IETF Logo Mail Archive

Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS

Mark Andrews <marka@isc.org> Thu, 19 July 2018 14:00 UTC

Return-Path: <marka@isc.org>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEB2C1310CD for <homenet@ietfa.amsl.com>; Thu, 19 Jul 2018 07:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aF5CUm-haNVQ for <homenet@ietfa.amsl.com>; Thu, 19 Jul 2018 07:00:00 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB5BD13109A for <homenet@ietf.org>; Thu, 19 Jul 2018 07:00:00 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id AED7B3AB05D; Thu, 19 Jul 2018 14:00:00 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 78A1616006D; Thu, 19 Jul 2018 13:59:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 6D47B16006C; Thu, 19 Jul 2018 13:59:57 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id JWkfsmuU-bGA; Thu, 19 Jul 2018 13:59:57 +0000 (UTC)
Received: from [IPv6:2001:67c:370:1998:602b:6fba:5d8:75f7] (nat64-6c.meeting.ietf.org [31.130.238.108]) by zmx1.isc.org (Postfix) with ESMTPSA id EDB07160048; Thu, 19 Jul 2018 13:59:56 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <04C35AA3-79A3-444D-A1AB-F015DD940E6B@isc.org>
Date: Thu, 19 Jul 2018 23:59:55 +1000
Cc: Homenet <homenet@ietf.org>, Ted Lemon <mellon@fugue.com>, Daniel Migault <daniel.migault@ericsson.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C2F1CBE8-F52B-4C4B-9FE2-1C56D252692C@isc.org>
References: <87sh4g1bqe.wl-jch@irif.fr> <249918E0-8E8F-44A9-B1ED-0D4F91104B20@isc.org> <877elsovmq.wl-jch@irif.fr> <CAPt1N1msXi1BG9RTDr2sWnn8J6F45CnESJCg4LTP-4jP9mVJxw@mail.gmail.com> <87tvovd0jp.wl-jch@irif.fr> <CAPt1N1mbTNAKiA-QZMGVwFDajAB1frWX63amdxUj=OnRz2jrew@mail.gmail.com> <87601bcq00.wl-jch@irif.fr> <04C35AA3-79A3-444D-A1AB-F015DD940E6B@isc.org>
To: Juliusz Chroboczek <jch@irif.fr>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/u5iwlcrVRiWuFkXXr46IyCmIs6o>
Subject: Re: [homenet] draft-ietf-homenet-front-end-naming-delegation vs. DynDNS
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Jul 2018 14:00:12 -0000


> On 19 Jul 2018, at 11:58 pm, Mark Andrews <marka@isc.org> wrote:
> 
> 
> 
>> On 19 Jul 2018, at 11:30 pm, Juliusz Chroboczek <jch@irif.fr> wrote:
>> 
>>>   I am not speaking about discovery within the Homenet. I am speaking about
>>>   exporting names into the global DNS, which is what Daniel's draft is
>>>   about.
>> 
>>> Yes, but the problem is that you are treating this as if these are two
>>> separate problems, but they are not.
>> 
>> These are two completely different problems, with different default
>> behaviours and different failure modes.
>> 
>> The default behaviour for the local zone is that devices should be
>> discoverable.  The default behaviour for the public DNS is that a device
>> should not be published unless it takes explicit action.
>> 
>> It makes a lot of sense to have two different protocols, rather than
>> essentially leaking a local zone into the ISP's DNS servers.
>> 
>>>   I'm not following your reasoning here -- why does the zone being tied to
>>>   the ISP imply that we must use a more complex protocol?
>> 
>>> Doing this transaction over HTTP means another service that the ISP has
>>> to operate,
>> 
>> Not the ISP, a third-party DNS provider.  That's the whole point.
>> 
>>> and another service that the HNR has to connect to.
>> 
>> Not the HNR, the end host.  That's the whole point.
>> 
>> And it's literally four lines of shell:
>> 
>>   while true; do
>>       wget --post-data 'name=gameserver.myhome.net&password=topsecret' \
>>            https://dyndns.example.com
>>       sleep $((24 * 3600))
>>   done
> 
> vs
> 
> while true; do
> 	(
> 		# delete all the existing AAAA records
> 		update delete host.example.com IN AAAA
> 		# add in all the GUA AAAA records
> 		ifconfig -a inet6 |
> 			sed -n -e '/%/d' -e '/ ::1 /d' -e '/ fd[0-9a-f][[0-9a-f]:/d’ \
> 	       		-e 's/inet6/update add host.example.com 3600 IN AAAA/‘ \
> 	       		-e 's/ prefixlen.*//p’
> 		# tell nsupdate to send the update request.  Nsupdate will work out zone and
> 		# DNS servers to send the update request too.
> 		echo send
> 	) | nsupdate -y Khost.example.net.+001+56524
> 	sleep $((24 * 3600))
> done

And I forgot to mention that this supports multiple AAAA records.

> 
>>>   Quite the opposite. In the trivial update protocol, the update is
>>>   end-to-end, encrypted, and only the host and the DNS provider see the
>>>   data.
>> 
>>> You've published a record in a public zone. It doesn't matter that the
>>> protocol you used to publish it is privacy-protecting, because the
>>> publication of the name immediately negated that.
>> 
>> With delegation through an ISP-controlled hidden master, the ISP gets
>> a database of all the names published by all of its users.
>> 
>> With an encrypted connection to a DNS provider, the ISP needs to troll all
>> of the DNS providers in order to build such a database.
>> 
>>> I actually share your concern that what he's got written down right now
>>> is more complicated than it needs to be, and this is partly because it
>>> was originally motivated by his work at an ISP.
>> 
>> Uh-huh.
>> 
>> -- Juliusz
>> 
>> _______________________________________________
>> homenet mailing list
>> homenet@ietf.org
>> https://www.ietf.org/mailman/listinfo/homenet
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
> 
> _______________________________________________
> homenet mailing list
> homenet@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email