On Mar 9, 2012, at 2:58 PM 3/9/12, Ted Lemon wrote: > On Mar 9, 2012, at 1:24 PM, Ray Bellis <[email protected]> wrote: >> I've been vocal in my complaints about how broken the DNS Search Path >> mechanism is. In particular, I'm concerned about the possible security >> implications of using a relative location when a mobile device is moving >> between networks. > > Very true. Ideally your homenet would have a namespace in the global DNS > hierarchy that would remain the same regardless of where you connected, and > your client would have TSIG credentials sufficient to update its own name in > that namespace. Roving namespaces seem fraught with opportunities for the > wrong thing to happen, intentionally or otherwise.
This point is what I was trying to get at with my second bullet. Ted, who is the "you" in the "where you connected": the homenet, the device, ??? Yes, I'm stalling for time... There are two sides to the local or "relative" namespace - the device with the name and the entity trying to contact the device. I'm trying to work through the scenarios (independent of whether the solution is in applications, a service, DNS-SD, DNS, etc.) and write them down... - Ralph _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
