Re: [homenet] Multiple routers in the home

[Walter H.]

On 11.05.2019 22:51, joel jaeggli wrote:

On 5/11/19 01:13, Walter H. wrote:

On 11.05.2019 09:31, Jan Newmarch wrote:

I'm new to this list so may cover old ground, be off topic, etc. Feel
free to shoot me down!

Barbara Stark writes [homenet rechartering, meetings, and code}

 Multiple routers just for the purpose of having multiple (general
 purpose) routers may not be a common use case?

I'd say this is very common, that you have TWO routers cascaded ...

the outer one comes from your ISP, the inner one is your own ...

Basically everyone who doesn't like their cable modem or at cpe that
much is in this category. in many cases some of these would benifit from
being bridged,

depends ...
not being bridged can mean a higher level of safety;

when they subnet for the purposes of guest network or vlan
isolation they definitely cannot be bridged.


depends on how this is done ...
in case the own router does the subnetting, bridging is possible



smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Multiple routers in the home

[Walter H.]

On 11.05.2019 09:31, Jan Newmarch wrote:

I'm new to this list so may cover old ground, be off topic, etc. Feel
free to shoot me down!

Barbara Stark writes [homenet rechartering, meetings, and code}

Multiple routers just for the purpose of having multiple (general
purpose) routers may not be a common use case?

I'd say this is very common, that you have TWO routers cascaded ...

the outer one comes from your ISP, the inner one is your own ...



smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] RFC 8375 on Special-Use Domain 'home.arpa.'

[Walter H.]

Thanks for this RFC, then my local used domain ("home.arpa.") can't be 
overwritten by any other RFC any more ...


On 17.05.2018 17:41, rfc-edi...@rfc-editor.org wrote:

A new Request for Comments is now available in online RFC libraries.


 RFC 8375

 Title:  Special-Use Domain 'home.arpa.'
 Author: P. Pfister,
 T. Lemon
 Status: Standards Track
 Stream: IETF
 Date:   May 2018
 Mailbox:pierre.pfis...@darou.fr,
 mel...@fugue.com
 Pages:  12
 Characters: 27377
 Updates:RFC 7788

 I-D Tag:draft-ietf-homenet-dot-14.txt

 URL:https://www.rfc-editor.org/info/rfc8375

 DOI:10.17487/RFC8375

This document specifies the behavior that is expected from the Domain
Name System with regard to DNS queries for names ending with
'.home.arpa.' and designates this domain as a special-use domain
name. 'home.arpa.' is designated for non-unique use in residential
home networks.  The Home Networking Control Protocol (HNCP) is
updated to use the 'home.arpa.' domain instead of '.home'.

This document is a product of the Home Networking Working Group of the IETF.

This is now a Proposed Standard.

STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Official
Internet Protocol Standards (https://www.rfc-editor.org/standards) for the
standardization state and status of this protocol.  Distribution of this
memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
   https://www.ietf.org/mailman/listinfo/ietf-announce
   https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-edi...@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC






smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] I-D Action: draft-ietf-homenet-dot-14.txt

[Walter H.]

Hello,

has this draft already become a RFC?

Thanks,
Walter

On 01.09.2017 19:47, internet-dra...@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Home Networking WG of the IETF.

 Title   : Special Use Domain 'home.arpa.'
 Authors : Pierre Pfister
   Ted Lemon
Filename: draft-ietf-homenet-dot-14.txt
Pages   : 11
Date: 2017-09-01

Abstract:
This document specifies the behavior that is expected from the Domain
Name System with regard to DNS queries for names ending with
'.home.arpa.', and designates this domain as a special-use domain
name. 'home.arpa.' is designated for non-unique use in residential
home networks.  Home Networking Control Protocol (HNCP) is updated to
use the 'home.arpa.' domain instead of '.home'.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-homenet-dot/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-homenet-dot-14
https://datatracker.ietf.org/doc/html/draft-ietf-homenet-dot-14

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-homenet-dot-14


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/





smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] I-D Action: draft-ietf-homenet-dot-14.txt

[Walter H.]

Hello,

just one question for some better understanding ...

I read this line

"The domain name 'home.arpa.' is to be used for naming within
residential homenets."

when this draft becomes an RFC - hopefully this year 2017 - then there 
exists

an RFC, which gives you a domain name you can use in a home network/LAN
without conflicting to other things ..., the domain name 'home.arpa'

but there still doesn't exist any for company networks, they most 
commonly use
the domain name 'local', which I already noticed, that this conflicts to 
RFC 6762 ...


Thanks,
Walter

On 01.09.2017 19:47, internet-dra...@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Home Networking WG of the IETF.

 Title   : Special Use Domain 'home.arpa.'
 Authors : Pierre Pfister
   Ted Lemon
Filename: draft-ietf-homenet-dot-14.txt
Pages   : 11
Date: 2017-09-01






smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

[Walter H.]

On 01.08.2017 23:15, Ted Lemon wrote:
I addressed that question in a previous reply.   Your home network 
does not have the equivalent security to letsencrypt.org 
's certificate signing infrastructure (I hope!!).
that is not the question, the question is: is it possible to use some 
self signed certificates without trust anchor installed, in the near future?

by the way how would you distinguish between LAN and WAN in an IPv6 world?
in an IPv4 world it is done by RFC1918 addresses ...
  Installing a trust anchor means that trust anchor has signing 
authority for any name---there's no way to install one that doesn't.

there is a way, look at this one:

-BEGIN CERTIFICATE-
MIIJWTCCCEGgAwIBAgIQeRdKqRQXNv4Vp8qfLP9FiDANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTEzMDIwMTAwMDAwMFoXDTIwMDUzMDEwNDgzOFow
UjELMAkGA1UEBhMCVVMxGjAYBgNVBAoTEUludGVsIENvcnBvcmF0aW9uMScwJQYD
VQQDEx5JbnRlbCBFeHRlcm5hbCBCYXNpYyBQb2xpY3kgQ0EwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDCuISVQi3csKqYk5uz7IOhY8MXkiqBaTqagiht
iM997G1mJhTojcR+8DCg3E8OQ3ZajByhxRkwlsR4Srl5sGSwWfF/XaAHGUhWIhjB
kDO7toW+EMzI8pAjcLwIbRlIL0AFnUTe6Z0DcIS5406Y/9MKE2oKXbf4EbVBv88m
SkA74Z+lZJWFNxXncx/9wq8UdyMY2vHN1Kir1/JbtrqB9wYRBjQtWSbAVZR8nTBP
yRp4uvQTS2jOQh+jTUo1Y3O/o1xg/zRA4FEOUCla704OYRUkc8NuXHiPNNDcktr7
gO8E06NVQ6n6aBGaOJbSst2vHA7Eiog7A2PB4wKn+GDFf+FNAgMBAAGjggYMMIIG
CDAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUVjpv
F6skDOW3MWSwEe3b6iO+XrwwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYB
Af8CAQEwXgYDVR0lBFcwVQYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcDAwYI
KwYBBQUHAwQGCCsGAQUFBwMIBgorBgEEAYI3CgMEBgorBgEEAYI3CgMMBgkrBgEE
AYI3FQUwFwYDVR0gBBAwDjAMBgoqhkiG+E0BBQFpMEkGA1UdHwRCMEAwPqA8oDqG
OGh0dHA6Ly9jcmwudHJ1c3QtcHJvdmlkZXIuY29tL0FkZFRydXN0RXh0ZXJuYWxD
QVJvb3QuY3JsMIHCBggrBgEFBQcBAQSBtTCBsjBEBggrBgEFBQcwAoY4aHR0cDov
L2NydC50cnVzdC1wcm92aWRlci5jb20vQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5w
N2MwPgYIKwYBBQUHMAKGMmh0dHA6Ly9jcnQudHJ1c3QtcHJvdmlkZXIuY29tL0Fk
ZFRydXN0VVROU0dDQ0EuY3J0MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC50cnVz
dC1wcm92aWRlci5jb20wggQXBgNVHR4EggQOMIIECqCCA9QwC4EJaW50ZWwuY29t
MAuCCWFwcHVwLmNvbTAOggxjbG91ZG5wby5vcmcwE4IRZWRhY2FkdG9vbGtpdC5v
cmcwC4IJZnRsMTAuY29tMAuCCWloY21zLm5ldDAOggxpbmMtbmVzdC5uZXQwFoIU
aW5kaWFlZHVzZXJ2aWNlcy5jb20wDYILaW50ZWwuY28uanAwDYILaW50ZWwuY28u
a3IwDYILaW50ZWwuY28udWswC4IJaW50ZWwuY29tMAqCCGludGVsLmZyMAuCCWlu
dGVsLm5ldDATghFpbnRlbGFsbGlhbmNlLmNvbTAUghJpbnRlbGFwYWNzdG9yZS5j
b20wFoIUaW50ZWxhc3NldGZpbmRlci5jb20wGYIXaW50ZWxiZXR0ZXJ0b2dldGhl
ci5jb20wFIISaW50ZWxjaGFsbGVuZ2UuY29tMBOCEWludGVsY2xvdWRzc28uY29t
MB6CHGludGVsY29uc3VtZXJlbGVjdHJvbmljcy5jb20wEoIQaW50ZWxjb3JlMjAx
MC5ydTAWghRpbnRlbGZlbGxvd3NoaXBzLmNvbTAWghRpbnRlbGh5YnJpZGNsb3Vk
LmNvbTAUghJpbnRlbHBvcnRmb2xpby5jb20wDoIMaW50ZWwtcmEuY29tMBSCEmlu
dGVsLXJlc2VhcmNoLm5ldDAUghJpbnRlbHJtYXN1cnZleS5jb20wGIIWaW50ZWxz
bWFsbGJ1c2luZXNzLmNvbTARgg9teWludGVsZWRnZS5jb20wEYIPbXktbGFwdG9w
LmNvLnVrMBKCEG9yaWdpbi1hcHB1cC5jb20wHoIcb3JpZ2luLWludGVncmF0aW9u
LWFwcHVwLmNvbTAIggZwYy5jb20wFIIScGN0aGVmdGRlZmVuY2UuY29tMBSCEnBj
dGhlZnRkZWZlbnNlLmNvbTAOggxwdmF0cmlhbC5uZXQwGYIXcmVkZWZpbmV5b3Vy
bmV0d29yay5jb20wD4INcmV0YWlsLWlhLmNvbTAUghJzZXJ2ZXItaW5zaWdodC5j
b20wE4IRdGhlaW50ZWxzdG9yZS5jb20wHYIbdGhyZWFkaW5nYnVpbGRpbmdibG9j
a3Mub3JnMBuCGXRodW5kZXJib2x0dGVjaG5vbG9neS5uZXQwIIIedWx0cmFib29r
LXNvZnR3YXJlLWNvbnRlc3QuY29tMFCkTjBMMQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCQ0ExFDASBgNVBAcTC1NhbnRhIENsYXJhMRowGAYDVQQKExFJbnRlbCBDb3Jw
b3JhdGlvbqEwMAqHCAAAMCKHIAAA
MA0GCSqGSIb3DQEBBQUAA4IBAQBYb7/NQwdCE/y40K2BIfKKb++H
vCaKfAC9aAwrGWQsEWezqdl5Cqw5XWUAFjtTRm6iprVnmdvov6IlrgSVEQk6L96s
tz24vAF0MIBHSFRMoPtrqLiihLf0NOV7ztxSePQxbUJRroe/lKy+lhb7VeV5gmT9
rFA45NzLgSznd2+dmyNcfQQD9AeeftRX4maUTeu1XFxinowtg+ZGFOKhE4D92uCG
JxGSK72HF0/LGRhLXozmDdmPfSN2b6T/oLo942031iY46BqcI5LIVh8aGo4A1jOm
a5X6gh50Cw+kht8jM3yeNhSzXOKj7Uigjijx10z2wJu09Tyj5ahjoiwIpdX+
-END CERTIFICATE-

I mean, honestly, if it were possible to get a CA to just issue 
certificates for "www.home.arpa" on request with no validation, I 
think that would be a better answer both from a security perspective 
and a usability perspective, but it's not a /good/ answer, and I don't 
think it's possible anyway.



exakt this was the intention of my inital thoughts


smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

[Walter H.]

On 01.08.2017 21:21, Ted Lemon wrote:
On Aug 1, 2017, at 2:53 PM, Walter H. <walte...@mathemainzel.info 
<mailto:walte...@mathemainzel.info>> wrote:
is there a problem, to have the organization that has the delegation 
of ".home.arpa." also provide such SSL certificates

signed by an intermediate that got signed by any CA?


This is not how PKI works.
wrong exact this is it; a PKI has at least a root CA and end entity 
certificates, and of course I never mentioned this, the browser does 
validate checks - either CRL or OCSP, and all this is meant by running a 
own PKI 

and this is not everyones thing to have this configured ...


smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

[Walter H.]

On 01.08.2017 20:04, Ted Lemon wrote:
On Aug 1, 2017, at 2:02 PM, Walter H. <walte...@mathemainzel.info 
<mailto:walte...@mathemainzel.info>> wrote:

what is the real problem having stricht rules in this Draft/RFC to get an
SSL certificate that can be used  inside such an environment;
so that no own PKI is neccessary?


The problem is that it's not up to us to set these rules—it's up to 
CABF, and they have ruled on this, and (IMO) not capriciously.


is there a problem, to have the organization that has the delegation of 
".home.arpa." also provide such SSL certificates

signed by an intermediate that got signed by any CA?

and these should be a section in this Draft/RFC ...

so that there is neither need of errors/warning neither red nor cowblue 
or other color; and also no need of having an own PKI

when not wanted to or or not having the knowledge about at all;

it would be quite strange to think that anybody that use a browser for 
electronic banking has the knowledge about SSL ...
by the way knowledge about SSL is more common than knowledge about 
DNSSEC ...


in good old german we would say: "wo ein Wille da ein Weg" or in strange 
English: "a way is open when its wanted to be open"





smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

[Walter H.]

On 01.08.2017 19:33, Juliusz Chroboczek wrote:

I think that Barbara expressed very clearly why the CA model is simply not
adapted to the Homenet.  I don't think we should be complicating the
Homenet protocol stack in order to work around the limitations of the
browser stack.

I'm not thinking about the homenet protocol I think of the fact that the
'.home.arpa' is the general purpose domain which can be used in home 
networks
just for simple DNS, there is nothing said about the homenet protocol at 
all;


what is the real problem having stricht rules in this Draft/RFC to get an
SSL certificate that can be used  inside such an environment;
so that no own PKI is neccessary?

by the way, when you look at the x509 certificate chain, that is used by 
intel.com
you find an intermediate, that this can only be used to sign requets for 
domains that Intel own ...

why not just having such a intermediate for '.home.arpa.' domains?
this intermediate can even be public including its private key ...

in a short time there will be no way to go over the warnings in browsers,
these will be errors, where any connection will be blocked.



smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

[Walter H.]

On Mon, July 31, 2017 20:33, Ted Lemon wrote:
> On Jul 31, 2017, at 2:21 PM, Walter H. <walte...@mathemainzel.info> wrote:
>> Just a thought of mine, would it be possible to add a section, to make
>> it possible
>> to get official SSL certificates for these 'home.arpa.' domains (for
>> free),
>> so there would not be the need of running a own PKI?
>
> I don't see how that could work.

that is why my thoughts to add a section to this Draft/RFC how this will work

>  I agree that it's a problem in need of
> a solution, but since home.arpa wouldn't be externally visible,

of course, the sense of a private LAN domain name ...

> you couldn't use the fact that you can publish in a name in it
> to do the ACME authentication.

there SHOULD NOT be the ACME authentication or any neccessarity of any
other authentication, as these domain names need not be unique ...

in case you use 'teddynet.home.arpa.' and I use this domain name, too;
we wouldn't have the same x509 SSL certificate, because each of us uses
its own private key ...

why not just define the org. that hosts the ARPA TLD (IANA?), as the CA
for these domains and the root certificate as built in token to the common
browsers and/or operating systems?
there it should only be neccessary to upload the certificate request,
gicwn the '.home.arpa.' domain name, and an email address where the
certificate is sent to;
the certificate will be a wild card certificate for this .home.arpa.
domain ..

I would want this to be added as additional section to this Draft/RFC;

> I was hoping to get IP-based certs, but it turns out that letsencrypt
> (probably wisely) doesn't offer them.

IP-based is a bad idea as there is no user agent (browser) that handles
IPv6 correct in such case ...

Thanks,
Walter

___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] I-D Action: draft-ietf-homenet-dot-10.txt

[Walter H.]

On 28.07.2017 22:11, internet-dra...@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Home Networking WG of the IETF.

 Title   : Special Use Domain 'home.arpa.'
 Authors : Pierre Pfister
   Ted Lemon
Filename: draft-ietf-homenet-dot-10.txt
Pages   : 9
Date: 2017-07-28

Abstract:
This document specifies the behavior that is expected from the Domain
Name System with regard to DNS queries for names ending with
'.home.arpa.', and designates this domain as a special-use domain
name. 'home.arpa.' is designated for non-unique use in residential
home networks.  Home Networking Control Protocol (HNCP) is updated to
use the 'home.arpa.' domain instead of '.home'.
Just a thought of mine, would it be possible to add a section, to make 
it possible

to get official SSL certificates for these 'home.arpa.' domains (for free),
so there would not be the need of running a own PKI?

Greetings,
Walter



smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] WGLC on draft-ietf-homenet-dot-09

[Walter H.]

One thing I have to comment to  ".home.arpa", as I have changed any 
device used in my residental home network to
use ".home.arpa" instead of ".local" or ".home", but I noticed one thing 
in connection with BIND

(I'm using just simple DNS with BIND)

I'm using DDNS and my router has there the dynamic master zones:
lets say "ddns.mynet.home.arpa" for forward DNS
and "1.168.192.in-addr.arpa" for reverse DNS;

on the second running DNS (also running BIND) which is just a VM
I could define there just a forward zone like this:

zone "1.168.192.in-addr.arpa" IN {
type forward;
forwarders { 192.168.0.1; };
forward only;
};

but with the forward zone "ddns.mynet.home.arpa" this doen't work, and I 
don't know if there are

any restrictions which shouldn't be in BIND ...

the reason for just defining a forward zone instead of slave zone on the 
second DNS is a timing thing:


at the moment a device gets registrated on the master DNS by DHCP, 
requests to the second DNS
just get forwarded to the master and so get an reply, but with a slave 
zone requests to the second DNS

get resolved a longer time later ...

and this MUST work with  ".home.arpa"  the same way as with 
"168.192.in-addr.arpa" ...


these statements:

disable-empty-zone "HOME.ARPA";
disable-empty-zone "168.192.IN-ADDR.ARPA";

work both; or do I have to give this:

disable-empty-zone "MYNET.HOME.ARPA";

in order to work properly with forward zones?

Thanks,
Walter

On 04.07.2017 11:32, Ray Bellis wrote:

Given the relatively large number of changes in this document based on
Suzanne's review and my own, I'm starting a *one week* WGLC on this
document before it gets pushed back out to our AD again.

There was very little response to the last WGLC so there are concerns
over whether it has WG consensus.

*Please* read this version, and comment, even if it's to say "I have no
comments, please go ahead and publish".

NB: the particular string applied for (".home.arpa") is not up for
discussion again.  We've been there, done that.

thanks,

Ray

--8<--8<--

A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Home Networking of the IETF.

 Title   : Special Use Domain '.home.arpa'
 Authors : Pierre Pfister
   Ted Lemon
Filename: draft-ietf-homenet-dot-09.txt
Pages   : 9
Date: 2017-07-03

Abstract:
This document specifies the behavior that is expected from the Domain
Name System with regard to DNS queries for names ending with
'.home.arpa.', and designates this domain as a special-use domain
name. 'home.arpa' is designated for non-unique use in residential
home networks.  Home Networking Control Protocol (HNCP) is updated to
use the '.home.arpa' domain instead of '.home'.






smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] WGLC on draft-ietf-homenet-dot-05

[Walter H.]

On 08.06.2017 06:06, Ted Lemon wrote:
On Jun 7, 2017, at 11:49 PM, Walter H. <walte...@mathemainzel.info 
<mailto:walte...@mathemainzel.info>> wrote:
NAK because, this says exactly that I can't use '.home.arpa' for 
anything different than HNCP ...

my use case is just primitive DNS for an intranet in a LAN ...


Please read the -06, which I just posted, and see if you still think 
it says this.



now it read much better ...

Thanks
Walter


smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] WGLC on draft-ietf-homenet-dot-05

[Walter H.]

On 07.06.2017 23:14, Ted Lemon wrote:
Okay, I think I've procrastinated on responding to this long enough, 
and Ray and Mark seem to feel even more strongly about that than I do. 
  Sorry for taking so long, and thanks very much for the careful review!


On Apr 30, 2017, at 8:06 PM, Suzanne Woolf > wrote:

Sec. 1, Introduction

1. Existing text: "The '.home.arpa' domain replaces '.home' as the 
default domain used by the Home Networking Control Protocol (HNCP)"


There's an accepted erratum on this, since the "reservation" of .home 
occurred without reference to the relevant registry, so it would be 
helpful for anyone trying to understand why this document exists to 
point that out.


Suggested new text: "The '.home.arpa' domain corrects an error in 
 RFC7788, replacing  '.home' as the default domain used by the Home 
Networking Control Protocol (HNCP)."


OK
NAK because, this says exactly that I can't use '.home.arpa' for 
anything different than HNCP ...

my use case is just primitive DNS for an intranet in a LAN ...




In addition, this text doesn't touch at all on the fact a delegation 
in the global DNS is considered necessary for the default zone in 
order to properly support DNSSEC, or the rationale for it, or the 
potential difficulty of obtaining it in the root zone.


Finally, it's unclear why a separate document is needed to support 
redaction of ".home" from RFC 7788, when this document replaces it 
with ".home.arpa." anyway. This document is standards track and 
already updates RFC 7788.



because ".home" should be used in the intention of the draft I've found ...
https://datatracker.ietf.org/doc/draft-cheshire-homenet-dot-home/




smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Re: [homenet] Please adopt ...

[Walter H.]

in case this draft - not mine - 
https://datatracker.ietf.org/doc/draft-cheshire-homenet-dot-home/

becomes an RFC, everything is solved ...




smime.p7s
Description: S/MIME Cryptographic Signature
___
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet