IETF Logo Mail Archive

Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS

Ted Lemon <mellon@fugue.com> Thu, 19 July 2018 12:49 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27AD8130DD5 for <homenet@ietfa.amsl.com>; Thu, 19 Jul 2018 05:49:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GcZ87HmuEmYE for <homenet@ietfa.amsl.com>; Thu, 19 Jul 2018 05:49:15 -0700 (PDT)
Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B208C129619 for <homenet@ietf.org>; Thu, 19 Jul 2018 05:49:14 -0700 (PDT)
Received: by mail-it0-x233.google.com with SMTP id h2-v6so8974963itj.1 for <homenet@ietf.org>; Thu, 19 Jul 2018 05:49:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=t+AlQCFCtPyT15CrwMML1/26RgOqeAPxlFE8y0AEFSY=; b=U5sqiJEU9V+1LWemn8G1PEhAbQiX6B3HIi+UCctBFNOQa5zMHIQTpe0A9S+ttFB8iz ToNFFk0+MIQrf+NjTxwbTBMvP5MYzqZUZP/71w3E4YIJxQgq1JL68BExx2FChEMB04oo NlOuqXD8eaPsm2PP+2QFPiJfB1/CwCNe1vyzajhSnVPEm8QVUEf2o4g4gGGMH8OavD25 dwefIHjDToxivqyMw2/a49ApoMYmyu9JjyHbnF163BE9/lQ9B5cMa36q9s0GypzdaL4L 4ZAHlVhN1/Wb8P4EpRVtWjndYVu80KTmXLzWa1fiLvI1FyQKdBQwEaEMcFOilqJebwPw FMSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=t+AlQCFCtPyT15CrwMML1/26RgOqeAPxlFE8y0AEFSY=; b=i1FTpwo11xyHP1RGwE00179uBQjvEf9d1H5qD/M+itYM0Upgecx2/+mmuysf+vWQw0 1357+s60FZjhPIwc1NTWjiGWjBjzMXq7vfqwAdI+zBuAuvs8SmItddc95PxxUdf/R9Yo cRrZuBdyajM0EnZ6GNhJHzOstHAeUR5ZVdwC9nlGxQhJWNIs6IeU1P2SGHRpzYpQI4rq Lilz8eot3U+7HuoxOjifhID05jt0BQ3nD6joqevOzqPRyAIT9FWxUNcyTuB7raYC9JTT w7G//Y2ed2LiweY2GN/x2Jw0VqV9nDCB9QaLYybO1/Ok0WR7yWdTPgfc4WGTufuIbHS8 7s7g==
X-Gm-Message-State: AOUpUlFNazP+rZ0cV6mJJ+u0xug3T+CPsBar8DWYaF2LrKvI6wEWdfyC pYFzj09xB9dOU2W0k2vS/mKJQuqil9us/rk7B1DBGA==
X-Google-Smtp-Source: AAOMgpeRCkyeSxX6XwNXcOJLm9zafYW2D9K0/X63LwPr1v/FXj8IStONJ3o0DVEbaVW/SZoXB8gSpVs3Z/LThwKTF5w=
X-Received: by 2002:a24:d485:: with SMTP id x127-v6mr5623180itg.82.1532004553954; Thu, 19 Jul 2018 05:49:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:b442:0:0:0:0:0 with HTTP; Thu, 19 Jul 2018 05:48:33 -0700 (PDT)
In-Reply-To: <87tvovd0jp.wl-jch@irif.fr>
References: <87sh4g1bqe.wl-jch@irif.fr> <249918E0-8E8F-44A9-B1ED-0D4F91104B20@isc.org> <877elsovmq.wl-jch@irif.fr> <CAPt1N1msXi1BG9RTDr2sWnn8J6F45CnESJCg4LTP-4jP9mVJxw@mail.gmail.com> <87tvovd0jp.wl-jch@irif.fr>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 19 Jul 2018 08:48:33 -0400
Message-ID: <CAPt1N1mbTNAKiA-QZMGVwFDajAB1frWX63amdxUj=OnRz2jrew@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Cc: Homenet <homenet@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
Content-Type: multipart/alternative; boundary="0000000000003bb0270571599bcd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/QwFU08LpxWZ0Epc22kUtQ2PIf3Y>
Subject: Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 12:49:19 -0000

On Thu, Jul 19, 2018 at 5:42 AM, Juliusz Chroboczek <jch@irif.fr> wrote:

> > In order for services to be discoverable on the homenet, they have to
> > publish their contact info on the homenet. The protocol that everyone
> > uses for this is DNSSD. This is how you find your printer when you want
> > to print to it. Nobody uses the ad-hoc DynDNS protocol for this.
>
> I am not speaking about discovery within the Homenet.  I am speaking about
> exporting names into the global DNS, which is what Daniel's draft is about.
>

Yes, but the problem is that you are treating this as if these are two
separate problems, but they are not.   If we need devices to know how to do
one thing, that's enough.   We shouldn't demand that they know how to do
two things that accomplish the same thing.   So if we need service
registration, we shouldn't also have a second method of publishing names,
because that's additional work for the device manufacturer.


> > The reverse mapping zone has to be delegated by the ISP, so we might as
> > well do it in a prefix delegation transaction.
>
> I'm not following your reasoning here -- why does the zone being tied to
> the ISP imply that we must use a more complex protocol?
>

Again, we are already doing DHCP PD to get the prefix from the ISP.   The
transaction is already happening.   Sending our ZSK to the root along with
the IP address of our public or hidden primary for the reverse zone isn't a
lot of additional work.   Doing this transaction over HTTP means another
service that the ISP has to operate, and another service that the HNR has
to connect to.   So it's not a simplication—it's a complexification, even
though the protocol itself is simple.


> > Also, think of the privacy implications if all of the services on the
> > homenet had to be discovered from a shared zone like dyndns.org.
>
> Quite the opposite.  In the trivial update protocol, the update is
> end-to-end, encrypted, and only the host and the DNS provider see the
> data.  Every Homenet, every host, heck, even every application can use
> a different DNS provider, and each DNS provider only sees the data that
> was explicitly sent to it.
>

You've published a record in a public zone.   It doesn't matter that the
protocol you used to publish it is  privacy-protecting, because the
publication of the name immediately negated that.

In Daniel's protocol, the data goes from host to hidden primary to DNS
> provider.  The hidden primary is probably controlled by the ISP, which is
> convenient if you happen to be a privacy-violating ISP.


The hidden primary would be on an HNR, so unless the HNR is controlled by
the ISP, the hidden primary isn't either.   In principle, at least, the
hidden primary should only be exposing names to the ISP that are intended
to be exposed.

The reason I was hassling  Daniel about implementations at the mic is that
I actually share your concern that what he's got written down right now is
more complicated than it needs to be, and this is partly because it was
originally motivated by his work at an ISP.   Now that he isn't doing that,
we have an opportunity to do a rethink about what is good and bad about the
proposal, and I think we should take advantage of this opportunity.

That said, DNS delegation and IXFR are well-understood technologies that
are well-suited to the purpose we have here, so I think we should be
careful when trying to simplify this to make sure that what is being
proposed actually has that effect!

v2.23.0 | Report a Bug | By Email