[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Mip6] Re: RFC2136 and IP address ownership
In your previous mail you wrote:
I can briefly describe whats in the draft. what we have done so
far is to let the home agent do the update (both direct and
reverse tree)
=> I disagree: the draft says "the" DNS entry and it is clearly only
the direct tree.
instead of the mobile node. this assumes the home
agent is more trusted than the mobile node.
the home agent knows both the FQDN of the mobile node (through
IKEv2 authentication) and the home address of the mobile node
(since it is involved in the home address bootstrapping).
=> this is not true for two reasons:
- IKEv2 authentication gives the FQDN only in some cases, not in
all cases
- the IKEv2 code and the mobility code are 2 different entities,
the DNS update in the draft is performed by the mobility code
using the FQDN given by the mobile node in a mobility option.
the mobile node is still in control because the home agent does
not do the update until the mobile node indicates this in the
binding update.
=> this mobility option has only a do-undo flag. The DHC DDNS work
shows that far more are needed.
we just got around addressing the address ownership problem. :)
=> for a reason I can't understand some persons in the MIP6 WG are
convinced the security of dynamic DNS updates relies on the protection
of the RDATA more than on the protection of the NAME...
I give up, I have more interesting things to do, I'll only bash
the draft if it is not fixed before the IETF last call.
Regards
Francis.Dupont@enst-bretagne.fr
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>