Re: [homenet] Updating DNS [was: How many people have installed the homenet code?]

Wed, 18 May 2016 02:04:10 -0700 



Ted Lemon <mailto:mel...@fugue.com>
14 May 2016 15:18

The only problem with that is that in the homenet ideally we'd like to 
have local names signed and validatable via DNSSEC, and that requires 
that the local namespace be global in scope, even if the names 
published in that namespace are not.



Not necessarily.


You only need global scope namespace if trust also needs to extend 
beyond Homenet.



If we're assuming that ULA will be used for on-Homenet communication 
streams (in the event of non-availability of GUA/ ISP uplink), then 
tying local names into the upstream global namespace is not strictly 
necessary.



So IMHO it would be just as acceptable to sign RRs for local names 
related to ULA address space with a locally-generated trust anchor 
(independent of the trust anchors installed on the Internet root servers).



Nodes and new routers would have to learn their local trust-anchor when 
connecting to the Homenet for the first time.



In other words, the local DNSSEC trust anchor identifies a Homenet. Not 
the ULA. Not an arbitrary label.



Otherwise we're going to need a globally-unique time-invariant label to 
identify this Homenet, that is also not based on the actual chosen ULA 
in use, which is not easy to generate.




Ray Hunter (v6ops) <mailto:v6...@globis.net>
14 May 2016 14:51


Ted Lemon wrote:



If devices publish keys, then you can use those keys to make sure you 
are still talking to them. And the dnssec validation of local names 
would also work. Graceful renumbering should indeed result in DNS 
updates. Bear in mind that this is graceful, so the old and new ULAs 
coexist for a while.




Sounds good.

So can we assume


1) a single ULA namespace for resolving all active ULAs, that will 
eventually converge to only containing RRs from a single ULA?



2) And that ULA namespace is disjoint from/completely independent of 
any GUA namespace?





--
regards,
RayH
<https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>

_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet























					Reply via email to