In message <19226.1331046...@marajade.sandelman.ca>, Michael Richardson writes: > >>>>> "Mark" == Mark Andrews <ma...@isc.org> writes: > Mark> A significant percentage of home machines will roam and those > Mark> machines will need to be able to register their current > Mark> address in the DNS. I do this today when my Mac roams. TSIG > Mark> is unavoidable and cheap. UPDATE itself is relatively cheap. > > Are you asking for a link-local/mDNS-across-the-homenet leap-of-faith > way to do key establishment so that TSIG can be initialized?
For homes a shared key is fine or if you want a small database of keys. Businesses would use a shared database between the nameserver and the provision system for storing the TSIG key associations. The TSIG key should be assigned as part of the machines registration process. The machines do the same thing in both environments. Just the implementation differs slightly. TSIG is nothing more than a name/secret pair. One could go all the way to using GSS-TSIG but that is overkill for the home network and for many small businesses. The point is that the home router is expecting to see signed UPDATE requests from both inside and outside and to potententially be a master for zone transfers to external nameserver which publish the zone to the world. With IPv6 homes don't need to be second class entities. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
