Re: [homenet] Dnsdir last call review of draft-ietf-homenet-front-end-naming-delegation-26
Daniel Migault <mglt.ietf@gmail.com> Thu, 09 February 2023 12:53 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 246F2C151540; Thu, 9 Feb 2023 04:53:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.093
X-Spam-Level:
X-Spam-Status: No, score=-2.093 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lCFqzpMYIWwQ; Thu, 9 Feb 2023 04:53:06 -0800 (PST)
Received: from mail-yw1-x112c.google.com (mail-yw1-x112c.google.com [IPv6:2607:f8b0:4864:20::112c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97354C151536; Thu, 9 Feb 2023 04:53:06 -0800 (PST)
Received: by mail-yw1-x112c.google.com with SMTP id 00721157ae682-520dad0a7d2so23698867b3.5; Thu, 09 Feb 2023 04:53:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RH4VTBF7IPaSRYf7Do++gb8XCHmLaECfIy7F1H9PL7M=; b=n3d6S//jqxcl22Aw+VLu63fUVL7Rx0jRBQA9+mEZl/2230IJEW0+E3WgRsy8IskuBL zewPCLLxhCzcUg9mq16E5bvmUu3o33K1UuwOQoAENeZc0D83jTOQVIdIMewJ8cBF8DQ6 lx3jVxOQdXECloTvgvpdZMCpc48aYqgkuKQBKLo6USB7Dfc8mBcQVaSm0OzMsPi7u4ME YfP9Ddf1am09fBDXhvOcSB7Dsn/yp4zwVEc3kPTVrHtck/bSZJBPRTuwWOZ4BPcd24+k 7nOLWAouR5PHqODviFJtmGa6Q80wOi5v/+THdNzQMguSfKCc+paBJ3mQ6UearXt8lk8R l4Fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RH4VTBF7IPaSRYf7Do++gb8XCHmLaECfIy7F1H9PL7M=; b=dkiB+YJkwI8lfQHrOGaOF9a6NE3r/lSU46Q6rMgvL0nGX3LXzeX35UkTQnBUYQ/+Fx cbNSwAFIRi1U/ZMuWXq7IPlNwHkDw6Elvxzqs2yRuuO4yiBvrQ0OQXW/s+d3Fz+bxy29 S4a1FTeLO478+KFXbEOcko4vmSmaUjyV/Rz7fZ1LzkZKSWYEpaKDRydtwHkq/iF7mbvE FU2KFaR3L1hiGlJyvpJs3jbAZhpYPL9sEfkK3fSU82h5elIsKB6ygGZ0Os8InhhdIwsp +E76mhcyVl5+MPZhjbqhLKkb43EgIHhEoFARbNRz6NQirY+4VTP1QlG77SWRx6ZYCjQs MCOQ==
X-Gm-Message-State: AO0yUKXWgFj9HEAyyPpdT2L5uo6kNu+XVw0qjwe8hCMByLGHFJ+m1ehR 6dYr2hvCK9P/gOI8gLcxyAPqOS3KsgmwA7uzNhWKcHT6
X-Google-Smtp-Source: AK7set/M3yXgLsNb1lAtW3lN4o9nXyzFlWMCkRYu7NHajkH/pAvbhVdzsXoP7adiNrio/hCslKqXLZcwlOOL73IKqGw=
X-Received: by 2002:a81:85c5:0:b0:4b2:fa7c:8836 with SMTP id v188-20020a8185c5000000b004b2fa7c8836mr1182638ywf.195.1675947185363; Thu, 09 Feb 2023 04:53:05 -0800 (PST)
MIME-Version: 1.0
References: <167518625482.32285.4207908224385049379@ietfa.amsl.com> <CADZyTkkZkvpbYCwV3=0Y_WvLXQSVmrX47n6z23dTLR9rAtq5jQ@mail.gmail.com> <AM9PR03MB7881A97A1EBC5BB8910DACAA83D99@AM9PR03MB7881.eurprd03.prod.outlook.com>
In-Reply-To: <AM9PR03MB7881A97A1EBC5BB8910DACAA83D99@AM9PR03MB7881.eurprd03.prod.outlook.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Thu, 09 Feb 2023 07:53:34 -0500
Message-ID: <CADZyTkm1osd_d3-9bwvyujSBOOWnGTJtsgx4NVHC-FQ+TzJ1yQ@mail.gmail.com>
To: Anthony Somerset <Anthony.Somerset@liquid.tech>
Cc: "dnsdir@ietf.org" <dnsdir@ietf.org>, "draft-ietf-homenet-front-end-naming-delegation.all@ietf.org" <draft-ietf-homenet-front-end-naming-delegation.all@ietf.org>, "homenet@ietf.org" <homenet@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a561da05f443dc0c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/aMYG-UoKg_wqlOQ6lyf7Mm74CbQ>
Subject: Re: [homenet] Dnsdir last call review of draft-ietf-homenet-front-end-naming-delegation-26
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2023 12:53:11 -0000
Hi Anthony, Thanks for the response and the multiple reviews. These reviews have been useful and in general I am happy with what we received from the various directorates - so thanks for the extra work. Yours, Daniel On Thu, Feb 9, 2023 at 5:31 AM Anthony Somerset <Anthony.Somerset@liquid.tech> wrote: > Hi Daniel > > > > I am happy with the proposed rewording of DDoS attack surface – this at > least remains accurate to what is taking place. > > > > Thanks > > > > Anthony > > > > *From: *Daniel Migault <mglt.ietf@gmail.com> > *Date: *Wednesday, 08 February 2023 at 17:36 > *To: *Anthony Somerset <Anthony.Somerset@liquid.tech> > *Cc: *dnsdir@ietf.org <dnsdir@ietf.org>, > draft-ietf-homenet-front-end-naming-delegation.all@ietf.org < > draft-ietf-homenet-front-end-naming-delegation.all@ietf.org>, > homenet@ietf.org <homenet@ietf.org>, last-call@ietf.org < > last-call@ietf.org> > *Subject: *Re: [homenet] Dnsdir last call review of > draft-ietf-homenet-front-end-naming-delegation-26 > > CAUTION: This email has originated from a free email service commonly used > for personal email services, please be guided accordingly especially if > this email is asking to click links or share information. > > > > Hi Anthony, > > > > Thanks for the review. Please find below how we intend to address your > comments. > > > > Yours, > Daniel > > > > On Tue, Jan 31, 2023 at 12:32 PM Anthony Somerset via Datatracker < > noreply@ietf.org> wrote: > > Reviewer: Anthony Somerset > Review result: Ready with Issues > > Hello > > I have been selected as the DNS Directorate reviewer for this draft. The > DNS Directorate seeks to review all DNS or DNS-related drafts as > they pass through IETF last call and IESG review, and sometimes on special > request. The purpose of the review is to provide assistance to the ADs. > For more information about the DNS Directorate, please see > https://wiki.ietf.org/en/group/dnsdir > > There are are clear and direct references to various DNS RFC's and this > draft is not in any major conflict with the wider DNS space but the > following specific suggestions relating to DNS are made. > > I previously Reviewed Version 18 of this draft and am re-rereviewing in > line with the comments I made in that review - > > https://datatracker.ietf.org/doc/review-ietf-homenet-front-end-naming-delegation-18-dnsdir-telechat-somerset-2022-10-12/ > > Having re-read the new version a few times, and keeping track of the > various > reviews as not to duplicate reports for same issues i will try not say the > same > things again. > > I specifically note that Geoff has done a very definitive review of > version 25 > of the document and i won't repeat those comments in this review but > suffice > to say i do concur with the assessment of the situation in his review and > agree with the position of Ready with Issues as well > > I am happy with the large effort to reflow the document - it does now read > in a > more sensible order and helps with clarity. > > I am also happy with the additional security considerations that make > sense. > > Major Issues: None > > Minor Issues: > > Section 2 - Public Authoritative Servers - my original NIT was dealt with > but I > note that anycast is now referenced here which is still extraneous, we are > not > attempting to deal with the standard of how Public Authoritative Servers be > managed operationally > > > > I agree that we are not concerned on how the Public Authoritative Servers > are managed. I suppose the comment is concerning the following sentence. > > If that the case, I am not reading any suggestion on how these servers are > operated. Our main purpose here is to make sure the reader understands > which servers we are talking about. This is the sense of the sentence: "are > often implemented in an anycast fashion.". I propose to leave the text as > it, but remain open to changes if I am missing something. > > """ > > are the authoritative name servers for > the Public Homenet Zone. Name resolution requests for the > Registered Homenet Domain are sent to these servers. Some DNS > operators would refer to these as public secondaries, and for > higher resiliency networks, are often implemented in an anycast > fashion. > > """ > > > > > Section 3 - now Section 5 - i note specifically the comment about: > > "In the case the HNA is a CPE, outsourcing to the DOI protects the home > network > against DDoS for example." > > I personally would consider this a dangerously inaccurate statement. > > This offers NO protection against a DDoS, at best it (only) slightly > reduces > the attack surface exposed but it provides no meaningful additional > protection. > > I specifically repeat this and recommend the statement be removed or > re-worded > appropriately > > I see your point. > > I propose to replace: > > OLD: > > """ > > In the case the HNA is a CPE, outsourcing to the DOI protects the home > network against DDoS for example. > """ > > by NEW: > > """ > > In the case the HNA is a CPE, outsourcing to the DOI reduces the attack > surface of the home network to DDoS for example. > > """ > > > > I assume the nit mentioned below have been addressed previously. In other > words, no action is expected. > > > > Section 3.2 - Original NIT dealt with > > 1.1 - now 3 - NIT dealt with > > 3.1 now 5.1 - Typo fixed > > 4.5.1 - now 6.5.1 - i believe this NIT to be well addressed now, the > reflowing > of the document definitely helps here. > > Thanks > > > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > > > > > -- > > Daniel Migault > > Ericsson > This email disclaimer applies to the original email, all attachments and > any subsequent emails sent by Liquid Telecom. This email contains valuable > business information that is privileged, confidential and/or otherwise > protected from disclosure, intended only for the named person or entity to > which it is addressed. If you are not the intended recipient of this email > and you received this e-mail in error, any review, use, dissemination, > distribution, printing or copying of this e-mail is strictly prohibited and > may be unlawful and/or an infringement of copyright. Please notify us > immediately of the error and permanently delete the email from your system, > retaining no copies in any media. No employee or agent is authorized to > conclude any binding agreement on behalf of Liquid Telecom with another > party or give any warranty by email without the express written > confirmation by an authorized representative or a director of Liquid > Telecom. Nothing in this email shall be construed as a legally binding > agreement or warranty or an offer to contract. Liquid Telecom will not be > responsible for any damages suffered by the recipient as a result of the > recipient not taking cognizance of this principle. Liquid Telecom accepts > no liability of whatever nature for any loss, liability, damage or expense > resulting directly or indirectly from the access of any files which are > attached to this message. Any email addressed to Liquid Telecom shall only > be deemed to have been received once receipt is confirmed by Liquid Telecom > orally or in writing. An automated acknowledgment of receipt will not > suffice as proof of receipt by the Liquid Telecom. This email disclaimer > shall be governed by the laws of South Africa. > > Internal All Employees > -- Daniel Migault Ericsson
- [homenet] Dnsdir last call review of draft-ietf-h… Anthony Somerset via Datatracker
- Re: [homenet] [dnsdir] Dnsdir last call review of… Warren Kumari
- Re: [homenet] Dnsdir last call review of draft-ie… Daniel Migault
- Re: [homenet] Dnsdir last call review of draft-ie… Anthony Somerset
- Re: [homenet] Dnsdir last call review of draft-ie… Daniel Migault