On Mar 9, 2012, at 2:58 PM 3/9/12, Ted Lemon wrote:

> On Mar 9, 2012, at 1:24 PM, Ray Bellis <[email protected]> wrote:
>> I've been vocal in my complaints about how broken the DNS Search Path 
>> mechanism is.  In particular, I'm concerned about the possible security 
>> implications of using a relative location when a mobile device is moving 
>> between networks.
> 
> Very true.   Ideally your homenet would have a namespace in the global DNS 
> hierarchy that would remain the same regardless of where you connected, and 
> your client would have TSIG credentials sufficient to update its own name in 
> that namespace.   Roving namespaces seem fraught with opportunities for the 
> wrong thing to happen, intentionally or otherwise.

This point is what I was trying to get at with my second bullet.  Ted, who is 
the "you" in the "where you connected": the homenet, the device, ???

Yes, I'm stalling for time...

There are two sides to the local or "relative" namespace - the device with the 
name and the entity trying to contact the device.  I'm trying to work through 
the scenarios (independent of whether the solution is in applications, a 
service, DNS-SD, DNS, etc.) and write them down...

- Ralph

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to