Re: [homenet] Fwd: I-D Action: draft-ietf-homenet-naming-architecture-dhc-options-01.txt
Daniel Migault <mglt.ietf@gmail.com> Fri, 20 March 2015 19:55 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 342C81B301C for <homenet@ietfa.amsl.com>; Fri, 20 Mar 2015 12:55:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3blmBy_u-OC4 for <homenet@ietfa.amsl.com>; Fri, 20 Mar 2015 12:55:31 -0700 (PDT)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C21461A8AAF for <homenet@ietf.org>; Fri, 20 Mar 2015 12:55:30 -0700 (PDT)
Received: by wibgn9 with SMTP id gn9so720891wib.1 for <homenet@ietf.org>; Fri, 20 Mar 2015 12:55:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=l2Ow48rF9UGXXLSc4cZjwes4gJhvzyYo5v6D0rDAFBE=; b=hTLabkbKMQ92n5RGTkFGNmTZCri9kHr3k8+ufXD7/SjbEBQI65HJajU0zIqfoCZ2Pz qpj+ewT2oIrWDngsYe7pP7MKZiegT3Dwy/DnzBjPv02uBbYpQ9vAsmbQ168KWn0ILZuA PDSIc685u6x0vMEDlDhzJNixiDa/Dooe35zl0ftBzSwFbc8bWF7ld4QrIDx1Z3RAvCc8 k5QxMpRu+SfT0wo0MOrPRJ6heqmSKhxitvJIQzlXpw3ZkswgMr7VYTuqoqK+KW7EWnCo 9kycNfyB1SRNtOrhqMDqX6u3jET4DojYt8AeLouMGOEYIZlJV6cEQ6rNw09T5GZr0HBE oWVQ==
MIME-Version: 1.0
X-Received: by 10.180.75.103 with SMTP id b7mr27287739wiw.32.1426881329483; Fri, 20 Mar 2015 12:55:29 -0700 (PDT)
Received: by 10.194.5.97 with HTTP; Fri, 20 Mar 2015 12:55:29 -0700 (PDT)
In-Reply-To: <550800B2.1090208@globis.net>
References: <20150217193324.25368.88002.idtracker@ietfa.amsl.com> <CADZyTknR_5Csm+gD_BbtNtKYxdycuikeyHt+cxMuqWw3fHvdkQ@mail.gmail.com> <54F6F93F.8030602@globis.net> <CADZyTk=57sH=_T1HDF_vv8CKwPyjpQpXqzP5v+FzwPBqOdx9sw@mail.gmail.com> <5504CCDE.709@gmail.com> <CADZyTkmoSQfo8E+WM7U5yrqF9vFo6q9bN1LnS4v5RyCY4FDCdA@mail.gmail.com> <550800B2.1090208@globis.net>
Date: Fri, 20 Mar 2015 15:55:29 -0400
Message-ID: <CADZyTkmODEOx=098-uj=YcOAXExqQ0z6BRYDuMLwxvS4SzyUdA@mail.gmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
To: Ray Hunter <v6ops@globis.net>
Content-Type: multipart/alternative; boundary="f46d043be2a8c7d55d0511bdb2fe"
Archived-At: <http://mailarchive.ietf.org/arch/msg/homenet/qQwOTudIeqc-8D5DFwTqUMi4pvo>
Cc: "homenet@ietf.org" <homenet@ietf.org>
Subject: Re: [homenet] Fwd: I-D Action: draft-ietf-homenet-naming-architecture-dhc-options-01.txt
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2015 19:55:33 -0000
Hi Ray,
Please see my comments in text.
I think the description of the requirements and overall chain of events is
> excellent. Thanks for that.
>
> However I'm not particularly convinced by the security and authentication
> mechanisms, as the proposed text just seems to punt these to another
> transport protocol.
>
Thank you for raising this point, but this is not the case. I need to make
the text clearer. When a renumbering occurs, the Hidden Master changes its
IP address, and has to provide the new IP address to the slave. This can be
done with DNS extensions or other layers. I will update the section 9.1.2
to clarify this.
>
> I also don't see the recovery mechanism/ how to distinguish between a
> break before make event, and a make before break where the ISP's DNS
> servers may not be reachable at the moment of renumbering, or that a
> Homenet is simply not reachable for some time, and comes up "unnumbered"
> with no old IP, or that the Homenet never comes back at all. It seems to me
> that you could also end up hosting lots of cruft in the ISP servers, and
> there's a need for some garbage collection.
>
> I am not sure I correctly get the use case:
a) It seems to me you consider also the case where the slave is being
renumbered. I did not considered this point and assume these servers will
hardly renumbered.
b) It also seems to me you consider a Homenet work that is removed or
not in used, and you wonder what happen to the zone? My understanding is
that it is similar a service you subscribed and you do not use. Do you mean
that we should state that after some time, the slave may remove its zone?
Can you please elaborate on the use cases you think we should comment? Is
sounds to me these considerations may not be related to renumbering, but
instead to general operations.
> I also expect we need some more limitations on when/why a slave would poll
> an unknown hidden master, otherwise it seems to me that we have a nice DoS
> vector/ amplification attack. A number of attack machines could spoof
> notification messages pointing to various ISP slave systems, all pointing
> to a common target victim "new" hidden master.
>
This is mentioned in the NOTIFY RFC1996 in the security consideration. A
forged NOTIFY results makes the slave trigger a SOA query. These are small
paquets, thus the amplification factor is very small. RFC1996 qualify it as
a begnin DoS attack. But I agree I will comment on that. Actually I though
of writing a specific section on it. That will be done in the next version
anyway.
>
> It feels to me like
> 1) we need a more reliable update mechanism between the hidden master and
> the slaves (to cover longer-term unreachability events, or a Homenet hidden
> master going off air permanently)
> 2) we need a more effective authentication mechanism for triggering
> updates, that is source IP address agnostic.
>
This is the case, as authentication is based only cryptographic keys. The
IP address is only used for reach-ability and is never used otherwise.
>
> --
> Regards,
> RayH
>
>
--
Daniel Migault
Ericsson
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Brian E Carpenter
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Daniel Migault
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Daniel Migault
- [homenet] Reneumbering [ I-D Action: draft-ietf-h… Brian E Carpenter
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Ray Hunter
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Daniel Migault
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Ray Hunter
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Daniel Migault
- [homenet] I-D Action: draft-ietf-homenet-naming-a… internet-drafts
- [homenet] Fwd: I-D Action: draft-ietf-homenet-nam… Daniel Migault
- Re: [homenet] Fwd: I-D Action: draft-ietf-homenet… Ray Hunter