Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]

Ted Lemon <mellon@fugue.com> Thu, 12 May 2016 01:54 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1145C12D58E for <homenet@ietfa.amsl.com>; Wed, 11 May 2016 18:54:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nxYU8BMll1qq for <homenet@ietfa.amsl.com>; Wed, 11 May 2016 18:54:27 -0700 (PDT)
Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A848F12D17F for <homenet@ietf.org>; Wed, 11 May 2016 18:54:24 -0700 (PDT)
Received: by mail-lb0-x230.google.com with SMTP id jj5so4005734lbc.0 for <homenet@ietf.org>; Wed, 11 May 2016 18:54:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=kmlWgxVn3IzC0d/AotDvaBsMk7ol8AA+0N2oOpPe+kY=; b=1/+RBVzb2FxDXdHYhV+o7j5lvalB9sy2GYXQo9N8OgKOuHgmus/7/RizAN/L4juy38 uXSz9BtczQrJBQWMnePN1hWO8GkwblIhg0dl8gDvxY9SdMF8xJ6u1lG1YMwuyQnqnmvE VAvV8ANKzQkxk/MEsV4EqE3yPGXF6Ebg5kE7DVhWuWwVpiUTtWvdcamBaUzAOhFonF66 xZxdkw7LyG3YNa14iU/aELN15mbU4csFrQcormBL82d333S50g7SLQPncyhu9ZmeEgw5 8MBJKppqjFsLAJCOn+SVAxCxyl9PPfNmequtgbrTSfGrTSs3KGchn9V7R6cTtZB8Kl3A X8hQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=kmlWgxVn3IzC0d/AotDvaBsMk7ol8AA+0N2oOpPe+kY=; b=AU4x4+U/eYrZ8nQkhqeUi2moHBseWuV4PuWz6lQWxZseyjkjhdkahdk73iTFpGeJDW xyHB7TCArCvXap7zz2bI8Y1SPEMhP/ZZyr9m1oA1na0U1GqWWexNhivKcaJ+teHitY0T /IdIdV8ys5ugXy8AckfQgpN+7kw5YU9R1crxmAp5Ww8aE9s79D5WHdRlEcdI9seCENE2 0o6MxqC+OLVMtWmZiEJ08wB+TegxIzCs6S4uh5IcCEF1//L9/mJAAQQpbqiZYv0Xmk/u TNTJrPHnsllOhQbvZcbF7pexQaB/HYCxVexlSBxZX34xllEq803LYREINSnXSGz21Soz FzKQ==
X-Gm-Message-State: AOPr4FWgiLcf5GuDyR3uq3XgKjA+/i9Fs9PKpXchPsxelWf9qU3R483fAtEFcVTny0Rh1A0Wxn6g3fQX4YEGgA==
X-Received: by 10.112.161.41 with SMTP id xp9mr3036304lbb.133.1463018062209; Wed, 11 May 2016 18:54:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.153.135 with HTTP; Wed, 11 May 2016 18:53:42 -0700 (PDT)
In-Reply-To: <20160512003356.B79B2489A437@rock.dv.isc.org>
References: <6E709688-414A-4AFB-AEAE-56BAE0469583@coote.org> <87oa93vz8e.wl-jch@pps.univ-paris-diderot.fr> <917CFE11-2386-4B0D-8A81-F87764AC09A4@coote.org> <87lh47vtpe.wl-jch@pps.univ-paris-diderot.fr> <02CF43FB-CF81-4C0C-84E1-A8DFB27B3F8C@coote.org> <87lh44fff7.wl-jch@pps.univ-paris-diderot.fr> <48A9C52C-85BC-4123-A3ED-FB269AD03126@iki.fi> <87eg9wfctc.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nq1CTMmQHFQXnaFY73SyRPKpWagiMVfrHODakbeT2Wxw@mail.gmail.com> <87a8kj3r7p.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nN+ih8xpBV_-T_JaGtbBG6d5zYqW==tph8yN_UB34NNw@mail.gmail.com> <56DB4264-1769-443A-86F2-BB0BE0ED9693@ecs.soton.ac.uk> <EMEW3|87dc38b1e390496e02166dafe2490d8as44D0U03tjc|ecs.soton.ac.uk|56DB4264-1769-443A-86F2-BB0BE0ED9693@ecs.soton.ac.uk> <57333B3F.7000009@globis.net> <CC759790-4F9B-47B8-A42C-A85F78AC9773@jisc.ac.uk> <57335AB6.8060305@globis.net> <87mvnwh81u.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nu98pXdDzVgZ2yW7xe8mwA=O+zmoGS8XLs_NLbNUaKFQ@mail.gmail.com> <CAPt1N1n_-XrLtqm_sKGqaHPw1q4pgKyir-bvv=cbwE_vgHDPMA@mail.gmail.com> <87inykh6n9.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1kSKEqjsG5KN165h6YUALbY4eeRYb3Y_9ye3mN_RSnbyg@mail.gmail.com> <87d1osh39h.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1ksB1wCEfjqCVAn_Eca4Bh5vPy3SEO3bBGOWHJfX6zXxg@mail.gmail.com> <878tzgh17r.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1kGtUGP68e44FOH6yuw0AvDmK8A4bNW+1YpXv31ywzvQw@mail.gmail.com> <8737pogv92.wl-jch@pps.univ-paris-diderot.fr> <20160512003356.B79B2489A437@rock.dv.isc.org>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 11 May 2016 21:53:42 -0400
Message-ID: <CAPt1N1nOFM5cQd+WXTtJR9-Gg=ztyCeDqC7RRFhcfhzyGZX-zg@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Content-Type: multipart/alternative; boundary=001a11c26b2ae5fabf05329b6f8a
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/HYUZ5d5vSt4ea3maou7uWj6Nn94>
Cc: "homenet@ietf.org" <homenet@ietf.org>, Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr>
Subject: Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 May 2016 01:54:29 -0000

You don't even need SIG(0) to get the level of security that mDNS provides.
  And SIG(0) doesn't work right now, because it relies on an older version
of DNSSEC keys.   Remember the flag day?

On Wed, May 11, 2016 at 8:33 PM, Mark Andrews <marka@isc.org>; wrote:

>
> SIG(0) works fine for DDNS once you have a KEY record installed in
> the DNS.
>
> KEY can be installed on a "add if name does not exist basis" for
> forward zone and add if TCP self (owner name is the matching
> in-addr.arpa/ip6.arpa name of the TCP source address) is true for
> the reverse zones.  This requires policy enforcement in the server
> but is do able.  nameservers already have policy rules (e.g. tcp-self
> has existed for years in named).  Adding more is not a hard thing
> to do.
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
>