Ted Lemon <mailto:[email protected]>
14 May 2016 15:18
The only problem with that is that in the homenet ideally we'd like to
have local names signed and validatable via DNSSEC, and that requires
that the local namespace be global in scope, even if the names
published in that namespace are not.
Not necessarily.
You only need global scope namespace if trust also needs to extend
beyond Homenet.
If we're assuming that ULA will be used for on-Homenet communication
streams (in the event of non-availability of GUA/ ISP uplink), then
tying local names into the upstream global namespace is not strictly
necessary.
So IMHO it would be just as acceptable to sign RRs for local names
related to ULA address space with a locally-generated trust anchor
(independent of the trust anchors installed on the Internet root servers).
Nodes and new routers would have to learn their local trust-anchor when
connecting to the Homenet for the first time.
In other words, the local DNSSEC trust anchor identifies a Homenet. Not
the ULA. Not an arbitrary label.
Otherwise we're going to need a globally-unique time-invariant label to
identify this Homenet, that is also not based on the actual chosen ULA
in use, which is not easy to generate.
Ray Hunter (v6ops) <mailto:[email protected]>
14 May 2016 14:51
Ted Lemon wrote:
If devices publish keys, then you can use those keys to make sure you
are still talking to them. And the dnssec validation of local names
would also work. Graceful renumbering should indeed result in DNS
updates. Bear in mind that this is graceful, so the old and new ULAs
coexist for a while.
Sounds good.
So can we assume
1) a single ULA namespace for resolving all active ULAs, that will
eventually converge to only containing RRs from a single ULA?
2) And that ULA namespace is disjoint from/completely independent of
any GUA namespace?
--
regards,
RayH
<https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
