Paul Wouters has entered the following ballot position for draft-ietf-homenet-naming-architecture-dhc-options-21: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-homenet-naming-architecture-dhc-options/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- This might be my misunderstanding of homenet, so hopefully easy to resolve. The HNA (hidden primary?) to DM (primary) DNS communication using DNS Update needs some kind of authentication, TSIG or SIG0 ? While TLS gives you privacy, the DNS Update cannot be done with only TLS (as far as I understand it). I don't see any DHCP options to relay authentication information for automatic deployment? So I don't understand how this would startup and be able to setup a secure DNS update channel ? There was also talk about using ACME for TLS certificates, but wouldn't that require that the HNA already has a provisioned and working homenet domain ? (possibly more a question for the other draft, but just adding it here in case the hidden primary to primary is an "almost DNS Update" protocol that uses TLS instead f TSIG/SIG0. _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
