On 03-Dec-21 07:01, Michael Richardson wrote:
* While reviewing latest updates; one other issue came up: the draft (re
* latest in Github) currently mentions DNS-SD as a means for a Pledge to
* discover a Join Proxy.
please note that this discovery occurs on the untrusted ("DULL") side.
Brian E Carpenter <brian.e.carpen...@gmail.com> wrote:
I think there's another reason for deferring it. We have a pending proposal
in draft-eckert-anima-grasp-dnssd for how DNS-SD will integrate in an
autonomic environment. It seems wise to have more clarity about that before
defining how DNS-SD works for a Join Proxy. The two things may be
completely orthogonal, but that requires a little thought.
I don't think we can assume any GRASP or DNS-SD interoperation on the
untrusted side. It's just a bad idea.
Yes. Probably that merits a MUST NOT in the Security Considerations of
draft-eckert-anima-grasp-dnssd.
Brian
As for the Join Proxy discovering the Registrar, that's a different question.
We defined GRASP already for that. If we have a DNS-SD method as well, then
that would just be an additional method inside an ACP.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
