To: Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:Content-Type:Content-ID: Content-Transfer-Encoding:MIME-Version:Return-Path; b=V0CpZ3ONjzWM/rZxAW8p4mfL7m55zp4kCfoy7wsnv5B9U7LgqJsRjXG3 /Rj2e9VRxb4EXyZb65kdpu5Dr3tcHIEYeL7C5q/iWns4rDURMq7WFh/mD yyZIwHCsfrqgK/Z;
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nominet.org.uk; i=Ray.Bellis@nominet.org.uk; q=dns/txt; s=main.dkim.nominet.selector; t=1274795853; x=1306331853; h=from:sender:reply-to:subject:date:message-id:to:cc: mime-version:content-transfer-encoding:content-id: content-description:resent-date:resent-from:resent-sender: resent-to:resent-cc:resent-message-id:in-reply-to: references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:list-owner:list-archive; z=From:=20Ray=20Bellis=20<Ray.Bellis@nominet.org.uk> |Subject:=20Re:=20[Geopriv]=20Security=20considerations =20for=20LIS=20discovery|Date:=20Tue,=2025=20May=202010 =2013:57:23=20+0000|Message-ID:=20<C82195D3.5660%ray.bell is@nominet.org.uk>|To:=20Brian=20Rosen=20<br@brianrosen.n et>,=20"geopriv@ietf.org"=20<geopriv@ietf.org> |MIME-Version:=201.0|Content-Transfer-Encoding:=20quoted- printable|Content-ID:=20<52a6035e-efe1-4a45-80b6-ddc2267c e38a>|In-Reply-To:=20<C8214745.35A18%br@brianrosen.net>; bh=iI77T+DjHlg0/5eGPjH9T6EF6f2KDxyRHne/i92CX2w=; b=UYka0u0Q6W4cdlCLCIaUAqIRW5OGWJIgatA10u0jDk5ab9EZBDfajktc OLCvVU6rmM0kp7Lv4EXJZBR6sI1ZBtGdPNsU9ywgjkvn9fZmB6dFUV8R6 zYzPIULqdXEo/OU;
X-IronPort-AV: E=Sophos;i="4.53,298,1272841200"; d="scan'208";a="24509741"
Received: from wds-exc1.okna.nominet.org.uk ([213.248.197.144]) by mx3.nominet.org.uk with ESMTP; 25 May 2010 14:57:27 +0100
Received: from BDC-WDS-EXC1.okna.nominet.org.uk (2002:d5f8:c592::d5f8:c592) by wds-exc1.okna.nominet.org.uk (2002:d5f8:c590::d5f8:c590) with Microsoft SMTP Server (TLS) id 14.0.639.21; Tue, 25 May 2010 14:57:27 +0100
Received: from WDS-EXC1.okna.nominet.org.uk ([fe80::1593:1394:a91f:8f5f]) by bdc-wds-exc1.okna.nominet.org.uk ([fe80::784f:9067:6a1a:ab8f%18]) with mapi; Tue, 25 May 2010 14:57:27 +0100
From: Ray Bellis <Ray.Bellis@nominet.org.uk>
To: Brian Rosen <br@brianrosen.net>, "geopriv@ietf.org" <geopriv@ietf.org>
Thread-Topic: [Geopriv] Security considerations for LIS discovery
Thread-Index: AQHK+2YNa9zoPmAj/UmRts4qaKobzpJgx1EAgABb/wCAAO+zgIAAGpeA
Date: Tue, 25 May 2010 13:57:23 +0000
Message-ID: <C82195D3.5660%ray.bellis@nominet.org.uk>
In-Reply-To: <C8214745.35A18%br@brianrosen.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <52a6035e-efe1-4a45-80b6-ddc2267ce38a>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Geopriv] Security considerations for LIS discovery
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/geopriv>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2010 13:57:42 -0000

On 25/05/2010 14:22, "Brian Rosen" <br@brianrosen.net> wrote:

> I am struggling a bit in understanding the problem.
> 
> Let¹s start with why DHCP returns example.net and UNAPTR leads to
> lis.example.com.  Why is that not fixable?  What is hard about getting
> consistency in the domain names?

An ISP might have N customers for whom they run a LIS, but each of those
customers has their own domain name.

For provisioning purposes the customers would rather have the DHCP server
configured with a name that's under their control, with a NAPTR in their
(internal?) DNS pointing at their upstream LIS.  The redirection might be
done directly, or they might use a non-terminal NAPTR pointing at
"lis.example.net". Then when they change ISP they only need change a single
DNS entry.

Also, please note that for the reverse-DNS mechanism proposed in
draft-thomson-geopriv-res-gw-lis-discovery there's no choice but to use the
domain name returned in the LIS URI - we certainly couldn't use
"z.y.x.w.in-addr.arpa".

Ray

v2.23.0 | Report a Bug | By Email