IETF Logo Mail Archive

Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]

Mark Andrews <marka@isc.org> Thu, 12 May 2016 02:57 UTC

Return-Path: <marka@isc.org>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FD4E12D0E1 for <homenet@ietfa.amsl.com>; Wed, 11 May 2016 19:57:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.897
X-Spam-Level:
X-Spam-Status: No, score=-7.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fq9EwyH969m6 for <homenet@ietfa.amsl.com>; Wed, 11 May 2016 19:56:59 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BDFF512D0B7 for <homenet@ietf.org>; Wed, 11 May 2016 19:56:59 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id D544E349422; Thu, 12 May 2016 02:56:57 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id B7191160067; Thu, 12 May 2016 02:56:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id A0FBD160079; Thu, 12 May 2016 02:56:57 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Ns8TwIKydO3x; Thu, 12 May 2016 02:56:57 +0000 (UTC)
Received: from rock.dv.isc.org (c122-106-161-187.carlnfd1.nsw.optusnet.com.au [122.106.161.187]) by zmx1.isc.org (Postfix) with ESMTPSA id 266D7160067; Thu, 12 May 2016 02:56:57 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 884C1489E1B3; Thu, 12 May 2016 12:56:53 +1000 (EST)
To: Ted Lemon <mellon@fugue.com>
From: Mark Andrews <marka@isc.org>
References: <6E709688-414A-4AFB-AEAE-56BAE0469583@coote.org> <87oa93vz8e.wl-jch@pps.univ-paris-diderot.fr> <917CFE11-2386-4B0D-8A81-F87764AC09A4@coote.org> <87lh47vtpe.wl-jch@pps.univ-paris-diderot.fr> <02CF43FB-CF81-4C0C-84E1-A8DFB27B3F8C@coote.org> <87lh44fff7.wl-jch@pps.univ-paris-diderot.fr> <48A9C52C-85BC-4123-A3ED-FB269AD03126@iki.fi> <87eg9wfctc.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nq1CTMmQHFQXnaFY73SyRPKpWagiMVfrHODakbeT2Wxw@mail.gmail.com> <87a8kj3r7p.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nN+ih8xpBV_-T_JaGtbBG6d5zYqW==tph8yN_UB34NNw@mail.gmail.com> <56DB4264-1769-443A-86F2-BB0BE0ED9693@ecs.soton.ac.uk> <EMEW3|87dc38b1e390496e02166dafe2490d8as44D0U03tjc|ecs.soton.ac.uk|56DB4264-1769-443A-86F2-BB0BE0ED9693@ecs.soton.ac.uk> <57333B3F.7000009@globis.net> <CC759790-4F9B-47B8-A42C-A85F78AC9773@jisc.ac.uk> <57335AB6.8060305@globis.net> <87mvnwh81u.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nu98pXdDzVgZ2yW7xe8mwA=O+zmoGS8XLs_NLbNUaKFQ@mail.gmail.com> <CAPt1N1n_-XrLtqm_sKGqaH Pw1q4pgKyir-bvv=cbwE_vgHDPMA@mail.gmail.com> <87inykh6n9.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1kSKEqjsG5KN165h6YUALbY4eeRYb3Y_9ye3mN_RSnbyg@mail.gmail.com> <87d1osh39h.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1ksB1wCEfjqCVAn_Eca4Bh5vPy3SEO3bBGOWHJfX6zXxg@mail.gmail.com> <878tzgh17r.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1kGtUGP68e44FOH6yuw0AvDmK8A4bNW+1YpXv31ywzvQw@mail.gmail.com> <8737pogv92.wl-jch@pps.univ-paris-diderot.fr> <20160512003356.B79B2489A437@rock.dv.isc.org> <CAPt1N1nOFM5cQd+WXTtJR9-Gg=ztyCeDqC7RRFhcfhzyGZX-zg@mail.gmail.com>
In-reply-to: Your message of "Wed, 11 May 2016 21:53:42 -0400." <CAPt1N1nOFM5cQd+WXTtJR9-Gg=ztyCeDqC7RRFhcfhzyGZX-zg@mail.gmail.com>
Date: Thu, 12 May 2016 12:56:53 +1000
Message-Id: <20160512025653.884C1489E1B3@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/1f8ZsDuVnpE1RZbGKfGJrsJciHY>
Cc: "homenet@ietf.org" <homenet@ietf.org>, Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr>
Subject: Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2016 02:57:01 -0000

In message <CAPt1N1nOFM5cQd+WXTtJR9-Gg=ztyCeDqC7RRFhcfhzyGZX-zg@mail.gmail.com>, Ted Lemon writes:
> You don't even need SIG(0) to get the level of security that mDNS provides.
> And SIG(0) doesn't work right now, because it relies on an older version
> of DNSSEC keys.   Remember the flag day?

DNSSEC depends on DNSKEY as of RFC 403[345]
SIG(0) depends on KEY.

The flag day seperated DNSSEC from other uses of KEY.  It did not
say "stop using KEY for everything" just for DNSSEC.

Mark

> On Wed, May 11, 2016 at 8:33 PM, Mark Andrews <marka@isc.org> wrote:
> 
> >
> > SIG(0) works fine for DDNS once you have a KEY record installed in
> > the DNS.
> >
> > KEY can be installed on a "add if name does not exist basis" for
> > forward zone and add if TCP self (owner name is the matching
> > in-addr.arpa/ip6.arpa name of the TCP source address) is true for
> > the reverse zones.  This requires policy enforcement in the server
> > but is do able.  nameservers already have policy rules (e.g. tcp-self
> > has existed for years in named).  Adding more is not a hard thing
> > to do.
> >
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
> >
> 
> --001a11c26b2ae5fabf05329b6f8a
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> 
> <div dir=3D"ltr">You don&#39;t even need SIG(0) to get the level of securit=
> y that mDNS provides. =C2=A0 And SIG(0) doesn&#39;t work right now, because=
>  it relies on an older version of DNSSEC keys. =C2=A0 Remember the flag day=
> ?</div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Wed, Ma=
> y 11, 2016 at 8:33 PM, Mark Andrews <span dir=3D"ltr">&lt;<a href=3D"mailto=
> :marka@isc.org" target=3D"_blank">marka@isc.org</a>&gt;</span> wrote:<br><b=
> lockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px =
> #ccc solid;padding-left:1ex"><br>
> SIG(0) works fine for DDNS once you have a KEY record installed in<br>
> the DNS.<br>
> <br>
> KEY can be installed on a &quot;add if name does not exist basis&quot; for<=
> br>
> forward zone and add if TCP self (owner name is the matching<br>
> in-addr.arpa/ip6.arpa name of the TCP source address) is true for<br>
> the reverse zones.=C2=A0 This requires policy enforcement in the server<br>
> but is do able.=C2=A0 nameservers already have policy rules (e.g. tcp-self<=
> br>
> has existed for years in named).=C2=A0 Adding more is not a hard thing<br>
> to do.<br>
> <span class=3D"HOEnZb"><font color=3D"#888888"><br>
> --<br>
> Mark Andrews, ISC<br>
> 1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
> PHONE: <a href=3D"tel:%2B61%202%209871%204742" value=3D"+61298714742">+61 2=
>  9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
> =A0INTERNET: <a href=3D"mailto:marka@isc.org">marka@isc.org</a><br>
> </font></span></blockquote></div><br></div>
> 
> --001a11c26b2ae5fabf05329b6f8a--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email