Re: [homenet] Adam Roach's No Objection on draft-ietf-homenet-dot-12: (with COMMENT)
Adam Roach <adam@nostrum.com> Wed, 30 August 2017 16:59 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A85B1321B7; Wed, 30 Aug 2017 09:59:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.879
X-Spam-Level:
X-Spam-Status: No, score=-1.879 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RJMb95l_nwTf; Wed, 30 Aug 2017 09:59:27 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F0061321A6; Wed, 30 Aug 2017 09:59:27 -0700 (PDT)
Received: from Orochi.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v7UGxKiI038566 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 30 Aug 2017 11:59:22 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Orochi.local
To: Ted Lemon <ted.lemon@nominum.com>
Cc: draft-ietf-homenet-dot@ietf.org, homenet-chairs@ietf.org, HOMENET <homenet@ietf.org>, The IESG <iesg@ietf.org>, Ray Bellis <ray@bellis.me.uk>
References: <150395805175.13203.12325524217824839037.idtracker@ietfa.amsl.com> <6A42DD6D-CE4C-4172-BE83-C0A259A4368D@nominum.com> <cb24440c-142d-b13f-9eea-8395ca6ac0db@nostrum.com> <BE43223C-D9BE-44A8-853E-DA3C80E22BFD@nominum.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <0c093268-374a-8a38-e36f-193575fa4b5a@nostrum.com>
Date: Wed, 30 Aug 2017 11:59:15 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <BE43223C-D9BE-44A8-853E-DA3C80E22BFD@nominum.com>
Content-Type: multipart/alternative; boundary="------------1B7EDD3BF3323C795980EAE2"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/eVMBtUo7yFfPrx183vTrMwcHgpY>
Subject: Re: [homenet] Adam Roach's No Objection on draft-ietf-homenet-dot-12: (with COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2017 16:59:30 -0000
Thanks. Both changes look good to me. /a On 8/30/17 11:25, Ted Lemon wrote: > Argh, I spaced out on doing these changes because the security review > was so extensive. Sorry about that. I'm making changes to my > version of the document, but I will refrain from further confusing the > datatracker—assuming that this document is approved tomorrow, I can > submit an update with these changes and any others that come up on the > telechat. > >> On Aug 28, 2017, at 11:18 PM, Adam Roach <adam@nostrum.com >> <mailto:adam@nostrum.com>> wrote: >> Oh! That makes a lot more sense -- I should have chased down that >> section in 6761. I think what's tripping me up is the introduction in >> the homenet-dot draft: "This section defines the behavior of systems >> involved in domain name resolution when resolving queries for names >> ending with '.home.arpa.' (as per [RFC6761])." -- it would be clearer >> if it said something more like "This section reserves the >> '.home.arpa.' subdomain according to the procedures outlined in >> [RFC6761] section 4." > > The requirement to put this in the IANA considerations section is > actually probably a bad idea, because it would create a lot of > irrelevant chaff for the IANA to parse through. I think it was > well-intended, but I've never actually seen it done this way in > previous RFC 6761 allocations. That said, your basic point is > correct—there should be a better explanation of what's going on in > this section. I've updated the introductory text for this section as > follows: > > This section specifies considerations for systems involved in domain > name resolution > when resolving queries for names ending with '.home.arpa.'. Each > items in this section > addresses some aspect of the DNS or the process of resolving domain > names that would be > affected by this special use allocation. Detailed explanations of > these items can be > found in <xref target="RFC6761"/>, Section 5. > > >>>> With the explanation in section 6: >>>> >>>> it may be useful for the resolver to identify different >>>> homenets on which it has resolved names >>>> >>>> Doesn't this mitigation in the security section require name resolution >>>> libraries to recognize names that end in ".home.arpa." as special >>>> so that it >>>> can treat them differently? >>> >>> Section 6 is talking about future work. If we come up with a way to >>> do this, then it would update this document, changing the normative >>> requirement. >> >> >> To me, this reads as something that could be done unilaterally by the >> local resolver according to their own reasonable notion of what the >> proper mitigations might be here. I would suggest rephrasing to make >> it clearer that this suggestion pertains to _future_ work; e.g., "To >> prevent this from happening, future documents may define behavior >> that allows resolvers to identify and distinguish among different >> homenets on which they have resolved names, and take appropriate >> measures to avoid such confusion." >> >> > Yup, that makes sense. Proposed update: > > To prevent this from happening, it could be useful for the resolver > to securely > differentiate between different homenets, and between identical names > on different > homenets. However, a mechanism for doing this has not yet been > standardized, and > doing so is out of scope for this document. It is expected that this > will be explored in > future work. > > OK? >
- [homenet] Adam Roach's No Objection on draft-ietf… Adam Roach
- Re: [homenet] Adam Roach's No Objection on draft-… Ted Lemon
- Re: [homenet] Adam Roach's No Objection on draft-… Adam Roach
- Re: [homenet] Adam Roach's No Objection on draft-… Ted Lemon
- Re: [homenet] Adam Roach's No Objection on draft-… Ted Lemon
- Re: [homenet] Adam Roach's No Objection on draft-… Adam Roach