On Thu, Mar 8, 2012 at 1:20 AM, Mark Andrews <ma...@isc.org> wrote: > > In message <26689.1331127...@marajade.sandelman.ca>, Michael Richardson > writes: >> >>>>> "Mark" =3D=3D Mark Andrews <ma...@isc.org> writes: >> Mark> In message <19226.1331046...@marajade.sandelman.ca>, Michael Rich= >> ardson writes: >> >> >>>>> "Mark" =3D=3D Mark Andrews <ma...@isc.org> writes: >> Mark> A significant percentage of home machines will roam and those >> Mark> machines will need to be able to register their current >> Mark> address in the DNS. I do this today when my Mac roams. TSIG >> Mark> is unavoidable and cheap. UPDATE itself is relatively cheap. >> >> >> Are you asking for a link-local/mDNS-across-the-homenet leap-of-faith >> >> way to do key establishment so that TSIG can be initialized? >> >> Mark> For homes a shared key is fine or if you want a small database of >> Mark> keys. >> >> You didn't answer my question! I wasn't asking for justification, I was >> asking for clarification of what you are proposing. > > Ok. Lets look at a working model that Microsoft has with AD. You boot > the machine them a Adminstrator adds the machine to the AD domain using > the administrators credentials. > > One can do essentially the same thing with TKEY and get a TSIG key > that can be stored. The home owner would register the machine with > the router using TKEY. The credentials used would allow registration > on behalf. TKEY support sending additional data in the request we > only need a standard description on how to do "on behalf of".
An implementation problem is that the 'publishable' quality is not representable with things like bind9. Bind9 supports 'views', and in my case, I have a 'us' (for inside the network) and 'them' view (for everybody else). Inside the network, machines generally have rfc1918 addresses and ipv6 addresses, and outside, only ipv6 addresses. So you need to update both views/databases in order to have a consistent namespace. You don't want to leak the rfc1918 addresses to the outside world, but you (probably) want to make your ipv6 addresses available both inside and outside. > > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet -- Dave Täht SKYPE: davetaht US Tel: 1-239-829-5608 http://www.bufferbloat.net _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
