Re: [nbs] I-D Action:draft-ubillos-name-based-sockets-03.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 17 October 2010 03:48 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: nbs@core3.amsl.com
Delivered-To: nbs@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8CD7D3A694F for <nbs@core3.amsl.com>; Sat, 16 Oct 2010 20:48:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.401
X-Spam-Level:
X-Spam-Status: No, score=-102.401 tagged_above=-999 required=5 tests=[AWL=0.198, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZaCp6Jq6gn0O for <nbs@core3.amsl.com>; Sat, 16 Oct 2010 20:48:30 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by core3.amsl.com (Postfix) with ESMTP id 8DD2A3A686B for <nbs@ietf.org>; Sat, 16 Oct 2010 20:48:30 -0700 (PDT)
Received: by gxk8 with SMTP id 8so1078166gxk.31 for <nbs@ietf.org>; Sat, 16 Oct 2010 20:49:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :organization:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=zUCmIFKSTleGNh9uoRqx+/5Fw3y7vWdB51vMOJaRWdM=; b=meHhOrj95V0EJEW+5dnlvzk00PVmhB4coaFZGTwYTAwFKHn57QY1L+FUBMKQCyZY9/ yz3YZExaJZ1MLHtKAyCcYa+GF/7pn3nZTQG8YdO3iHBwY441pVohssxoEjFVo87kW8kK uO0n0fuH7ZoB72P7tjt+bb85j+brXqr09bweQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; b=H4jdKxrxpc7B8N3OtNhpjYKVxyoUwB+Bq779QSbbe+Xuaa5ezfUV5M7IhRI6u1uppk 4aC0xo3t3iIJ3GxbskjN9yI8U9bM/rY5uS/2ZY/xkttSfXc4U9G3Ghh7xz2hAyACKNZK aNY4wHAgYYl1Ds/KGmIgE5ygd4cnm33xF1wig=
Received: by 10.236.103.176 with SMTP id f36mr3947274yhg.1.1287287395406; Sat, 16 Oct 2010 20:49:55 -0700 (PDT)
Received: from [10.1.1.4] ([121.98.142.15]) by mx.google.com with ESMTPS id c4sm7848759yha.40.2010.10.16.20.49.53 (version=SSLv3 cipher=RC4-MD5); Sat, 16 Oct 2010 20:49:54 -0700 (PDT)
Message-ID: <4CBA725A.30702@gmail.com>
Date: Sun, 17 Oct 2010 16:49:46 +1300
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: nbs@ietf.org
References: <20100917140001.E64E93A69BA@core3.amsl.com>
In-Reply-To: <20100917140001.E64E93A69BA@core3.amsl.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [nbs] I-D Action:draft-ubillos-name-based-sockets-03.txt
X-BeenThere: nbs@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Name based sockets discussion list <nbs.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nbs>, <mailto:nbs-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nbs>
List-Post: <mailto:nbs@ietf.org>
List-Help: <mailto:nbs-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nbs>, <mailto:nbs-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2010 03:48:31 -0000

Hi,

A few comments on the draft:


>    Once the name exchange has been performed successfully the complete
>    feature set will be made available to the communication
>    automatically.

That sentence makes me feel very hungry. What are those features
and where are they discussed?

> 4.1.  Name format
> 
>    Names can be provided in any of three ways.
> 
>    o  FQDN.  The Fully Qualified Domain Name of the host.  This will
>       allow e.g.  DNSsec to provide authenticity of the name.

Actually, doesn't DNSSEC prove authenticity of the name==address(es)
equivalence? The name itself is just a character string.

> 
>    o  ip6.arpa.  Using one of the hosts interfaces addresses as a name.

Why would I want to use this?

> 
>    o  Nonce.  A one-use only session identifier.

That really needs a lot more explanation.

In general the draft can't stand alone; it needs an NBS
architecture document to go with. I'm sure that can be built
out of Christian's existing document.

> 6.  Security Considerations

Maybe it doesn't belong here, but we need a threat analysis,
so that we can figure what the security issues are, and
to what extent DNSSEC solves them.

Regards
   Brian Carpenter