On 9.7.2014, at 18.01, Juliusz Chroboczek <j...@pps.univ-paris-diderot.fr> wrote: > There's still something I don't understand. If I'm understanding Steve's > and Markus' work correctly, HNCP performs prefix delegation to internal > routers over HNCP, and the internal routers don't proxy stateful DHCPv6 to > the CPE. How does your protocol work in the presence of multiple links? > Or are you assuming that only nodes directly connected to the IHAS/CPE can > be advertised over your protocol?
Or even more weirdly, what if you don’t want stateful DHCPv6? SLAAC + temporary addresses? > Finally, what happens when there are multiple CPEs, which HNCP explicitly > supports? Are you assuming that only one acts as IHAS? .. and how do the zones map to multiple uplinks .. Personally, I don’t believe in auto-exported ~full DNS information from home because current service discovery schemes (mdns, dns-sd, upnp) or even host-name discovery schemes (dhcp*) do not really lend themselves to the external visibility being _opt in_. I don’t really want to publish my home zone, and if I even did, anything that’s firewalled (= everything except few ports on few addresses) is not useful outside the home in any case. Getting security right on ‘all devices’ so you can leave your firewall open by default is a nice dream, but I think I stopped dreaming sometime in the 90s on that front :p Default deny + clued allow is much, much better than the default allow + ISP doing filtering for you after your home is owned. Cheers, -Markus P.S. I am amused by recent WeMo/that other IoT light security woes. I’m sure publishing _their_ names on my home zone would help me, somehow, to get remote controlled home disco if nothing else.. at least, if they weren’t on a separate, L3-firewalled link that has no outside connectivity outside my home. _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
