Re: [homenet] New version draft-mglt-homenet-naming-architecture-dhc-options-02.txt

Daniel Migault <> Thu, 03 July 2014 10:25 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 4789C1B2814 for <>; Thu, 3 Jul 2014 03:25:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ukZHMRKJBiui for <>; Thu, 3 Jul 2014 03:24:59 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c05::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6BD551A04AC for <>; Thu, 3 Jul 2014 03:24:59 -0700 (PDT)
Received: by with SMTP id hi2so1966326wib.1 for <>; Thu, 03 Jul 2014 03:24:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=EwDWY7g362iaV+RofHLSY1tQatw87cm/Gj18txMdtLs=; b=ePKUWMZdBjHtyIH9IMqMirPc0BPm4a7Mv3rx6MJOVk9Q6++BHfxysvHtbOMslhr8Oe QbW7bUBM/XW5K607LIMiuo86UO+Fp92sHVoAE2zCg9KPWN0C7xVKe23g1pYyzocy5jzx /mOZGxGv8oGjdGz2JigiPLlZsjS0LuTudBvjpV+E71YrBH9LCuZZaI+n6A1NVWSTXc3a 3V7H3+epFCw4K58rwB67dRAWEzU1V8a1rUaheBoygzQ03KkFdn5S8HerjAHJyO89RqF4 vdw4m6CKwtPlLtbUNk8oVrNTB8oqehC+JkM2rzEcxz5wCKON4LwE3FmGEnmcXRXyRuDK WrWw==
MIME-Version: 1.0
X-Received: by with SMTP id bw4mr40286295wib.42.1404383095683; Thu, 03 Jul 2014 03:24:55 -0700 (PDT)
Received: by with HTTP; Thu, 3 Jul 2014 03:24:55 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Thu, 3 Jul 2014 12:24:55 +0200
Message-ID: <>
From: Daniel Migault <>
To: Juliusz Chroboczek <>
Content-Type: multipart/alternative; boundary=f46d043c81be8cecc104fd476be7
Cc: "" <>
Subject: Re: [homenet] New version draft-mglt-homenet-naming-architecture-dhc-options-02.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 Jul 2014 10:25:02 -0000


Thanks for the question. If I understand it properly, the use case you
consider: 1) you set up a web server in your homenet, 2) you want it to be
accessed from the outside so you register your domain name and register the
IP address to the zone. Note that In this case, the Authoritative Naming
service is outsourced to a third party which is what we want to achieve to.

Your case is very specific. First your web server is a fixed node that is
expected to last at least a few years in your home network. This makes
manual configuration feasible. Then you only have one node you may install
a specific software that updates the IP address to the DNS authoritative
servers. This is to avoid multiple DNS configuration at every IP
renumbering.  At last you have an interface on your server you may not have
with other nodes. On the other hand, if you have multiple devices, you are
unlikely to handle / edit the zone manually or install the specific
software on each device -- given that some device will not support it.

For this reason we would like the CPE to handle this complexity. The
advantages I see using the CPE are:
    - Ease the naming of device of various nature.
    - CPE remains in the homenet and may be easier to be authenticated than
all different devices.
    - CPE presents a centralized point for end user interactions
    - CPE are "powerful enough" to handle complex policies...
    - CPE can integrate multiple protocols to publish a zone. Suppose mDNS
is used by a node, than registration of its IP address and name cannot be
perfomed on a public authoritative server cannot be performed using mDNS.
   - ....


On Wed, Jul 2, 2014 at 10:38 PM, Juliusz Chroboczek <>; wrote:

> Since I saw a previous version of that in London, I've been wondering
> about one thing, but didn't dare ask.  Please be indulgent if it is
> a stupid question.
> Why does the CPE need to intervene in what is an application layer
> interaction between two consenting adults?  If I'm setting up a web server
> on my home network, I'd expect that negotiating a DNS registration is
> a private matter between the web server and the authoritative DNS master;
> why would I want the CPE to act as intermediary?
> Thanks,
> -- Juliusz

Daniel Migault
Orange Labs -- Security
+33 6 70 72 69 58