IETF Logo Mail Archive

Re: [homenet] Adam Roach's No Objection on draft-ietf-homenet-dot-12: (with COMMENT)

Ted Lemon <ted.lemon@nominum.com> Tue, 29 August 2017 13:53 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D49FC13293C; Tue, 29 Aug 2017 06:53:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YAt6YatoYdib; Tue, 29 Aug 2017 06:53:10 -0700 (PDT)
Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 15D81132A81; Tue, 29 Aug 2017 06:53:10 -0700 (PDT)
Received: from mail.nominum.com (sjc1-exch01.win.nominum.com [IPv6:2620:0:b60:fab4:1026:2045:f02a:5f75]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id 5762D740054; Tue, 29 Aug 2017 13:52:39 +0000 (UTC)
Received: from cavall.w50.lede.home (24.60.163.103) by SJC1-EXCH01.WIN.NOMINUM.COM (64.89.235.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1034.26; Tue, 29 Aug 2017 06:52:35 -0700
From: Ted Lemon <ted.lemon@nominum.com>
Message-ID: <04D01C5D-4CE8-4EB2-97CB-A5C29F6C2931@nominum.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_875B15D6-F7D8-4BE7-9E5C-82D4761F1668"
MIME-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Tue, 29 Aug 2017 09:52:36 -0400
In-Reply-To: <cb24440c-142d-b13f-9eea-8395ca6ac0db@nostrum.com>
CC: draft-ietf-homenet-dot@ietf.org, homenet-chairs@ietf.org, HOMENET <homenet@ietf.org>, The IESG <iesg@ietf.org>, Ray Bellis <ray@bellis.me.uk>
To: Adam Roach <adam@nostrum.com>
References: <150395805175.13203.12325524217824839037.idtracker@ietfa.amsl.com> <6A42DD6D-CE4C-4172-BE83-C0A259A4368D@nominum.com> <cb24440c-142d-b13f-9eea-8395ca6ac0db@nostrum.com>
X-Mailer: Apple Mail (2.3273)
X-Originating-IP: [24.60.163.103]
X-ClientProxiedBy: SJC1-EXCH02.WIN.NOMINUM.COM (64.89.235.69) To SJC1-EXCH01.WIN.NOMINUM.COM (64.89.235.83)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/o4MOrKY404bf-JQlryiOk-FYgxs>
Subject: Re: [homenet] Adam Roach's No Objection on draft-ietf-homenet-dot-12: (with COMMENT)
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Aug 2017 13:53:15 -0000

OK, these both sound like worthwhile updates to the doc.   I will add them to my working copy and send proposed diffs later today (I'm in the middle of processing the gen-art review).

> El Aug 28, 2017, a les 11:18 PM, Adam Roach <adam@nostrum.com> va escriure:
> 
> On 8/28/17 5:29 PM, Ted Lemon wrote:
>> El Aug 28, 2017, a les 6:07 PM, Adam Roach <adam@nostrum.com <mailto:adam@nostrum.com>> va escriure:
>>> Section 4 contains a list that it describes as defining "the behavior of [DNS]
>>> systems". Item number 7 seems to be something else: I don't know what code or
>>> configuration would result from this statement. Maybe move this item to section
>>> 3?
>> 
>> This is the format that RFC 6761 requires us to follow, which is why it's being done this way.   I think the text makes sense if you read it with the RFC 6761 list of criteria in section 5 in mind.   So I don't think it makes sense to move it, although I agree it scans a bit strangely. :)
> 
> Oh! That makes a lot more sense -- I should have chased down that section in 6761. I think what's tripping me up is the introduction in the homenet-dot draft: "This section defines the behavior of systems involved in domain name resolution when resolving queries for names ending with '.home.arpa.' (as per [RFC6761])." -- it would be clearer if it said something more like "This section reserves the '.home.arpa.' subdomain according to the procedures outlined in [RFC6761] section 4."
> 
> (I'll also note that 6761 appears to require this to be "a subsection of the 'IANA Considerations' section", so you might consider moving it accordingly -- this would have been somewhat less confusing if it were clearer that it's part of the registration process, which putting it in the 'IANA Considerations' section would have done.)
>> 
>>> With the explanation in section 6:
>>> 
>>>   it may be useful for the resolver to identify different
>>>   homenets on which it has resolved names
>>> 
>>> Doesn't this mitigation in the security section require name resolution
>>> libraries to recognize names that end in ".home.arpa." as special so that it
>>> can treat them differently?
>> 
>> Section 6 is talking about future work.   If we come up with a way to do this, then it would update this document, changing the normative requirement.
> 
> To me, this reads as something that could be done unilaterally by the local resolver according to their own reasonable notion of what the proper mitigations might be here. I would suggest rephrasing to make it clearer that this suggestion pertains to _future_ work; e.g., "To prevent this from happening, future documents may define behavior that allows resolvers to identify and distinguish among different homenets on which they have resolved names, and take appropriate measures to avoid such confusion."
> 
> 
> 
> /a
>

v2.23.0 | Report a Bug | By Email