Daniel Migault <mglt.i...@gmail.com> wrote: > In my opinion the Synchronization Channel is initiated by the DM and > follows AXFR over TLS (9103). To my understanding NOTIFY, SOA exchange > may be protected by TLS or not. Of course if the TLS session has not > been established by the DM the NOTIFY cannot be protected.
Yes. It is initiated by the DM, and it's a TCP/TLS connection from a random port on the DM to the designated port (853) on the HNA. So, how does the *HNA* use this connection to send a Notify from the HNA to the DM, when doesn't initiate to the DM? > While I do see the point in re-using the control channel, I do not > think we should recommend this. Firstly it mixes the following > channels, so if we find another way to set the DM / HNA configuration > we will always have to handle the Notify. > I also believe that changes > 9103, and I believe that would be good if we could re-se implementation > of 9103 without modifications. It might be good to mention the Notifies > may also take the control channel - just leaving this as a potential > possibility. 9103 documents that NOTIFY messages travel over port-53, and are not protected. That's fine, since they just cause an SOA query in the other direction, but in the case of the HNA and DM, the only port that the HNA knows about that it can send to is the Control Channel's port. -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet