IETF Logo Mail Archive

Re: [homenet] WGLC on "redact" and "homenet-dot"

Ralph Droms <rdroms.ietf@gmail.com> Mon, 12 December 2016 16:33 UTC

Return-Path: <rdroms.ietf@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBC37129CFF for <homenet@ietfa.amsl.com>; Mon, 12 Dec 2016 08:33:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4XlwoafYvA7L for <homenet@ietfa.amsl.com>; Mon, 12 Dec 2016 08:33:04 -0800 (PST)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD6E4129D4D for <homenet@ietf.org>; Mon, 12 Dec 2016 08:29:31 -0800 (PST)
Received: by mail-qk0-x22a.google.com with SMTP id n204so88108388qke.2 for <homenet@ietf.org>; Mon, 12 Dec 2016 08:29:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=izgfUA3pIaxle3qaZkxm3qli3fZ0PVYhIdnYl+j783o=; b=R2V6Md8EZH8UNkBswQF9BQsZUaoQet5gUCi7fVpnU+NYY1ajka7Ig2FuRloKr2BT8+ zimoK46l6y7/xqFcDUPw0iTOxhPScSpJOyhSRyCUfNs22OhfleJV8Iv9OVtq3K21m68v ijM+noiaaTjYzdjMRYWgcB/Uojnk+WZCJXzTW+JXtaiusLBZpO5fRQYOz2bt/JvAKb8F Lf35FLd+Ao9Semw3Xo1MvI+6Somm8DLprVL4WcmJgw3vLyElbo2N5vaaN+LYtoLhnfeo ptCXVken9ilpXMFYDsI/D+t6hpN+1+9+6XKGqKY9eEUPoI3jJdZDN0YueyVvS8zB1tvx Q1qQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=izgfUA3pIaxle3qaZkxm3qli3fZ0PVYhIdnYl+j783o=; b=kTghSCBvRPM/E1n/lLKcHXQfA838SkC01YgdGyE0VhgMngmb7dU0m2wjU9l/xJ+7jE sSthanPzl6Sg5nUo/BScbMKPon9F+9EOvpPPigVY7i9dC53RR2CRl01B+z6oBQpaSfSm btuDmljbDke9wFZHLSTyLx6lhSO5gjl70CAh+lDEY96048GKyuxRe/bG+CDtPJWOGZqn 3C9U/QWrCce74Ct/8lbQgro/MK7EukDd1H9rUPO7YFrXl/88SC60tYpfLQ8CSgEtF2gp LzdF0mQdMZvlEEuo9jB4A7hUcF68VzFkH4PGO+q6/gIEy0egIiH71bI1BAVdV6rz2s6Z Z7Yw==
X-Gm-Message-State: AKaTC02MjTWGB9mVGJz/HF3Dq5NrhsI+sp/8k4m4y2FwZvvwlbBA9e2G7scHy2+h2QuXag==
X-Received: by 10.55.160.136 with SMTP id j130mr76755200qke.108.1481560170987; Mon, 12 Dec 2016 08:29:30 -0800 (PST)
Received: from ?IPv6:2601:18f:801:600:4fe:6c57:3aaf:c665? ([2601:18f:801:600:4fe:6c57:3aaf:c665]) by smtp.gmail.com with ESMTPSA id l135sm26800732qke.13.2016.12.12.08.29.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Dec 2016 08:29:30 -0800 (PST)
From: Ralph Droms <rdroms.ietf@gmail.com>
Message-Id: <4C14E0EB-735E-4D21-8DB0-F7944F8AB4D0@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_4622DFD1-3D1B-4B7C-A7AA-FAE8D895725B"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Date: Mon, 12 Dec 2016 11:29:29 -0500
In-Reply-To: <CAPt1N1=Z2xERw68-=iFGgYYnEO3eDW-8tvhmTmaf4+vU-24grQ@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
References: <4ab2a538-603e-4e7a-3be9-ad75ed459006@bellis.me.uk> <B192A1B3-03FF-43D1-AD30-12BBA2D65DF0@gmail.com> <9fe0e34d-51e9-bdf3-a650-d8b3681f1cd8@bellis.me.uk> <CAPt1N1=Z2xERw68-=iFGgYYnEO3eDW-8tvhmTmaf4+vU-24grQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/rk2Cz4s9RBhjMnQqW2IGs5nMSPA>
Cc: HOMENET <homenet@ietf.org>
Subject: Re: [homenet] WGLC on "redact" and "homenet-dot"
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2016 16:33:07 -0000

Ted - thanks for posting a clear summary of the situation for WG discussion and consensus.  Two questions in line…

> On Dec 12, 2016, at 10:46 AM, Ted Lemon <mellon@fugue.com> wrote:
> 
> One thing that I think the working group should be aware of, although I don't know if this awareness will change anything, is that the situation with the .homenet allocation is less simple than we would prefer: it's not really simply a matter of adding .homenet to the special use domain names registry.   The reason is that we need DNS resolution to work properly for domains under .homenet, and this has to work even if a host is doing DNSSEC validation.
> 
> At present, if you were to configure a homenet router with .home or .homenet as the local domain, this would work perfectly nicely until you turned on DNSSEC validation, at which point all the names in either hierarchy would disappear.   The reason for this is that the root zone provides proof of nonexistence for nonexistent names in that zone.
> 
> It is possible to address this problem by requesting ICANN to put an insecure delegation in the root zone.   The problem is that from a process perspective, this is a _lot_ more heavyweight than doing a special-use domain name allocation, and has no guarantee of success.   This wasn't such an issue for .onion when we did it, because .onion _wants_ a secure denial of existence--we _never_ want a .onion query to actually happen if the name has been handed to a resolver that doesn't understand .onion explicitly.   This is not true for .homenet.
> 
> There are two approaches we can take to this.   One is to proceed--ask ICANN to do the delegation and see what happens.   The other is to take the more expedient, less satisfying approach: use .home.arpa instead of .homenet.   I'm not in love with this as an end solution, but it has the advantage that the IAB controls .arpa, and so we can get an unsecure delegation right away assuming the IAB agrees.   I see no reason to think they would not.   It's a bit more typing, and there is the problem that the fourth google result for arpa is "Advanced Research Projects Agency.   But it would work, and quickly, and would keep the whole process in the family.
> 
> The other alternative is to continue with the original plan: do the special-use names registry allocation, and send a liason to ICANN asking them to do the unsecure delegation.   The downside to this approach is that we won't know whether the outcome will be success or failure for a long time, possibly several years.   And the outcome could very well be failure.   The upside is that we get the name we all want; the downside is that we are a long way down the road with no win.

So, now I’m a little confused by the alternatives; for clarity, does the paragraph that begins “The other alternative” refer back to the “ask ICANN to do the delegation” approach?

> 
> I should point out that whichever way we go, we already have solved the immediate problem: we have a name that HNCP can use, the potential liability for IETF is dealt with, and our prototypes can be made to work.

Are you referring to “.home”, “.homenet”, “.home.arpa” or some other name to use as the HNCP default?

- Ralph

> So I am personally okay with either decision.   Our AD, Terry, may have more of a sense of what ICANN will do (but to some extent he really can't know, because it's up to committees within ICANN to actually make this decision).   I'm mentioning this now not to derail the process, but simply to make it really clear what our expectations should be.   The reason that this didn't come up in Seoul is that it didn't actually click for me that we had a serious problem until several of us were chatting on the way out of the room, after the working group had already decided to proceed.
> 
> On Thu, Dec 1, 2016 at 9:02 AM, Ray Bellis <ray@bellis.me.uk <mailto:ray@bellis.me.uk>> wrote:
> 
> 
> On 21/11/2016 13:25, Ralph Droms wrote:
> > (Updated comments on draft-ietf-homenet-dot originally posted prior to the WG last call)
> 
> Thanks Ralph.
> 
> I'd like to remind the WG that the LC is due to run until Friday
> December 16th, so please anyone else with comments please get them in.
> 
> Ray
> 
> _______________________________________________
> homenet mailing list
> homenet@ietf.org <mailto:homenet@ietf.org>
> https://www.ietf.org/mailman/listinfo/homenet <https://www.ietf.org/mailman/listinfo/homenet>
> 
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet

v2.23.0 | Report a Bug | By Email