IETF Logo Mail Archive

Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS

Juliusz Chroboczek <jch@irif.fr> Thu, 19 July 2018 13:30 UTC

Return-Path: <jch@irif.fr>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28453130DEA for <homenet@ietfa.amsl.com>; Thu, 19 Jul 2018 06:30:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qGHrvGuNQw3J for <homenet@ietfa.amsl.com>; Thu, 19 Jul 2018 06:30:12 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11A47130DCE for <homenet@ietf.org>; Thu, 19 Jul 2018 06:30:11 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/75695) with ESMTP id w6JDTRAo027678; Thu, 19 Jul 2018 15:29:27 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 6128EEB22E; Thu, 19 Jul 2018 15:30:09 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id leHXgJC2Lf0E; Thu, 19 Jul 2018 15:30:08 +0200 (CEST)
Received: from trurl.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 06D97EB22D; Thu, 19 Jul 2018 15:30:08 +0200 (CEST)
Date: Thu, 19 Jul 2018 15:30:07 +0200
Message-ID: <87601bcq00.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Ted Lemon <mellon@fugue.com>
Cc: Homenet <homenet@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
In-Reply-To: <CAPt1N1mbTNAKiA-QZMGVwFDajAB1frWX63amdxUj=OnRz2jrew@mail.gmail.com>
References: <87sh4g1bqe.wl-jch@irif.fr> <249918E0-8E8F-44A9-B1ED-0D4F91104B20@isc.org> <877elsovmq.wl-jch@irif.fr> <CAPt1N1msXi1BG9RTDr2sWnn8J6F45CnESJCg4LTP-4jP9mVJxw@mail.gmail.com> <87tvovd0jp.wl-jch@irif.fr> <CAPt1N1mbTNAKiA-QZMGVwFDajAB1frWX63amdxUj=OnRz2jrew@mail.gmail.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Thu, 19 Jul 2018 15:29:27 +0200 (CEST)
X-Miltered: at korolev with ID 5B509237.001 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5B509237.001 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5B509237.001 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/nL1eTcvDX3XprPuptiI-Y9-yKZM>
Subject: Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 13:30:14 -0000

>     I am not speaking about discovery within the Homenet. I am speaking about
>     exporting names into the global DNS, which is what Daniel's draft is
>     about.

> Yes, but the problem is that you are treating this as if these are two
> separate problems, but they are not.

These are two completely different problems, with different default
behaviours and different failure modes.

The default behaviour for the local zone is that devices should be
discoverable.  The default behaviour for the public DNS is that a device
should not be published unless it takes explicit action.

It makes a lot of sense to have two different protocols, rather than
essentially leaking a local zone into the ISP's DNS servers.

>     I'm not following your reasoning here -- why does the zone being tied to
>     the ISP imply that we must use a more complex protocol?

> Doing this transaction over HTTP means another service that the ISP has
> to operate,

Not the ISP, a third-party DNS provider.  That's the whole point.

> and another service that the HNR has to connect to.

Not the HNR, the end host.  That's the whole point.

And it's literally four lines of shell:

    while true; do
        wget --post-data 'name=gameserver.myhome.net&password=topsecret' \
             https://dyndns.example.com
        sleep $((24 * 3600))
    done

>     Quite the opposite. In the trivial update protocol, the update is
>     end-to-end, encrypted, and only the host and the DNS provider see the
>     data.

> You've published a record in a public zone. It doesn't matter that the
> protocol you used to publish it is privacy-protecting, because the
> publication of the name immediately negated that.

With delegation through an ISP-controlled hidden master, the ISP gets
a database of all the names published by all of its users.

With an encrypted connection to a DNS provider, the ISP needs to troll all
of the DNS providers in order to build such a database.

> I actually share your concern that what he's got written down right now
> is more complicated than it needs to be, and this is partly because it
> was originally motivated by his work at an ISP.

Uh-huh.

-- Juliusz

v2.23.0 | Report a Bug | By Email