IETF Logo Mail Archive

Re: [homenet] securing zone transfer

Juliusz Chroboczek <jch@irif.fr> Wed, 12 June 2019 01:10 UTC

Return-Path: <jch@irif.fr>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A4D41200B4 for <homenet@ietfa.amsl.com>; Tue, 11 Jun 2019 18:10:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tJoIyWqthxuf for <homenet@ietfa.amsl.com>; Tue, 11 Jun 2019 18:10:45 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B901212009C for <homenet@ietf.org>; Tue, 11 Jun 2019 18:10:44 -0700 (PDT)
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x5C1Aciw020988; Wed, 12 Jun 2019 03:10:38 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id D76C95156B; Wed, 12 Jun 2019 03:10:40 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id Jd_3oZQ820o7; Wed, 12 Jun 2019 03:10:36 +0200 (CEST)
Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id CD37351561; Wed, 12 Jun 2019 03:10:34 +0200 (CEST)
Date: Wed, 12 Jun 2019 03:10:34 +0200
Message-ID: <87ftofwqut.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: homenet <homenet@ietf.org>, Daniel Migault <daniel.migault@ericsson.com>
In-Reply-To: <2348.1560261275@localhost>
References: <CADZyTkkgd8f49V+yoZvPZXx3b-_YRzpgUY1-obroq9QMLnFWNw@mail.gmail.com> <878su8fj24.wl-jch@irif.fr> <2348.1560261275@localhost>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Wed, 12 Jun 2019 03:10:38 +0200 (CEST)
X-Miltered: at korolev with ID 5D00510E.001 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D00510E.001 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D00510E.001 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/sPuWM5F2mORyPb8zfoPi3UHpSRA>
Subject: Re: [homenet] securing zone transfer
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 01:10:48 -0000

Dear Michael,

>> Please see my unanswered e-mail of 21 November 2018.

>> https://mailarchive.ietf.org/arch/msg/homenet/vz1kdCJISN6UPNZpj9ZD4e8EdwQ

Thank you for your detailed reply.  I'm glad we're finally having
a discussion about my objections to Daniel's proposal.

> We strongly believe that the HNA needs to know the list of names in
> order to be able to answer for those names when there is unstable (or
> no) Internet connectivity.

> Otherwise, applications and people have to know two different names for the
> service. (A public one for when away, and the .local one)

That's a good point.  While I happen to believe that it's reasonable to
have a service known as "boombox.local" from home, and
"boombox.jch.example.org" from the Internet, this might be inconvenient
for e.g. smartphone users.

>    o  the credentials for the dynamic DNS server need to be securely
>       transferred to the hosts that wish to use it.  This is not a
>       problem for a technical user to do with one or two hosts, but it
>       does not scale to multiple hosts and becomes a problem for non-
>       technical users.

I think that's our main disagreement.

For some reason, you guys seem to be assuming that the average user will
want to publish hundreds of names in the global DNS.

However, none of the end-user services that I know use incoming
connections require a name in the global DNS to function (WebRTC, Skype,
online games, BitTorrent, remote desktops, BTSync/Resilio, syncthing).
Thus, my assumption is that the typical user will want to publish exactly
0 public names, and that only the extreme geek will publish up to 3 or 4
(music server, NAS, game server, web server with family photographs).

Richard, Daniel -- please be so kind as to explain why you think my
assumption is wrong.  How many names do you envision wanting to publish in
the public DNS, and for what purpose?

-- Juliusz

v2.23.0 | Report a Bug | By Email