-------- <#multipart sign=pgpmime> Are you replying from the address you want us to use? support@ ??
[email protected] <[email protected]> wrote: > The DoH angle is interesting. RFC 3007 over HTTPS with proper > authorization could be a cleaner long-term approach, though it would > require more complexity on the client side It's very interesting. The > current HTTP-based design prioritizes simplicity for embedded devices > and existing DDNS client ecosystems. It's not simpler. The complexity is either not addressed, or is just hidden. The fact that historical dyndns services *could* be used with a one-line CURL failed to address most of the real world complexity. For many, they are comparing 3007 vs that one-liner (in their head), even when the one-liner had faded into fiction. Issues include: 1. what TTL to use. 2. whether to update A, AAAA or both. 3. how to delete a record. 4. how to manage other record types. 5. what to do when two clients update the same record. (like my current and old laptop...) 6. various kinds of v6 addresses. 7. removing my AAAA record because I have no v6 today (laptop) 8. timeliness of update, particularly around TXT challenge records (ACME) {I'm not saying these issues have not been addressed by more mature protocols, what I'm saying is that when comparing things to 3007, people do not compare the same things} I have been blessed with historical (swamp) v4, so seldom needed dyndns service for my *infrastructure*... I've regularly used it to deal with ssh into laptops/client "servers", etc. including paying a fee. I went back to 3007 to my own infrastructure. As Mark says, TSIG is really just a username/password. There are some gotchas getting it right. A problem is that the server has to have all the passwords in plaintext, or at least all the servers I know do. Maybe there are pre-hash options. So a breach discloses everyone's password. **This is a problem SIG(0) does not have** <#part type="text/plain" disposition=inline description=Signature> -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [ _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
