IETF Logo Mail Archive

Re: [homenet] Paul Wouters' Discuss on draft-ietf-homenet-naming-architecture-dhc-options-21: (with DISCUSS)

Daniel Migault <mglt.ietf@gmail.com> Thu, 20 October 2022 20:04 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D5D1C14F742; Thu, 20 Oct 2022 13:04:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fdt2lCOWxsBg; Thu, 20 Oct 2022 13:04:22 -0700 (PDT)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 943C1C14F73F; Thu, 20 Oct 2022 13:04:22 -0700 (PDT)
Received: by mail-il1-x136.google.com with SMTP id g13so556922ile.0; Thu, 20 Oct 2022 13:04:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RBWvtbiOe27BUj9Jt/NoeHfpwP2Qx+jMoh+U2hHuz7A=; b=pgaozsshxnvv+bIwc16Zro4YOR2VwcjH17+ls01S9zSnV30q82FjH4X3jjcMAsQvXp vKF5/LB4w/H87VUxWh5yJmrezR2s7HAb1wszd4uw8ncLGDCJOOaChc/WA48xR3gpfC3A ur+Jaj7qekGVEeLVjBOtkbWhxSo7JR6NQcqFRP+achECDvSN5pJBMzwcDyPm76SwHwfy XTSWY7a+T+W5nXe736rRZFoynpspbnCO5j3Hi/GMYtPbbyfjHBCJ5WBcNm4NCWz9+Dw2 AqtFij1/hV8U7D7f1o0/6eEVLpY9W6eiVL77AXYd1nckP8lAa+hMT6WDp1+9GMTAiC2z HyHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RBWvtbiOe27BUj9Jt/NoeHfpwP2Qx+jMoh+U2hHuz7A=; b=h5eenQuJpCbL8hOibQQGKkOYZYIQd7iRHLJXqz2G8kED+ICoX4AK/SZvyDIvAT20LJ LsoPBoEpoA0ToMhl1ALjf8LL2UUyp6ihxEYlszNC0f9Hc/VPppBU+qzOkaVM0zg6WPaL ALebVRfT4BZawtrTX1BZkpe6gssoxJ64jQN0F30qXOQLhZvwG5WBa1tVZbY4trGMuG3r JSg6xmrlze09U+7He9apdx35w/+p6LxD52/D4iEl8hZQ9qWvaFijPrIXLDGRtV8tYRd9 SUe3TmsPD3afZxFS97ngmP0j87EnhDx39EjJQvctOuOZhzi0JeQ52FtYOLv5B77BiN6I ppFw==
X-Gm-Message-State: ACrzQf0D4GTmYkcXuNHtoHYCq3UZkuCh8HjtrfVFlfr0Q61hmK+ZCydg wvVJAKO1aJ+ZzMGLGFaezpoYN7UZ6MAryQKCG3Kr260vBW0=
X-Google-Smtp-Source: AMsMyM6jYkUXcXjC2MeXC9P61r+BsX3sLD5PCgIWav9aMXM3T8z0xnK418yfRlY5JOI+LRGHUasAOx5H77sQcxPniwg=
X-Received: by 2002:a92:c514:0:b0:2f9:2b06:6283 with SMTP id r20-20020a92c514000000b002f92b066283mr10998549ilg.287.1666296261701; Thu, 20 Oct 2022 13:04:21 -0700 (PDT)
MIME-Version: 1.0
References: <166624546383.55524.17919861797763262507@ietfa.amsl.com>
In-Reply-To: <166624546383.55524.17919861797763262507@ietfa.amsl.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Thu, 20 Oct 2022 16:04:10 -0400
Message-ID: <CADZyTk=GD1k9RfdLoddCWqKCr8yQvoOm1+df0gAzp92oKRWzdw@mail.gmail.com>
To: Paul Wouters <paul.wouters@aiven.io>
Cc: The IESG <iesg@ietf.org>, draft-ietf-homenet-naming-architecture-dhc-options@ietf.org, homenet-chairs@ietf.org, homenet@ietf.org, stephen.farrell@cs.tcd.ie
Content-Type: multipart/alternative; boundary="000000000000c4f5b205eb7cd44e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/KwHKXEBDOwta-EvIebv9aYrgp8k>
Subject: Re: [homenet] Paul Wouters' Discuss on draft-ietf-homenet-naming-architecture-dhc-options-21: (with DISCUSS)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2022 20:04:23 -0000

Hi Paul,

Some brief element of response to your questions. While you are raising
comments within a DISCUSS see your comment as a very high level question on
what is the content of the draft with many questions related not to that
draft. I am happy to respond, but there is nothing actionable that can be
done, so please be more specific.

Yours,
Daniel

On Thu, Oct 20, 2022 at 1:58 AM Paul Wouters via Datatracker <
noreply@ietf.org> wrote:

> Paul Wouters has entered the following ballot position for
> draft-ietf-homenet-naming-architecture-dhc-options-21: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
>
> https://datatracker.ietf.org/doc/draft-ietf-homenet-naming-architecture-dhc-options/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> This might be my misunderstanding

of homenet, so hopefully easy to resolve.
>
> The HNA (hidden primary?) to DM (primary) DNS communication using DNS
> Update
> needs some kind of authentication, TSIG or SIG0 ?

no

> While TLS gives you privacy,
> the DNS Update cannot be done with only TLS (as far as I understand it).

please develop, but just in case, we do not use dns update to synchronize
the zone. we use AFXR/IXRF over TLS define din XoT.

> I
> don't see any DHCP options to relay authentication information for
> automatic
> deployment?


The FQDN "Distribution Manager FQDN" and "Reverse Distribution Manager FQDN"
are sufficent to set a TLS session.

So I don't understand how this would startup and be able to setup a
> secure DNS update channel ?
>

TLS needs only names. The certificates binds the names to a key used for
the authentication.


> There was also talk about using ACME for TLS certificates, but wouldn't
> that
> require that the HNA already has a provisioned and working homenet domain ?
>
The draft does not mention ACME so I do not see what you are referring to.


> (possibly more a question for the other draft, but just adding it here in
> case
> the hidden primary to primary is an "almost DNS Update" protocol that uses
> TLS
> instead f TSIG/SIG0.
>
> not at all. we do not use dns update at all for synchronizing the zones.

>
>
>
>
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
>


-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email