[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Mip6] Re: RFC2136 and IP address ownership

To: "Olaf M. Kolkman" <olaf@nlnetlabs.nl>
Subject: Re: [Mip6] Re: RFC2136 and IP address ownership
From: Vijay Devarapalli <vijayd@iprg.nokia.com>
Date: Tue, 06 Dec 2005 11:14:22 -0800
Cc: Alper Yegin <alper.yegin@yegin.org>, mip6@ietf.org, Olafur Gudmundson <ogud@ogud.com>, Namedroppers <namedroppers@ops.ietf.org>
In-reply-to: <B6E376C2-58D5-4A6E-8283-3B18EDFF1AB5@nlnetlabs.nl>
References: <002401c5f9ea$64757550$0302a8c0@Alperyegin> <B6E376C2-58D5-4A6E-8283-3B18EDFF1AB5@nlnetlabs.nl>
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)

[ Moderators note: Post was moderated, either because it was posted by

a non-subscriber, or because it was over 20K.With the massive amount of spam, it is easy to miss and thereforedelete relevant posts by non-subscribers.Please fix your subscription addresses. ]


hi,

Olaf M. Kolkman wrote:

First an aside, "IP-ownership" is tricky terminology. The DHCPcommunity uses the term "lease" which, IMHO, better reflects that an IPassignment is not for infinity.
In general the DNS allows maintenance of certain zones to be delegatedfor technical managerial responsibility (which name servers serve thezone, reflected in the NS RR set) as well as the responsibility for thezones content (reflected through the SOA RR).
The "content manager" is responsible for the content of the zone andwill therefore need to grant certain parties the authority to updatethe (reverse) DNS.
RFC2136 provides a hook for a client that has been granted authority toupdate content to actually add, delete and modify using the DNSprotocol. RFC2136 uses "Primary Master" to describe which of the nameservers can be used for content management. (reflected to the MNAME inthe SOA). The authentication mechanisms used in this context are TSIGand SIG0 but the authorization is still a local policy, managed outsideprotocol. For one popular implementation the authorization is donethrough configuration files.
It is completely local policy to which client this authority granted.

So to answer the question:
Isnt a client registering some other nodes IP address as its ownvia RFC2136 an issue? RFC2136 does not seem to care about this IPaddress ownership issue. Was this ever considered?
Indeed, RFC2136 is completely ambivalent about the zone content andassumes that the authorization of who is allowed to update a certainzone is done "elsewhere".
Skimming the MIP6 draft I see a lot of parties involved; I have notread the drafts in enough detail to give sound input. Let me know ifthat is needed at this time.


I can briefly describe whats in the draft. what we have done so
far is to let the home agent do the update (both direct and
reverse tree) instead of the mobile node. this assumes the home
agent is more trusted than the mobile node.

the home agent knows both the FQDN of the mobile node (through
IKEv2 authentication) and the home address of the mobile node
(since it is involved in the home address bootstrapping).

the mobile node is still in control because the home agent does
not do the update until the mobile node indicates this in the
binding update.

we just got around addressing the address ownership problem. :)

Vijay



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: [Mip6] Re: RFC2136 and IP address ownership
  - From: "Olaf M. Kolkman" <olaf@NLnetLabs.nl>
- Re: [Mip6] Re: RFC2136 and IP address ownership
  - From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:
- Re: RFC2136 and IP address ownership
  - From: "Olaf M. Kolkman" <olaf@NLnetLabs.nl>

Prev by Date: Re: [Mip6] Re: RFC2136 and IP address ownership
Next by Date: Re: Review of draft-ietf-dnsext-ds-sha256-01.txt
Previous by thread: Re: [Mip6] Re: RFC2136 and IP address ownership
Next by thread: Re: [Mip6] Re: RFC2136 and IP address ownership
Index(es):
- Date
- Thread