Re: [homenet] Updating DNS

Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr> Mon, 25 April 2016 05:48 UTC

Return-Path: <jch@pps.univ-paris-diderot.fr>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D9412B05D for <homenet@ietfa.amsl.com>; Sun, 24 Apr 2016 22:48:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FJgPlwF31Q5i for <homenet@ietfa.amsl.com>; Sun, 24 Apr 2016 22:48:36 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA08912B005 for <homenet@ietf.org>; Sun, 24 Apr 2016 22:48:35 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/56228) with ESMTP id u3P5mXsh010958 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 25 Apr 2016 07:48:33 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/56228) with ESMTP id u3P5mWSR009210; Mon, 25 Apr 2016 07:48:33 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id BAEB761FE6; Mon, 25 Apr 2016 07:48:32 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 4Nh5hlr4hnMr; Mon, 25 Apr 2016 07:48:31 +0200 (CEST)
Received: from trurl.pps.univ-paris-diderot.fr (col75-1-78-194-40-74.fbxo.proxad.net [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 2F14D61FF6; Mon, 25 Apr 2016 07:48:30 +0200 (CEST)
Date: Mon, 25 Apr 2016 07:48:33 +0200
Message-ID: <87k2jmqlvy.wl-jch@pps.univ-paris-diderot.fr>
From: Juliusz Chroboczek <jch@pps.univ-paris-diderot.fr>
To: Ted Lemon <mellon@fugue.com>
In-Reply-To: <CAPt1N1nN+ih8xpBV_-T_JaGtbBG6d5zYqW==tph8yN_UB34NNw@mail.gmail.com>
References: <6E709688-414A-4AFB-AEAE-56BAE0469583@coote.org> <87oa93vz8e.wl-jch@pps.univ-paris-diderot.fr> <917CFE11-2386-4B0D-8A81-F87764AC09A4@coote.org> <87lh47vtpe.wl-jch@pps.univ-paris-diderot.fr> <02CF43FB-CF81-4C0C-84E1-A8DFB27B3F8C@coote.org> <87lh44fff7.wl-jch@pps.univ-paris-diderot.fr> <48A9C52C-85BC-4123-A3ED-FB269AD03126@iki.fi> <87eg9wfctc.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nq1CTMmQHFQXnaFY73SyRPKpWagiMVfrHODakbeT2Wxw@mail.gmail.com> <87a8kj3r7p.wl-jch@pps.univ-paris-diderot.fr> <CAPt1N1nN+ih8xpBV_-T_JaGtbBG6d5zYqW==tph8yN_UB34NNw@mail.gmail.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Mon, 25 Apr 2016 07:48:33 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Mon, 25 Apr 2016 07:48:33 +0200 (CEST)
X-Miltered: at korolev with ID 571DAFB1.001 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 571DAFB0.002 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 571DAFB1.001 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@pps.univ-paris-diderot.fr>
X-j-chkmail-Enveloppe: 571DAFB0.002 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@pps.univ-paris-diderot.fr>
X-j-chkmail-Score: MSGID : 571DAFB1.001 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 571DAFB0.002 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/lu_sbFvW1mzr59VYIWxsqE_lk3o>
Cc: homenet@ietf.org
Subject: Re: [homenet] Updating DNS
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2016 05:48:38 -0000

>>> Just 2136 isn't enfough, because there's no authentication scheme,

>> I don't understand this argument.  How is non-secured DDNS any less secure
>> than mDNS?  What am I missing?

> This is an implementation issue, not a security issue--sorry for not making
> that clear.   In order to preserve the same security characteristics that
> mDNS has, we have to ensure that the update actually originated on the
> local link, which requires a different sort of listener than is present in
> a typical DNS server.

Makes perfect sense, thanks for the explanation.

> The problem with site-local multicast for mDNS is that multicast isn't a
> great solution even on the local wire when that wire is wireless.

Mmh, if you're an IGMP listener, then you have the lists of subscribers,
so you could in principle convert multicast to multiple link-layer
unicasts.  But that's perhaps somewhat more of a layering violation than
I'm comfortable with.  So yeah, your point stands.

> Furthermore, if you consider the mdns hybrid proxy stateless, then you can
> have a DNS server that is roughly that stateless too.   I think it provides
> better service continuity if you are willing to retain some state

Mmh, okay, I'll think it over.  But I reserve the right to grumble.

-- Juliusz