Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]

Ted Lemon <mellon@fugue.com> Sat, 14 May 2016 13:19 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94A1A12D1B6 for <homenet@ietfa.amsl.com>; Sat, 14 May 2016 06:19:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tOxnph2uDcTw for <homenet@ietfa.amsl.com>; Sat, 14 May 2016 06:19:31 -0700 (PDT)
Received: from mail-lf0-x235.google.com (mail-lf0-x235.google.com [IPv6:2a00:1450:4010:c07::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAFA612D1A0 for <homenet@ietf.org>; Sat, 14 May 2016 06:19:30 -0700 (PDT)
Received: by mail-lf0-x235.google.com with SMTP id u64so100331976lff.3 for <homenet@ietf.org>; Sat, 14 May 2016 06:19:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=5+DuRAm7nijIKkPY7LQxVVBMYGsRBG1Kmk2h4yyDoPA=; b=IwJewTSG9UihAtN2Mo0Ebb2Cxs/dMqiiDpabVOURXrWBzX6SE5X4slmW2TR6WU/ME+ iwYe2cm1XUX4+PxRHmB2v6jM9sKYNzd44BFsdstTlWiVGNyv0fk+I/dkBqWRMrFNY0JI qvm3/sDdjjQt5m/vbhPwh0RwuvCrQX2q/MNvBqiRphhAx6pHi4W3VAaB1yhpU+y40ora e0RMkLVsHhr72SpjOUw688hhqaDZdIQkReHGEaHzLkHj7e+RAccJz0reSixScLibGIpw rpdcJuUy+BXUXVCmn23PrBi0b6jdbrm9o541Kdp6LW//EGv3FNzraX9zW1RY0UMotF35 50hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=5+DuRAm7nijIKkPY7LQxVVBMYGsRBG1Kmk2h4yyDoPA=; b=Ysn3I5ptr8tyuxH1G4Dp8kKw7lTHiZ6icL24ANreYKK8ScZyIkTowJujqi5qZQrgfs /xEeXSMa2jJ67vuCWIh69xqIFEkChd0D/HaOMtRCiR7p979OcouXUwm7gKc4GR/mAcsB W/PSHvVaU7DNZcxdM/JqEQKiGYwjMwZl2LmH0BuJP6MHabImYOKR9/yfxv/1p0zJbr6d tHwiKFWVaK04IavSkEJJu8YyBum+AXsJGyG7UuOWX826wCma8c+txANmgPud0xSZ4+Dv zpOwdV9MBjD1cRrstytULswR45Wkj7hKrd3DbQtubaO/ibpBVUmUdKWOPUNjJSzSC2Y/ jBgA==
X-Gm-Message-State: AOPr4FUjh9wLk4aOOA19JKeAwdsVf/q0ecq7rQwKaM5Jggf3iKhxmbEoXy/cIiERf2Q2AWUcjgtv0K1kRoiobA==
X-Received: by 10.25.17.234 with SMTP id 103mr8344727lfr.145.1463231968967; Sat, 14 May 2016 06:19:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.153.135 with HTTP; Sat, 14 May 2016 06:18:49 -0700 (PDT)
In-Reply-To: <57371F60.6060605@globis.net>
References: <6E709688-414A-4AFB-AEAE-56BAE0469583@coote.org> <56DB4264-1769-443A-86F2-BB0BE0ED9693@ecs.soton.ac.uk> <EMEW3|87dc38b1e390496e02166dafe2490d8as44D0U03tjc|ecs.soton.ac.uk|56DB4264-1769-443A-86F2-BB0BE0ED9693@ecs.soton.ac.uk> <57333B3F.7000009@globis.net> <CC759790-4F9B-47B8-A42C-A85F78AC9773@jisc.ac.uk> <57335AB6.8060305@globis.net> <87mvnwh81u.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nu98pXdDzVgZ2yW7xe8mwA=O+zmoGS8XLs_NLbNUaKFQ@mail.gmail.com> <57337274.1040000@globis.net> <CAPt1N1=mVBM-Dyg50eAv4Lz4XK1Hfe1SgHH5osR9fuhJhc0DWQ@mail.gmail.com> <57344249.8070907@globis.net> <874ma3s9pc.wl-jch@pps.univ-paris-diderot.fr> <57348817.1090200@globis.net> <CAPt1N1nWJJx_38Z_G8085w3Kwnd=_6gX3FBLjFMQcDm9sTdFtQ@mail.gmail.com> <5735B02D.8080304@globis.net> <CAPt1N1kAks=pAF-rcHRGWFbWLgWN5qEPZK+-6=c4VeZRi5VHcQ@mail.gmail.com> <CAPt1N1m96gpEz4GXrpr+eA3OjQyhQfbAACyi83noYovE1WSx7Q@mail.gmail.com> <CAPt1N1nkCRG6S2QJ9KqzhTrneN3SpnEQ8vWZO4f4gWwT9g-+dA@mail.gmail.com> <57371F60.6060605@globis.net>
From: Ted Lemon <mellon@fugue.com>
Date: Sat, 14 May 2016 09:18:49 -0400
Message-ID: <CAPt1N1kMtZ+TKveVxN-Lq5C4tKmBdMNy7n7zRyN0wVyQEZjE+g@mail.gmail.com>
To: "Ray Hunter (v6ops)" <v6ops@globis.net>
Content-Type: multipart/alternative; boundary=001a113fb580bc17a00532cd3d92
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/b3nCyceXNXJqtybnc5nZYk2OOHA>
Cc: homenet@ietf.org, Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr>
Subject: Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 May 2016 13:19:33 -0000

The only problem with that is that in the homenet ideally we'd like to have
local names signed and validatable via DNSSEC, and that requires that the
local namespace be global in scope, even if the names published in that
namespace are not.

On Sat, May 14, 2016 at 8:51 AM, Ray Hunter (v6ops) <v6ops@globis.net>;
wrote:

>
>
> Ted Lemon wrote:
>
> If devices publish keys, then you can use those keys to make sure you are
> still talking to them. And the dnssec validation of local names would also
> work. Graceful renumbering should indeed result in DNS updates. Bear in
> mind that this is graceful, so the old and new ULAs coexist for a while.
>
>
> Sounds good.
>
> So can we assume
>
> 1) a single ULA namespace for resolving all active ULAs, that will
> eventually converge to only containing RRs from a single ULA?
>
> 2) And that ULA namespace is disjoint from/completely independent of any
> GUA namespace?
>
>
> On May 13, 2016 06:45, "Ray Hunter (v6ops)" <v6ops@globis.net>; wrote:
>
>
> Ted Lemon <mellon@fugue.com>;
> 12 May 2016 15:48
> As long as the renumbering process is clean, there is no downside to
> renumbering, and no reason to be careful about which ULA you ultimately
> wind up with.
>
> So are you suggesting the Homenet (internal) namespace should be
> independent of ULA address space?
>
> In which case
>
> 1) how do we avoid the ".local" security problem where mobile devices are
> unable to distinguish whether they've actually moved to a different
> Homenet, or whether they've stayed still and their own Homenet has just
> renumbered.
>
> Or else
>
> 2) Does the renumbering mechanism also trigger an automatic renaming too?
>
> --
> regards,
> RayH
>
> <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
>
>
> --
> regards,
> RayH
>
> <https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
>