Re: [nbs] I-D Action:draft-ubillos-name-based-sockets-03.txt

Brian E Carpenter <> Sun, 17 October 2010 03:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8CD7D3A694F for <>; Sat, 16 Oct 2010 20:48:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.401
X-Spam-Status: No, score=-102.401 tagged_above=-999 required=5 tests=[AWL=0.198, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZaCp6Jq6gn0O for <>; Sat, 16 Oct 2010 20:48:30 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 8DD2A3A686B for <>; Sat, 16 Oct 2010 20:48:30 -0700 (PDT)
Received: by gxk8 with SMTP id 8so1078166gxk.31 for <>; Sat, 16 Oct 2010 20:49:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=zUCmIFKSTleGNh9uoRqx+/5Fw3y7vWdB51vMOJaRWdM=; b=meHhOrj95V0EJEW+5dnlvzk00PVmhB4coaFZGTwYTAwFKHn57QY1L+FUBMKQCyZY9/ yz3YZExaJZ1MLHtKAyCcYa+GF/7pn3nZTQG8YdO3iHBwY441pVohssxoEjFVo87kW8kK uO0n0fuH7ZoB72P7tjt+bb85j+brXqr09bweQ=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; b=H4jdKxrxpc7B8N3OtNhpjYKVxyoUwB+Bq779QSbbe+Xuaa5ezfUV5M7IhRI6u1uppk 4aC0xo3t3iIJ3GxbskjN9yI8U9bM/rY5uS/2ZY/xkttSfXc4U9G3Ghh7xz2hAyACKNZK aNY4wHAgYYl1Ds/KGmIgE5ygd4cnm33xF1wig=
Received: by with SMTP id f36mr3947274yhg.1.1287287395406; Sat, 16 Oct 2010 20:49:55 -0700 (PDT)
Received: from [] ([]) by with ESMTPS id c4sm7848759yha.40.2010. (version=SSLv3 cipher=RC4-MD5); Sat, 16 Oct 2010 20:49:54 -0700 (PDT)
Message-ID: <>
Date: Sun, 17 Oct 2010 16:49:46 +1300
From: Brian E Carpenter <>
Organization: University of Auckland
User-Agent: Thunderbird (Windows/20070728)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [nbs] I-D Action:draft-ubillos-name-based-sockets-03.txt
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Name based sockets discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 17 Oct 2010 03:48:31 -0000


A few comments on the draft:

>    Once the name exchange has been performed successfully the complete
>    feature set will be made available to the communication
>    automatically.

That sentence makes me feel very hungry. What are those features
and where are they discussed?

> 4.1.  Name format
>    Names can be provided in any of three ways.
>    o  FQDN.  The Fully Qualified Domain Name of the host.  This will
>       allow e.g.  DNSsec to provide authenticity of the name.

Actually, doesn't DNSSEC prove authenticity of the name==address(es)
equivalence? The name itself is just a character string.

>    o  Using one of the hosts interfaces addresses as a name.

Why would I want to use this?

>    o  Nonce.  A one-use only session identifier.

That really needs a lot more explanation.

In general the draft can't stand alone; it needs an NBS
architecture document to go with. I'm sure that can be built
out of Christian's existing document.

> 6.  Security Considerations

Maybe it doesn't belong here, but we need a threat analysis,
so that we can figure what the security issues are, and
to what extent DNSSEC solves them.

   Brian Carpenter