IETF Logo Mail Archive

Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS

Jacques Latour <Jacques.Latour@cira.ca> Thu, 19 July 2018 20:23 UTC

Return-Path: <Jacques.Latour@cira.ca>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08942130E2A for <homenet@ietfa.amsl.com>; Thu, 19 Jul 2018 13:23:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L_Gqzl--P3M0 for <homenet@ietfa.amsl.com>; Thu, 19 Jul 2018 13:23:24 -0700 (PDT)
Received: from mx2.cira.ca (mx2.cira.ca [192.228.22.117]) by ietfa.amsl.com (Postfix) with ESMTP id EF6DA130DC9 for <homenet@ietf.org>; Thu, 19 Jul 2018 13:23:23 -0700 (PDT)
X-Virus-Scanned: by SpamTitan at corp.cira.ca
Received: from CRP-EX16-02.CORP.CIRA.CA (10.2.36.121) by CRP-EX16-02.CORP.CIRA.CA (10.2.36.121) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Thu, 19 Jul 2018 16:23:22 -0400
Received: from CRP-EX16-02.CORP.CIRA.CA ([fe80::15c6:1482:4083:e9f7]) by CRP-EX16-02.CORP.CIRA.CA ([fe80::15c6:1482:4083:e9f7%13]) with mapi id 15.01.0669.032; Thu, 19 Jul 2018 16:23:22 -0400
From: Jacques Latour <Jacques.Latour@cira.ca>
To: Ted Lemon <mellon@fugue.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: Homenet <homenet@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>, Juliusz Chroboczek <jch@irif.fr>
Thread-Topic: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS
Thread-Index: AQHUHt1SPq1lOF094UWujkemlFrMeKSV/xuAgAAHwICAAAMCgIAAhQcAgAA/JoCAAADRgIAAKHTw
Date: Thu, 19 Jul 2018 20:23:22 +0000
Message-ID: <d64b815ae29b4c1c807c307a70587227@cira.ca>
References: <87sh4g1bqe.wl-jch@irif.fr> <249918E0-8E8F-44A9-B1ED-0D4F91104B20@isc.org> <877elsovmq.wl-jch@irif.fr> <CAPt1N1msXi1BG9RTDr2sWnn8J6F45CnESJCg4LTP-4jP9mVJxw@mail.gmail.com> <87tvovd0jp.wl-jch@irif.fr> <f70a8ff8-fb99-115d-ec33-d0ffa9ae8f13@cs.tcd.ie> <CAPt1N1=hpR81cBrs1zFKux6JAXQxn6g0==DiSWYVbW0hdSxbww@mail.gmail.com>
In-Reply-To: <CAPt1N1=hpR81cBrs1zFKux6JAXQxn6g0==DiSWYVbW0hdSxbww@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.2.36.1]
Content-Type: multipart/alternative; boundary="_000_d64b815ae29b4c1c807c307a70587227ciraca_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/g_NmZkBMZnqy_GKJW7v6wMsbZP8>
Subject: Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 20:23:27 -0000

The provisioning process for front end naming delegation we’re thinking of includes the provisioning of the domain name itself at the registry, and the setup on the home gateway itself and registration with an external secondary anycast for global name resolution. The gateway would have an internal and external view, where the external view would sync with the outsourced DNS service, could be using standard IXFR/AXFR methods.  We would sign both internal/external views with DNSSEC and publish a CDS that the registry can take to bootstrap the delegation. We need to add a Dyn like process to sync external dynamic addresses to the external zone file.

We’re not planning to use home.arpa because it will not have a secure chain of trust and if we have a domain name for external reachability (example.ca) then might as well use it internally.

As a side note, I don’t think we should even think of building a solution to make home.arpa a secure delegation, it’s a good domain name for internal use and avoid name collisions, not good for DNSSEC.

From: homenet <homenet-bounces@ietf.org> On Behalf Of Ted Lemon
Sent: Thursday, July 19, 2018 9:31 AM
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Homenet <homenet@ietf.org>; Daniel Migault <daniel.migault@ericsson.com>; Juliusz Chroboczek <jch@irif.fr>
Subject: Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS

One way to automate this would be using mud.

On Thu, Jul 19, 2018 at 9:28 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> wrote:

(with no hats...)

On 19/07/18 10:42, Juliusz Chroboczek wrote:

>> Also, think of the privacy implications if all of the services on the
>> homenet had to be discovered from a shared zone like dyndns.org<http://dyndns.org>.

> Quite the opposite.  In the trivial update protocol, the update is
> end-to-end, encrypted, and only the host and the DNS provider see the
> data.  Every Homenet, every host, heck, even every application can use
> a different DNS provider, and each DNS provider only sees the data that
> was explicitly sent to it.

I'm also a bit puzzled by how the subset of records to be
globally published relates to the set of records that are
to be internally visible. I guess this is not something
that we'd fully standardise, but there are privacy issues
here if too much gets published globally, so there may be
some protocol (change/tweak) required to make it possible
for implementers to distinguish which information ought be
globally visible, and which not.

Cheers,
S.

v2.23.0 | Report a Bug | By Email