On 4/4/14, 9:45 AM, Don Sturek wrote: > Hi Douglas, > > I fail to see how turning all devices in a home into a flat link > local-addressed architecture meets the requirments in the homenet charter > (http://datatracker.ietf.org/wg/homenet/charter/), particularly around > home/guest networks plus a few other areas of the charter. > > I also fail to see how turning all devices in a dnssd-type deployment into a > flat link local-addressed architecture meets the requirements in the dnssd > charter (http://datatracker.ietf.org/wg/dnssd/charter/) particularly around > enterprise networks (eg campus networks) or mesh networks.
afaik dnssd wg/charter wouldn't need to exist if we were to constrain the problem space to a single L2 domain. So i think we can stipulate that the purpose is to work on a routed network. > Don > > > > From: Douglas Otis <[email protected]> > Date: Friday, April 4, 2014 8:08 AM > To: Don Sturek <[email protected]> > Cc: <[email protected]>, <[email protected]> > Subject: Re: [homenet] [dnssd] IETF-89 WG meeting minutes > > > On Apr 4, 2014, at 6:10 AM, Don Sturek <[email protected]> wrote: > >> Hi Douglas, >> >> As one who follows the WG and having a keen interest in homenet solutions, >> I fail to see how TRILL addresses the homenet problem set. >> >> Producing a flat L2 architecture and then trying to set up specific >> service filters to contain the traffic seems like an L3 problem to me. >> >> Claiming that L3 does not address "security threats" is not a reason to >> use TRILL since I would imagine setting "specific service filters" in >> TRILL would have the same issues (and without the existing IETF L3 >> security solutions we already have) >> >> Don > > Dear Don, > > Typical home networks could use link-local addresses for all internal > devices without the filtering concern that effects enterprise level > deployments. In addition, the mDNS to DNS proxy scheme expects routable > addresses and rather ugly name conversion and base domain assignments > ignored in proposed specifications. > > In comparison, Rbridge which can be introduced incrementally, permits > continued use of link-local addressing and firewalls to avoid a difficult > task of assessing network boundaries. Devices using default mDNS names > would not suddenly become indirectly visible and various network enabled > displays that handle HDCP media still function within the home. > > Even if Rbridge is not a viable solution, I would still request that we look > at the security impact of any proposal - even if it is just in the form of a > BCP that would be useful for deployment. > > Regards, > Douglas Otis > > > > > _______________________________________________ homenet mailing list > [email protected] https://www.ietf.org/mailman/listinfo/homenet > > > > > _______________________________________________ > homenet mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/homenet >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
