On 02/26/2013 04:19 AM, Ted Lemon wrote:
On Feb 26, 2013, at 6:04 AM, Fernando Gont <[email protected]> wrote:
-- I guess the thing with dynamic updates is that it doesn't work with
"zero configuration" (unless one assumes that updates on a local network
could be allowed to be unauthenticated?)
There are lots of ways to make dynamic update work on a local network that wouldn't be
acceptable on an enterprise network. For instance, you could just say "if someone
sends an update from an IP address, and that update installs an AAAA record pointing to
that IP address, allow it." Or you could use the CGA-TSIG draft. Or you could
use stateful DHCPv6. Or you could use stateless DHCPv6.
What I've been rolling through my head is a host being able to claim a
a name in a namespace when it attaches to a network provable by possession
of an asymmetric key it generates. The host could update that name binding
at any time (eg, change the AAAA) just by signing the update with that key.
The DNS could age those name bindings to get rid of transient names (eg,
phones that come and go on your homenet).
The "trust model" here is the ability to get onto my homenet at all, I think.
That is, I have the password to an SSID. Maybe different SSID's have different
DNS subdomains like XXX.guest.myhomedomain.org.
How this lines up with other work, or whether it meets the myriad of other
requirements, I do not know. But it at least seems plausible to me for a
littleconf kind of deployment like a homenet.
Mike
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
