IETF Logo Mail Archive

Re: [homenet] securing zone transfer

Juliusz Chroboczek <jch@irif.fr> Wed, 12 June 2019 23:58 UTC

Return-Path: <jch@irif.fr>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EADE412006A for <homenet@ietfa.amsl.com>; Wed, 12 Jun 2019 16:58:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nu0NVGH9qGvy for <homenet@ietfa.amsl.com>; Wed, 12 Jun 2019 16:58:22 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FBDD120018 for <homenet@ietf.org>; Wed, 12 Jun 2019 16:58:21 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x5CNwIkF003401; Thu, 13 Jun 2019 01:58:18 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 713BB5E12B; Thu, 13 Jun 2019 01:58:20 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id NYwOsQL_vUMk; Thu, 13 Jun 2019 01:58:19 +0200 (CEST)
Received: from lanthane.irif.fr (unknown [172.23.36.89]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 363C05E129; Thu, 13 Jun 2019 01:58:19 +0200 (CEST)
Date: Thu, 13 Jun 2019 01:58:19 +0200
Message-ID: <87ftoecq5g.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: homenet <homenet@ietf.org>
In-Reply-To: <4109.1560349340@localhost>
References: <CADZyTkkgd8f49V+yoZvPZXx3b-_YRzpgUY1-obroq9QMLnFWNw@mail.gmail.com> <878su8fj24.wl-jch@irif.fr> <2348.1560261275@localhost> <87ftofwqut.wl-jch@irif.fr> <27503.1560302791@localhost> <87ef3zwoew.wl-jch@irif.fr> <4109.1560349340@localhost>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Thu, 13 Jun 2019 01:58:18 +0200 (CEST)
X-Miltered: at korolev with ID 5D01919A.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D01919A.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D01919A.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/Wr1LPwVeex-Ul1-wViTginOgfhM>
Subject: Re: [homenet] securing zone transfer
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 23:58:24 -0000

>> Your turn now.  Could you please describe the UI that you envision?

> The list of names (from the internal mDNS/DNS-SD, as well as DHCP hostnames)
> is presented to the house owner, they click on the ones that the want to
> be publically visible.

Are you assuming here there's a central Homenet controller that presents
a web interface where the "house owner" can choose which names get
published?

Daniel's original draft used the term "CPE" for the hidden primary.  At
the time, I pointed out two things:

  - there's no single CPE in Homenet, there's zero, one or more edge
    routers which might or might not be ISP-controlled devices;
  - no Homenet service should be bound to an ISP-controlled device.

I believe that these requirements still reflect WG consensus.

Assuming that I'm right, I can only see two ways to provide global naming
without giving up on the properties above:

  - we avoid relying on a central controller (hidden primary with web
    interface);
  - we define a way to elect the central controller (hidden primary)
    in a way that doesn't bind the election to an ISP-controlled device.

(Am I missing a third option?)

The protocol that I have outlined is certainly not perfect, but it has the
virtue of avoiding the need for a central controller in the Homenet by
outsourcing naming using an end-to-end protocol between the host being
named and an external DNS primary.

I'm probably missing something, Michael, so please explain if you agree
with the analysis above, whether you're assuming a central controller,
and, if so, where is the central controller located in a network that has
multiple edge routers.

-- Juliusz

v2.23.0 | Report a Bug | By Email