IETF Logo Mail Archive

Re: [homenet] Adam Roach's No Objection on draft-ietf-homenet-dot-12: (with COMMENT)

Adam Roach <adam@nostrum.com> Tue, 29 August 2017 03:19 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7888D132661; Mon, 28 Aug 2017 20:19:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.878
X-Spam-Level:
X-Spam-Status: No, score=-1.878 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jNXuUkXP8Wi7; Mon, 28 Aug 2017 20:19:04 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74CDA1321AC; Mon, 28 Aug 2017 20:19:04 -0700 (PDT)
Received: from Svantevit.roach.at (cpe-70-122-154-80.tx.res.rr.com [70.122.154.80]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v7T3Iu1h048456 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 28 Aug 2017 22:18:59 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-154-80.tx.res.rr.com [70.122.154.80] claimed to be Svantevit.roach.at
To: Ted Lemon <ted.lemon@nominum.com>
Cc: draft-ietf-homenet-dot@ietf.org, homenet-chairs@ietf.org, homenet@ietf.org, The IESG <iesg@ietf.org>, Ray Bellis <ray@bellis.me.uk>
References: <150395805175.13203.12325524217824839037.idtracker@ietfa.amsl.com> <6A42DD6D-CE4C-4172-BE83-C0A259A4368D@nominum.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <cb24440c-142d-b13f-9eea-8395ca6ac0db@nostrum.com>
Date: Mon, 28 Aug 2017 22:18:56 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <6A42DD6D-CE4C-4172-BE83-C0A259A4368D@nominum.com>
Content-Type: multipart/alternative; boundary="------------C02325CF1CE4AAAE5D397158"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/CFpLV2H91WKYLjyegdaq_5RfVx8>
Subject: Re: [homenet] Adam Roach's No Objection on draft-ietf-homenet-dot-12: (with COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2017 03:19:07 -0000

On 8/28/17 5:29 PM, Ted Lemon wrote:
> El Aug 28, 2017, a les 6:07 PM, Adam Roach <adam@nostrum.com 
> <mailto:adam@nostrum.com>> va escriure:
>> Section 4 contains a list that it describes as defining "the behavior 
>> of [DNS]
>> systems". Item number 7 seems to be something else: I don't know what 
>> code or
>> configuration would result from this statement. Maybe move this item 
>> to section
>> 3?
>
> This is the format that RFC 6761 requires us to follow, which is why 
> it's being done this way.   I think the text makes sense if you read 
> it with the RFC 6761 list of criteria in section 5 in mind.   So I 
> don't think it makes sense to move it, although I agree it scans a bit 
> strangely. :)

Oh! That makes a lot more sense -- I should have chased down that 
section in 6761. I think what's tripping me up is the introduction in 
the homenet-dot draft: "This section defines the behavior of systems 
involved in domain name resolution when resolving queries for names 
ending with '.home.arpa.' (as per [RFC6761])." -- it would be clearer if 
it said something more like "This section reserves the '.home.arpa.' 
subdomain according to the procedures outlined in [RFC6761] section 4."

(I'll also note that 6761 appears to require this to be "a subsection of 
the 'IANA Considerations' section", so you might consider moving it 
accordingly -- this would have been somewhat less confusing if it were 
clearer that it's part of the registration process, which putting it in 
the 'IANA Considerations' section would have done.)
>
>> With the explanation in section 6:
>>
>>   it may be useful for the resolver to identify different
>>   homenets on which it has resolved names
>>
>> Doesn't this mitigation in the security section require name resolution
>> libraries to recognize names that end in ".home.arpa." as special so 
>> that it
>> can treat them differently?
>
> Section 6 is talking about future work.   If we come up with a way to 
> do this, then it would update this document, changing the normative 
> requirement.


To me, this reads as something that could be done unilaterally by the 
local resolver according to their own reasonable notion of what the 
proper mitigations might be here. I would suggest rephrasing to make it 
clearer that this suggestion pertains to _future_ work; e.g., "To 
prevent this from happening, future documents may define behavior that 
allows resolvers to identify and distinguish among different homenets on 
which they have resolved names, and take appropriate measures to avoid 
such confusion."


/a

v2.23.0 | Report a Bug | By Email