Re: [OPSAWG] [Mud] changes to draft-richardson-opsawg-mud-iot-dns-considerations-03.txt

Eliot Lear <lear@cisco.com> Mon, 28 September 2020 07:03 UTC

Return-Path: <lear@cisco.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0883B3A096B; Mon, 28 Sep 2020 00:03:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxWKc4ongdCE; Mon, 28 Sep 2020 00:03:53 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B01E3A0928; Mon, 28 Sep 2020 00:03:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8807; q=dns/txt; s=iport; t=1601276633; x=1602486233; h=from:message-id:mime-version:subject:date:in-reply-to:cc: to:references; bh=eRC7zWxffaKj3vNkuNogKm4Z28YPxdjrE5pokgS47Sw=; b=OgH2pSscWXJdSrVZM7C6+qHpI7VBjuyKWs5GrCHqgn2Edzh2c2v0boVj n9Cm2XVvlLqRcZMkPGQA+KLeAcwTX+xi02kHfqbcI/KK4axeIXzTJlqdD cyaQJmgvNNVW67JQKYTb8FauB74CbeyXIN3/uo7Sb1DJhk6mRuqtLgG6+ 4=;
X-IPAS-Result: =?us-ascii?q?A0CvAAD9iXFf/xbLJq1fHAEBAQEBAQcBARIBAQQEAQGBf?= =?us-ascii?q?gQBAQsBgSKBB4FFASASLIQ9iQKIHiaKDol6iBkLAQEBDQEBLwQBAYRLAoIxJ?= =?us-ascii?q?jcGDgIDAQEBAwIDAQEBAQUBAQECAQYEbYVohXIBAQEBAgEjBFIFCwsYKgICI?= =?us-ascii?q?TYGE4MmgkwDDiCzV3Z/M4VTglENgiSBOAGNSIIAgREnDBCCTT6CGoILgy8zg?= =?us-ascii?q?i0EkBOKSJwVUYJxgxOSO4UJAx+DDZ4GlQCLXI5cg10CBAYFAhWBaiQ3gSAzG?= =?us-ascii?q?ggbFWUBgj4+EhkNnGg/AzA3AgYBCQEBAwmPTQEB?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.77,313,1596499200"; d="scan'208,217"; a="27518654"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 28 Sep 2020 07:03:49 +0000
Received: from dhcp-10-61-108-189.cisco.com (dhcp-10-61-108-189.cisco.com [10.61.108.189]) by aer-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id 08S73m6O015869 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 28 Sep 2020 07:03:48 GMT
From: Eliot Lear <lear@cisco.com>
Message-Id: <DEFC53B1-E144-4919-A993-EC74B1BBE9D8@cisco.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_83248D0C-F8D6-45ED-8706-A42A4A31A3DD"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Mon, 28 Sep 2020 09:03:48 +0200
In-Reply-To: <CAFpG3gduUBhNDQOO3mR1_cmyuw5Lo26bYP_mgutKwUVeN1TMug@mail.gmail.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, opsawg <opsawg@ietf.org>, mud@ietf.org
To: tirumal reddy <kondtir@gmail.com>
References: <160082461431.2339.6222888407127336620@ietfa.amsl.com> <15779.1600960819@localhost> <BCB5CBD9-78C0-471A-8C32-88E4FD406136@cisco.com> <CAFpG3gdMxw2QGUFhWQELYT8oaMgVuvc5_hQf_Pfk3T3vwc2rmA@mail.gmail.com> <15491.1601055706@localhost> <CAFpG3gc-PoAdvCB5p201-uZrMsdi4Cr1hR_YM-z2bgD9tvZVUw@mail.gmail.com> <01E82C2E-1F3E-49AD-B900-45B3F834A127@cisco.com> <CAFpG3gduUBhNDQOO3mR1_cmyuw5Lo26bYP_mgutKwUVeN1TMug@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Outbound-SMTP-Client: 10.61.108.189, dhcp-10-61-108-189.cisco.com
X-Outbound-Node: aer-core-2.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/So1qZ0SiRg0ZKsNlp6Oyaz1Irng>
Subject: Re: [OPSAWG] [Mud] changes to draft-richardson-opsawg-mud-iot-dns-considerations-03.txt
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2020 07:03:55 -0000

Tiru

> On 28 Sep 2020, at 08:52, tirumal reddy <kondtir@gmail.com> wrote:
> 
> Not necessarily.  That is a matter of signaling between the CPE and the ISP.
> 
> No, the special use domain name (SUDN) does not require any update to the CPE. The signaling from the endpoint is resolved by the ISP DNS recursive server and, it is not between the CPE and the ISP.

All I am saying is this:

     ,--------.          ,---.           ,------.
     |Endpoint|          |CPE|           |ISPDNS|
     `---+----'          `-+-'           `--+---'
         |          1 A/AAAA Query          |    
         | --------------------------------->    
         |                 |                |    
         |        2 Response(A/AAAA)        |    
         | <---------------------------------    
         |                 |                |    
         |                 |3 add ACL/TR.369|    
         |                 | or similar     |    
         |                 |<----------------    
     ,---+----.          ,-+-.           ,--+---.
     |Endpoint|          |CPE|           |ISPDNS|
     `--------'          `---'           `------'

You can substitute “ISPDNS” for whoever offers the CPE (like Google/Eero/etc, so long as the DNS infra and CPE know about one another and agree on a control channel).

Eliot