Re: [homenet] New version draft-mglt-homenet-naming-architecture-dhc-options-02.txt

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 15 July 2014 15:41 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F8951B28BA for <homenet@ietfa.amsl.com>; Tue, 15 Jul 2014 08:41:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.552
X-Spam-Level:
X-Spam-Status: No, score=-2.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HS4aIWfU2iY7 for <homenet@ietfa.amsl.com>; Tue, 15 Jul 2014 08:41:16 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0068F1B2875 for <homenet@ietf.org>; Tue, 15 Jul 2014 08:41:15 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id A282020028; Tue, 15 Jul 2014 11:42:29 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 3C10363B0E; Tue, 15 Jul 2014 11:41:15 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 256E063AED; Tue, 15 Jul 2014 11:41:15 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Markus Stenberg <markus.stenberg@iki.fi>
In-Reply-To: <7EEF5CD0-C3B8-4559-A75D-E55931F94F61@iki.fi>
References: <CADZyTkk6rUuFJ5Wds2hioBBQa9-kXDJxyg_gBGQ1R6u5CHF2Ww@mail.gmail.com> <87fvij5wdw.wl.jch@pps.univ-paris-diderot.fr> <CADZyTkk2bv7T-Bs_ckG4i2MpXVDRqLA2R1dQgrMVrPSckOy-GQ@mail.gmail.com> <87k37uy703.wl.jch@pps.univ-paris-diderot.fr> <CADZyTk=YgD=JtyDpEz8TXOQmHxKzBoiEZbbW0LhZQy2GaKLqZQ@mail.gmail.com> <87vbrcydr9.wl.jch@pps.univ-paris-diderot.fr> <CADZyTk=kST4zPaPzz4DsAcCOtmYbQo-s2du+nEvJv0MSrneEMg@mail.gmail.com> <CADZyTkmZ+rC99qeC7gFEwc4JBoX9sHBUpo7p89+VC6zY7Z8drQ@mail.gmail.com> <87d2dfb98w.wl-jch@pps.univ-paris-diderot.fr> <CADZyTk=U25=Yck8BL5nrzGAR7mPk5HWp0r0h2wYy5ruSOf6rsQ@mail.gmail.com> <87vbr6mv8t.wl-jch@pps.univ-paris-diderot.fr> <7EEF5CD0-C3B8-4559-A75D-E55931F94F61@iki.fi>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature"
Date: Tue, 15 Jul 2014 11:41:15 -0400
Message-ID: <21162.1405438875@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/homenet/L6SxQe3fqEb9P9LNGSNYisKRZNU
Cc: "homenet@ietf.org" <homenet@ietf.org>, Daniel Migault <mglt.ietf@gmail.com>, Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr>
Subject: Re: [homenet] New version draft-mglt-homenet-naming-architecture-dhc-options-02.txt
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jul 2014 15:41:17 -0000

Markus Stenberg <markus.stenberg@iki.fi>; wrote:
    > Personally, I don’t believe in auto-exported ~full DNS information from
    > home because current service discovery schemes (mdns, dns-sd, upnp) or
    > even host-name discovery schemes (dhcp*) do not really lend themselves
    > to the external visibility being _opt in_. I don’t really want to
    > publish my home zone, and if I even did, anything that’s firewalled (=
    > everything except few ports on few addresses) is not useful outside the
    > home in any case.

Many people *do* want seemless access, and as their devices roam outside the
home, they expect, that having entered the name of the device, they expect
that whatever security they have (such as a VPN) will then get kicked off
automatically.  That requires that names->IPv6 mapping be available so that
the VPN can know it is supposed to do something.

I have way too much experience with IPsec VPNs where I have to turn the VPN
on, flush my DNS cache, restart my browser, and then finally, I can access
some internal name, all because some CIO thought that it would be insecure if
the world knew about intranet.example.com.

That's not the same as having an open network, so please stop saying that
names are useless because there is no connectivity.

I think that whether you "auto-export", or whitelist, or blacklist, etc. is
completely a local matter.  We may recommend a default, but we should make
sure that the mechanisms exist.

--
Michael Richardson <mcr+IETF@sandelman.ca>;, Sandelman Software Works
 -= IPv6 IoT consulting =-