IETF Logo Mail Archive

Re: [homenet] WGLC on "redact" and "homenet-dot"

Ted Lemon <mellon@fugue.com> Mon, 12 December 2016 15:47 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F340129CA7 for <homenet@ietfa.amsl.com>; Mon, 12 Dec 2016 07:47:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id evGqVGENAsMk for <homenet@ietfa.amsl.com>; Mon, 12 Dec 2016 07:47:25 -0800 (PST)
Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6988129CA5 for <homenet@ietf.org>; Mon, 12 Dec 2016 07:47:06 -0800 (PST)
Received: by mail-wm0-x233.google.com with SMTP id a197so67312479wmd.0 for <homenet@ietf.org>; Mon, 12 Dec 2016 07:47:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=6rh1bBzKgfExd3LLkiGH4UJs0TiJBQmNd7bs4e3zgSk=; b=q0Y3oCO8Wc0QNtZNTPvgGv21ZuNM+IoOnMWiFHzoOpKaCAPjPSeWtoct2GpkxQJfz/ rY1UHs5nIYTG//n6mUk3i5qxTI/8ELyYha5tHgd8GZi0gYnAolxClFuL4RkSQRhvDhwW y8LrAhTk+wJqYmOcyD8dQZYmCOZICY0djtfWYnc1Ycqb6P56/BWz0BrNwNTvdbW5B/mE ASrYZRsVfm/5VcwgHbeTgXM9DvL6TI8SV6LAxqenEKFVuVTQWAEdLgmG1xqblU3P3p4Q ba6jIZDcOqSpw+dgOVTtTtqpOAsLCyvWaxhTs7iyyLnH1oQoD3dPhJoSoC1IlO0rRGNu BUNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=6rh1bBzKgfExd3LLkiGH4UJs0TiJBQmNd7bs4e3zgSk=; b=LPceTGnaFNsqBKkuokN3M9VzIffaXWWWWLNBh0K2NFeobwOihRBwjKT7/Kuctak3Ln LoLIMh5DPQtjR/WAy89xvR5HtKTsUsWqUXev3FGaw7ErtP8+YCQSChBIYdnbsSb6Ws8q oghlYtzGPFcWyt2byewmcoASnHADxhgJm6wwvhLCn+VH1wR2ba7/8m5NKow2VpTepedF ITwbcmhHTWcMDqy7KOOZvrU8k04EIkv3g3ctYOHIY23njEMB19VLZhsL0sRMufCXnGuN WSPj5O55KnXBOglcEhK0Ku7kwhh6rikXoVkr9U+QtY9Us2ODaCeGlUW1oiExZgqJQ5Oc 99Yw==
X-Gm-Message-State: AKaTC03xxeNxgUKwK3kMrn1Hj1ubMPsPP0njpBn27yqAS7GQnrxUn2+hTZTtUGDBDeg6TOAV1JBwYt5s7qEz7A==
X-Received: by 10.25.44.145 with SMTP id s139mr31136503lfs.176.1481557624976; Mon, 12 Dec 2016 07:47:04 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.165.8 with HTTP; Mon, 12 Dec 2016 07:46:24 -0800 (PST)
In-Reply-To: <9fe0e34d-51e9-bdf3-a650-d8b3681f1cd8@bellis.me.uk>
References: <4ab2a538-603e-4e7a-3be9-ad75ed459006@bellis.me.uk> <B192A1B3-03FF-43D1-AD30-12BBA2D65DF0@gmail.com> <9fe0e34d-51e9-bdf3-a650-d8b3681f1cd8@bellis.me.uk>
From: Ted Lemon <mellon@fugue.com>
Date: Mon, 12 Dec 2016 10:46:24 -0500
Message-ID: <CAPt1N1=Z2xERw68-=iFGgYYnEO3eDW-8tvhmTmaf4+vU-24grQ@mail.gmail.com>
To: HOMENET <homenet@ietf.org>
Content-Type: multipart/alternative; boundary="001a1141021cf38c2a054378035f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/8cfJkr7SPMaPS4BD9YzZ-Hi73yg>
Subject: Re: [homenet] WGLC on "redact" and "homenet-dot"
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2016 15:47:28 -0000

One thing that I think the working group should be aware of, although I
don't know if this awareness will change anything, is that the situation
with the .homenet allocation is less simple than we would prefer: it's not
really simply a matter of adding .homenet to the special use domain names
registry.   The reason is that we need DNS resolution to work properly for
domains under .homenet, and this has to work even if a host is doing DNSSEC
validation.

At present, if you were to configure a homenet router with .home or
.homenet as the local domain, this would work perfectly nicely until you
turned on DNSSEC validation, at which point all the names in either
hierarchy would disappear.   The reason for this is that the root zone
provides proof of nonexistence for nonexistent names in that zone.

It is possible to address this problem by requesting ICANN to put an
insecure delegation in the root zone.   The problem is that from a process
perspective, this is a _lot_ more heavyweight than doing a special-use
domain name allocation, and has no guarantee of success.   This wasn't such
an issue for .onion when we did it, because .onion _wants_ a secure denial
of existence--we _never_ want a .onion query to actually happen if the name
has been handed to a resolver that doesn't understand .onion explicitly.
This is not true for .homenet.

There are two approaches we can take to this.   One is to proceed--ask
ICANN to do the delegation and see what happens.   The other is to take the
more expedient, less satisfying approach: use .home.arpa instead of
.homenet.   I'm not in love with this as an end solution, but it has the
advantage that the IAB controls .arpa, and so we can get an unsecure
delegation right away assuming the IAB agrees.   I see no reason to think
they would not.   It's a bit more typing, and there is the problem that the
fourth google result for arpa is "Advanced Research Projects Agency.   But
it would work, and quickly, and would keep the whole process in the family.

The other alternative is to continue with the original plan: do the
special-use names registry allocation, and send a liason to ICANN asking
them to do the unsecure delegation.   The downside to this approach is that
we won't know whether the outcome will be success or failure for a long
time, possibly several years.   And the outcome could very well be failure.
  The upside is that we get the name we all want; the downside is that we
are a long way down the road with no win.

I should point out that whichever way we go, we already have solved the
immediate problem: we have a name that HNCP can use, the potential
liability for IETF is dealt with, and our prototypes can be made to work.
So I am personally okay with either decision.   Our AD, Terry, may have
more of a sense of what ICANN will do (but to some extent he really can't
know, because it's up to committees within ICANN to actually make this
decision).   I'm mentioning this now not to derail the process, but simply
to make it really clear what our expectations should be.   The reason that
this didn't come up in Seoul is that it didn't actually click for me that
we had a serious problem until several of us were chatting on the way out
of the room, after the working group had already decided to proceed.

On Thu, Dec 1, 2016 at 9:02 AM, Ray Bellis <ray@bellis.me.uk> wrote:

>
>
> On 21/11/2016 13:25, Ralph Droms wrote:
> > (Updated comments on draft-ietf-homenet-dot originally posted prior to
> the WG last call)
>
> Thanks Ralph.
>
> I'd like to remind the WG that the LC is due to run until Friday
> December 16th, so please anyone else with comments please get them in.
>
> Ray
>
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
>

v2.23.0 | Report a Bug | By Email