Re: [homenet] WGLC started
Daniel Migault <mglt.ietf@gmail.com> Thu, 13 May 2021 18:25 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66DCF3A108B for <homenet@ietfa.amsl.com>; Thu, 13 May 2021 11:25:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a-gt_Mehj52X for <homenet@ietfa.amsl.com>; Thu, 13 May 2021 11:25:44 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8970B3A1085 for <homenet@ietf.org>; Thu, 13 May 2021 11:25:44 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id c10so10637630qtx.10 for <homenet@ietf.org>; Thu, 13 May 2021 11:25:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=6JcJaFCkXK9gTLay5Z94TGqqcadqkQr3VY7Mqug8kyw=; b=ZZw8KkcQdGe3j3OWSTIWUimkV5xVIEYe8OqWynC8bPVCU2FYYOGVEeRtbATg/4BFhA QPMo8iwk1FGM/EZvjOaMmwNGbeXHPvn/lJdyZGAb+35MPt4qbaBj5F87EHEeRAcpQaar pps/2OqQOLh58P8J+KOjUAsdXn0WrfS4NpJ+spCPPR4UForcwFC37Bie9xGPjwFGHY6e eprYVwNMIPBAuioBoRbzaIzqNTv5LyO5vh+n3JhJVtk+ONwwkVUzIeU9yBecyU5q3lsZ oHOfWWmlDyASs3PxWjsJmBBV2I2aGpIwWVn923yy/wSllY43mgiUGcqkpyNhCMCKVtzb T/Zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=6JcJaFCkXK9gTLay5Z94TGqqcadqkQr3VY7Mqug8kyw=; b=BEEWNPatDW39btpBtVAUrVfgHJBTLUXCmY3cd7et8gTq7rIz7w2mOvN00vQyendTJM m/xWQwe1vtUhOb1bJ+oqfTWqvglV+FW2eP/QzCTsD+J1xPVm/EOlA37EPdUxvPeXGYtC xor6Ortj6cMyfjRsieMxHjpyIyiQ/utqmyL148tyAFWPRllgLxv9TDRegAOLPDvPWolm Mzvo2wKbCkbovJ+fZ0YGxiipfsJNW0Dp9R8Ew1aFapDsWXvbvRTto3XS/zhRQKSs4g7e UZaI8sdBfkNkE/nv36KvPqIWYfI7THqIl2GAAzY6Ip3pQw9wxfRHpVXjVmNDS/miAasl lCVA==
X-Gm-Message-State: AOAM532M105L1QU1VNLNHZosJ26G6GObTrn7SQ9VmZ79mXqBMg2Wlskg d60rH10f3FeV77O728r4H3ikiBrD6+kWA798BZU=
X-Google-Smtp-Source: ABdhPJyL16e7jqDesGYX58BAjltOeDQrI+YjGeXf7EP5xMSI5q20jQ4SwNDxft79vS1DhASHBFseDAuLUM2ndKrRTPc=
X-Received: by 2002:a05:622a:11cd:: with SMTP id n13mr11751605qtk.37.1620930343286; Thu, 13 May 2021 11:25:43 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR02MB69243F66EA3010341B40C6CFC35A9@DM6PR02MB6924.namprd02.prod.outlook.com> <23140_1620218014_6092909E_23140_52_1_787AE7BB302AE849A7480A190F8B933035376EDF@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <23140_1620218014_6092909E_23140_52_1_787AE7BB302AE849A7480A190F8B933035376EDF@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Thu, 13 May 2021 14:25:32 -0400
Message-ID: <CADZyTkkTS=r1sgDedXKcqMDnHgABMV=5ZZv9nsPZF5DvHMyoPA@mail.gmail.com>
To: Mohamed Boucadair <mohamed.boucadair@orange.com>
Cc: "homenet@ietf.org" <homenet@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000513bcb05c23a4110"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/BQriO9RSJV_L2e5ze5f2MoebkLU>
Subject: Re: [homenet] WGLC started
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2021 18:25:50 -0000
Hi Med, Thanks for the very careful review of the HNA architecture. I believe the new published version addresses your concerns but please find some complementary responses. Yours, Daniel IPv6 connectivity provides the possibility of global end to end IP connectivity. [BMT2]: As firewalls may be enabled on the RG, the same issues as per IPv4 will be encountered (need to open pinholes). There is also a requirement on stable IP addresses, unless a mechanism is enabled to update the records dynamically. > I agree with the comment, but I think that IPv6 and the use of global IP addresses ease the end to end connectivity. It is not impossible with IPv4 but way more difficult than just opening an IP address. This is also correct: the mechanism provides the zone to be dynamically sync. Currently, I think it is better to keep that sentence. Now going to the next comment I have the impression the removal was requested to avoid redundancies. 3. {{!RFC7368}} emphasizes that the home network is subject to connectivity disruptions with the ISP. But, names used within the home MUST be resilient against such disruption. [BMT5]: The LAN connectivity is resilient against WAN failure. Reaching a device based on a local name is just factural. > Correct. Here we were listing the constraints of the homenet. I think the comment is addressed by the sentence right after the enumeration: This specification makes the public names resolvable within both the home network and on the Internet, even when there are disruptions. [BMT6]: Unless you define what is meant by a “public name” vs. “private name”. We clarified the public name is the name of the device by which it is reachable from outside as well as from within the home network. [BMT8]: Also, please note that rfc6092 says the following: “REC-8: By DEFAULT, inbound DNS queries received on exterior interfaces MUST NOT be processed by any integrated DNS resolving server.” > I think that is interesting but I am not sure this is clarifying. This case is considered bad in our scenario since it exposes the interface on the interface. We have never - at least in my case - considered having a single server inside and outside, so I prefer not to introduce this potential confusion. [BMT12]: Why not other device identifiers? [BMT14]: How is this known/configured? Or do you expect this to be handled by an administrator. That said, I don’t see this as case is worth to be discussed here as VPN setups do not involve CPEs. > The type of IP address is expected to be selected by the administrator which will determine what can be outsourced to the DOI. The idea of the VPN was to mention that there are some cases where non global IP addresses may be published globally. [BMT17]: I’m not sure this is needed. > The section is not intended to describe an alternative way, it is expected to position the architecture toward what is believed to be a more common mechanism. [BMT18]: How this is supposed to work for IPv4 even when no failure is experienced? I’m asking this as given that the same IP address is shared and that a port number is needed to map to an internal host. The CPE should be involved, otherwise failures will be observed. > I now understand the earlier comments. The scope of homenet is IPv6 so we were basically translating the mechanism to IPv6 use case. I clarified this, but did not consider the IPv4 issues. """On the other hand, to provide resilience to the Public Homenet Zone in case of WAN connectivity disruption, the Homenet DNSSEC Resolver SHOULD be able to perform the resolution on the Homenet Authoritative Servers. These servers are not expected """ [BMT21]: MUST? I understand why MUST is suggested. The reason It would rather stay with SHOULD is that it is not given that homenet have authoritative servers. """ How the Homenet Authoritative Servers are provisioned is also out of scope of this specification. It could be implemented using primary and secondary servers, or via rsync. In some cases, the HNA and Homenet Authoritative Servers may be combined together which would result in a common instantiation of an authoritative server on the WAN and inner homenet interface. Note that {{?RFC6092}} REC-8 states this must not be the default configuration. Other mechanisms may also be used. """ > I added the reference to RFC6092 there. """communications between the HNA and the DM SHOULD be protected and...""" [BMT23]: MUST? > For the reverse zone, there are some situations where the use of strong authentication may not necessarily be needed. We however updated it to MUST to avoid specific unsecured implementations to be deployed. On Wed, May 5, 2021 at 8:33 AM <mohamed.boucadair@orange.com> wrote: > Hi all, > > FWIW, some comments to be considered by the authors as part the WGLC can > be seen at: > > * draft-ietf-homenet-naming-architecture-dhc-options: > - pdf: > https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/draft-ietf-homenet-naming-architecture-dhc-options-12-rev%20Med.pdf > - doc: > https://github.com/boucadair/IETF-Drafts-Reviews/raw/master/draft-ietf-homenet-naming-architecture-dhc-options-12-rev%20Med.docx > > * draft-ietf-homenet-front-end-naming-delegation: > - pdf: > https://github.com/boucadair/IETF-Drafts-Reviews/blob/master/draft-ietf-homenet-front-end-naming-delegation-14-rev%20Med.pdf > - doc: > https://github.com/boucadair/IETF-Drafts-Reviews/raw/master/draft-ietf-homenet-front-end-naming-delegation-14-rev%20Med.docx > > > Cheers, > Med > > > -----Message d'origine----- > > De : dns-privacy [mailto:dns-privacy-bounces@ietf.org] De la part de > > STARK, BARBARA H > > Envoyé : mardi 4 mai 2021 15:56 > > À : 'homenet@ietf.org' <homenet@ietf.org> > > Cc : 'dhcwg@ietf.org' <dhcwg@ietf.org>; 'dns-privacy@ietf.org' <dns- > > privacy@ietf.org>; 'int-area@ietf.org' <int-area@ietf.org> > > Objet : [dns-privacy] WGLC started > > > > Hi homenet, intarea, dhc, and dprive, > > Homenet has started WGLC for draft-ietf-homenet-front-end-naming- > > delegation-14 and draft-ietf-homenet-naming-architecture-dhc-options- > > 12. > > > > https://datatracker.ietf.org/doc/draft-ietf-homenet-front-end-naming- > > delegation/ (Simple Provisioning of Public Names for Residential > > Networks) https://datatracker.ietf.org/doc/draft-ietf-homenet-naming- > > architecture-dhc-options/ (DHCPv6 Options for Home Network Naming > > Authority) > > > > We're including intarea, dhc, and dprive to get a slightly wider > > audience for the technical aspects of these drafts (dhc is > > specifically asked to look at the dhc-options draft). > > The drafts do also need some editorial fixing-up. I'll be focusing on > > that so the technical experts can focus on the technical aspects. > > > > I've made the WGLCs for 3 weeks instead of the normal 2. I'm doing > > this because > > - we're reaching out to WGs that haven't seen this before and asking > > them for comments > > - there are 2 drafts > > - I'm on vacation next week and was getting stressed out by > > everything I need to get done by this Friday > > > > The meeting minutes (from the homenet April 23 interim) list intarea, > > dprive, and dhc as other groups to request comments from. Is this the > > right list? Are there others? > > Please let me know if I should broaden this. > > Thx, > > Barbara > > > > _______________________________________________ > > dns-privacy mailing list > > dns-privacy@ietf.org > > https://www.ietf.org/mailman/listinfo/dns-privacy > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations > confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez > recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages > electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou > falsifie. Merci. > > This message and its attachments may contain confidential or privileged > information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and > delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been > modified, changed or falsified. > Thank you. > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > -- Daniel Migault Ericsson
- [homenet] WGLC started STARK, BARBARA H
- Re: [homenet] WGLC started mohamed.boucadair
- Re: [homenet] WGLC started Daniel Migault
- Re: [homenet] WGLC started Daniel Migault
- Re: [homenet] WGLC started Daniel Migault