I have read: Automated Delegation of IP6.ARPA reverse zones with Prefix Delegation draft-andrews-dnsop-pd-reverse-02
as a method to delegate reverse zones to CPE devices as the prefix is delegated. I find the method entirely sensible, and I think highly secure. I don't know if this belongs in dnsop or in homenet (or dhcpv6, since a new DHCPv6 option is requested, and this enhances DHCPv6-PD): I'll let the INT and Ops ADs sort that out. I suggest that one of these WGs should adopt it, and even suggest that this document should Updates: 6204/7084. If I had the required code point, I would implement it today in an IPv6 ACS I work on (ServPOET), and contribute code to Barrier Breaker OpenWRT (to dnsmasq) to do the client end. I want to say that this is very similar to the way that the "wavesec" mechanism that the FreeS/WAN project experimented with a decade ago (a few Minneapolis and Atlanta IETF networks back around IETF50). We used DHCP to carry a key, this was installed by TSIG update by the DHCP(v4) server, and was used to populate the reverse DNS. The result was an IPsec laptop/32<->gateway(0.0.0.0/0) tunnel, using IPsec for security across the wireless rather than the WEP that was common at the time. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
pgpDhTBZ3mpYs.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet