Requirements for a Protocol to Replace the AppleTalk Name Binding Protocol (NBP)
draft-cheshire-dnsext-nbp-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2013-02-12
|
10 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48-DONE |
2012-08-22
|
10 | (System) | post-migration administrative database adjustment to the No Objection position for Sean Turner |
2012-08-22
|
10 | (System) | post-migration administrative database adjustment to the No Objection position for Russ Housley |
2011-01-12
|
10 | (System) | New version available: draft-cheshire-dnsext-nbp-10.txt |
2010-12-21
|
10 | Amy Vezza | State changed to RFC Ed Queue from Approved-announcement sent. |
2010-12-20
|
10 | (System) | IANA Action state changed to No IC from In Progress |
2010-12-20
|
10 | (System) | IANA Action state changed to In Progress |
2010-12-20
|
10 | Amy Vezza | IESG state changed to Approved-announcement sent |
2010-12-20
|
10 | Amy Vezza | IESG has approved the document |
2010-12-20
|
10 | Amy Vezza | Closed "Approve" ballot |
2010-12-20
|
10 | Amy Vezza | Approval announcement text regenerated |
2010-12-20
|
10 | Amy Vezza | Ballot writeup text changed |
2010-12-16
|
10 | Amy Vezza | State changed to Approved-announcement to be sent from IESG Evaluation. |
2010-12-16
|
10 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded |
2010-12-16
|
10 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded |
2010-12-14
|
10 | Ralph Droms | State changed to IESG Evaluation from Waiting for AD Go-Ahead. |
2010-12-08
|
10 | David Harrington | Request for Last Call review by TSVDIR is assigned to Nandita Dukkipati |
2010-12-08
|
10 | David Harrington | Request for Last Call review by TSVDIR is assigned to Nandita Dukkipati |
2010-12-02
|
10 | Sean Turner | [Ballot comment] The rewritten security considerations include two points a) had the protocol been developed with security in mind then it would have been done … [Ballot comment] The rewritten security considerations include two points a) had the protocol been developed with security in mind then it would have been done differently b) when a new/modern version is designed the requirement is that it have security measures appropriate to the environment in which it will be used. Based on the changes, I'm changing to no objection. |
2010-12-02
|
10 | Sean Turner | [Ballot comment] The rewritten security considerations include two points a) had the protocol been developed with security in mind then it would have been done … [Ballot comment] The rewritten security considerations include two points a) had the protocol been developed with security in mind then it would have been done differently b) when a new/modern version is designed the requirements is that it have security measures appropriate to the environment in which it will be used. Based on the changes, I'm changing to no objection. |
2010-12-02
|
10 | Sean Turner | [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss |
2010-12-02
|
10 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss |
2010-12-01
|
10 | Ralph Droms | Telechat date was changed to 2010-12-16 from 2010-12-02 by Ralph Droms |
2010-12-01
|
10 | Ralph Droms | Note field has been cleared by Ralph Droms |
2010-12-01
|
10 | Robert Sparks | [Ballot Position Update] New position, No Objection, has been recorded |
2010-12-01
|
10 | Peter Saint-Andre | [Ballot Position Update] New position, No Objection, has been recorded |
2010-11-29
|
10 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded |
2010-11-23
|
10 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call. |
2010-11-13
|
10 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Jürgen Schönwälder. |
2010-11-01
|
10 | Amanda Baber | We understand that this document does not require any IANA actions. |
2010-10-29
|
10 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Jürgen Schönwälder |
2010-10-29
|
10 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Jürgen Schönwälder |
2010-10-26
|
10 | Amy Vezza | Last call sent |
2010-10-26
|
10 | Amy Vezza | State changed to In Last Call from Last Call Requested by Amy Vezza |
2010-10-26
|
10 | Ralph Droms | Placed on agenda for telechat - 2010-12-02 by Ralph Droms |
2010-10-26
|
10 | Ralph Droms | Status Date has been changed to 2010-10-26 from None by Ralph Droms |
2010-10-26
|
10 | Ralph Droms | Last Call was requested by Ralph Droms |
2010-10-26
|
10 | Ralph Droms | State changed to Last Call Requested from AD Evaluation by Ralph Droms |
2010-10-26
|
10 | Ralph Droms | [Ballot Position Update] New position, Yes, has been recorded for Ralph Droms |
2010-10-26
|
10 | Ralph Droms | Ballot has been issued by Ralph Droms |
2010-10-25
|
09 | (System) | New version available: draft-cheshire-dnsext-nbp-09.txt |
2010-09-13
|
10 | Ralph Droms | State changed to AD Evaluation from IESG Evaluation::AD Followup by Ralph Droms |
2010-04-08
|
10 | Sean Turner | [Ballot discuss] I am picking up Pasi's DISCUSS on this document. I think the document should be clearer whether these requirements represent some kind of … [Ballot discuss] I am picking up Pasi's DISCUSS on this document. I think the document should be clearer whether these requirements represent some kind of IETF consensus, or just opinions of the authors. I'm guessing it's the latter, but this guess is mostly based on the I-D file name (which won't be visible once this becomes an RFC). I agree with Chris that Section 6 should be more realistic about the security goals: things like determining the authenticity of received information, or authority to request some information, can't usually be done with zero configuration. Even with non-zero configuration, a security solution that's realistically deployable in e.g. enterprise environment probably has to be able to leverage existing authentication and authorization infrastructure (things like Active Directory, Kerberos, or internal PKIs come to mind). Besides, the problem solved by DNSSEC (authenticating a hierarchical delegation structure) is quite different from securing an AppleTalk NBP like protocol (even if the messages re-use DNS formats). |
2010-04-08
|
10 | Sean Turner | [Ballot Position Update] New position, Discuss, has been recorded by Sean Turner |
2010-04-03
|
10 | Russ Housley | [Ballot discuss] [Holding a discuss for IANA] Section 7 should be clearer about the actions IANA is expected to take when this document is approved. … [Ballot discuss] [Holding a discuss for IANA] Section 7 should be clearer about the actions IANA is expected to take when this document is approved. Please add an IANA considerations section, even if it says, "This document has no IANA actions."). |
2010-04-03
|
10 | Russ Housley | [Ballot Position Update] New position, Discuss, has been recorded by Russ Housley |
2010-03-08
|
10 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2010-03-08
|
08 | (System) | New version available: draft-cheshire-dnsext-nbp-08.txt |
2009-04-07
|
10 | Ralph Droms | Responsible AD has been changed to Ralph Droms from Mark Townsley |
2009-02-06
|
10 | Mark Townsley | Sent email to Stuart asking for update |
2009-02-06
|
10 | Mark Townsley | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Mark Townsley |
2008-12-19
|
10 | Amanda Baber | IANA Evaluation comments/questions: QUESTION: We understand that the Service Name is a 32-character ASCII String. Should UTF8 be allowed? If so, would that be 32 … IANA Evaluation comments/questions: QUESTION: We understand that the Service Name is a 32-character ASCII String. Should UTF8 be allowed? If so, would that be 32 octets or 32 characters? Upon approval of this document, the IANA will create the registry "Name Binding Protocol Namespace" at http://www.iana.org/assignments/TBD Registration Procedures: FCFS Initial contents of this registry will be: Service Name Reference ------------ --------- |
2008-12-04
|
10 | Amy Vezza | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza |
2008-12-04
|
10 | David Ward | [Ballot Position Update] New position, No Objection, has been recorded by David Ward |
2008-12-04
|
10 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
2008-12-04
|
10 | Jari Arkko | [Ballot Position Update] New position, Yes, has been recorded by Jari Arkko |
2008-12-04
|
10 | Lisa Dusseault | [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault |
2008-12-04
|
10 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2008-12-04
|
10 | Dan Romascanu | [Ballot comment] I find the name of the document and of the page headers completely misleading. IMO the name should be 'Requirements for Replacing AppleTalk … [Ballot comment] I find the name of the document and of the page headers completely misleading. IMO the name should be 'Requirements for Replacing AppleTalk Name Binding Protocol (NBP)'. |
2008-12-04
|
10 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu |
2008-12-04
|
10 | Pasi Eronen | [Ballot discuss] I think the document should be clearer whether these requirements represent some kind of IETF consensus, or just opinions of the authors. I'm … [Ballot discuss] I think the document should be clearer whether these requirements represent some kind of IETF consensus, or just opinions of the authors. I'm guessing it's the latter, but this guess is mostly based on the I-D file name (which won't be visible once this becomes an RFC). I agree with Chris that Section 6 should be more realistic about the security goals: things like determining the authenticity of received information, or authority to request some information, can't usually be done with zero configuration. Even with non-zero configuration, a security solution that's realistically deployable in e.g. enterprise environment probably has to be able to leverage existing authentication and authorization infrastructure (things like Active Directory, Kerberos, or internal PKIs come to mind). Besides, the problem solved by DNSSEC (authenticating a hierarchical delegation structure) is quite different from securing an AppleTalk NBP like protocol (even if the messages re-use DNS formats). Section 7 should probably be clearer what actions IANA is expected to take when this document is approved (I'm guessing it's "none", but then the text should say "This document has no IANA actions."). [Holding a discuss for IANA] |
2008-12-03
|
10 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
2008-12-03
|
10 | Pasi Eronen | [Ballot discuss] I think the document should be clearer whether these requirements represent some kind of IETF consensus, or just opinions of the authors. I'm … [Ballot discuss] I think the document should be clearer whether these requirements represent some kind of IETF consensus, or just opinions of the authors. I'm guessing it's the latter, but this guess is mostly based on the I-D file name (which won't be visible once this becomes an RFC). I agree with Chris that Section 6 should be more realistic about the security goals: things like determining the authenticity of received information, or authority to request some information, can't usually be done with zero configuration. Even with non-zero configuration, a security solution that's realistically deployable in e.g. enterprise environment probably has to be able to leverage existing authentication and authorization infrastructure (things like Active Directory, Kerberos, or internal PKIs come to mind). Besides, the problem solved by DNSSEC (authenticating a hierarchical delegation structure) is quite different from securing an AppleTalk NBP like protocol (even if the messages re-use DNS formats). Section 7 should probably be clearer what actions IANA is expected to take when this document is approved (I'm guessing it's "none", but then the text should say "This document has no IANA actions."). |
2008-12-03
|
10 | Pasi Eronen | [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen |
2008-12-03
|
10 | Mark Townsley | [Ballot Position Update] New position, Yes, has been recorded for Mark Townsley |
2008-12-03
|
10 | Mark Townsley | Ballot has been issued by Mark Townsley |
2008-12-03
|
10 | (System) | Ballot writeup text was added |
2008-12-03
|
10 | (System) | Last call text was added |
2008-12-03
|
10 | (System) | Ballot approval text was added |
2008-12-02
|
10 | Chris Newman | [Ballot comment] I found the security considerations weak, albeit tolerable for this sort of informational document. Some discussion of the usability/deployability/security tradeoffs between a zeroconf … [Ballot comment] I found the security considerations weak, albeit tolerable for this sort of informational document. Some discussion of the usability/deployability/security tradeoffs between a zeroconf home network and a fully managed DNSSEC infrastructure would be informative. Further, I suspect it's a critical requirement to replace Appletalk NBP that "no security" be a protocol option since there's no way to get something with the same ease-of-use/ease-of-deployment profile in a home network. Right now there are two security options proposed: none or manually configured DNS unicast w/ DNSSEC. While I consider the "none" option very important since that's exactly the security I want to deploy on my home WLAN when it comes to this protocol (WPA2-AES is good enough for my home WLAN), there are scenarios where I might want some sort of middle ground without having to administer a DNS infrastructure. For example, "make sure I connect to the same file service as last time", or "make sure I use ipp/tls to the printer service and it's the same printer service I used last time". Has any sort of leap-of-faith SSH-style keying been considered within this framework? Indeed, in a large corporation with outsourced IT, getting competent DNSSEC management is probably not feasible so "grassroots" security might be more viable. |
2008-12-02
|
10 | Chris Newman | [Ballot comment] I found the security considerations weak, albeit tolerable for this sort of informational document. Right now there are two security options proposed: none … [Ballot comment] I found the security considerations weak, albeit tolerable for this sort of informational document. Right now there are two security options proposed: none or manually configured DNS unicast w/ DNSSEC. While I consider the "none" option very important since that's exactly the security I want to deploy on my home WLAN when it comes to this protocol (WPA2-AES is plenty good enough for my home WLAN), there are scenarios where I might want some sort of middle ground without having to administer a DNS infrastructure. For example, "make sure I connect to the same file service as last time", or "make sure I use ipp/tls to the printer service and it's the same printer service I used last time". Has any sort of leap-of-faith SSH-style keying been considered within this framework? Indeed, in a large corporation with outsourced IT, getting competent DNSSEC management is probably not feasible so "grassroots" security might be more viable. |
2008-12-02
|
10 | Chris Newman | [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman |
2008-12-02
|
10 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk |
2008-12-02
|
10 | Tim Polk | [Ballot comment] Section 3.15 (Immediate and Ongoing Information Presentation) describes user interface requirements rather than the underlying protocol requirements. I suggest revising this section in … [Ballot comment] Section 3.15 (Immediate and Ongoing Information Presentation) describes user interface requirements rather than the underlying protocol requirements. I suggest revising this section in terms of the protocol requirements. |
2008-12-02
|
10 | Lars Eggert | [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert |
2008-12-01
|
10 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
2008-12-01
|
10 | Cullen Jennings | [Ballot comment] This needs a ballot. |
2008-12-01
|
10 | Cullen Jennings | Created "Approve" ballot |
2008-11-27
|
10 | Mark Townsley | State Changes to IESG Evaluation from AD Evaluation by Mark Townsley |
2008-11-27
|
10 | Mark Townsley | Placed on agenda for telechat - 2008-12-04 by Mark Townsley |
2008-11-17
|
07 | (System) | New version available: draft-cheshire-dnsext-nbp-07.txt |
2008-09-12
|
10 | Mark Townsley | State Changes to AD Evaluation from Publication Requested by Mark Townsley |
2008-09-12
|
10 | Mark Townsley | Draft Added by Mark Townsley in state Publication Requested |
2008-09-12
|
06 | (System) | New version available: draft-cheshire-dnsext-nbp-06.txt |
2007-03-01
|
10 | (System) | Document has expired |
2006-08-28
|
05 | (System) | New version available: draft-cheshire-dnsext-nbp-05.txt |
2005-07-01
|
04 | (System) | New version available: draft-cheshire-dnsext-nbp-04.txt |
2004-02-16
|
03 | (System) | New version available: draft-cheshire-dnsext-nbp-03.txt |
2003-06-27
|
02 | (System) | New version available: draft-cheshire-dnsext-nbp-02.txt |
2002-12-23
|
01 | (System) | New version available: draft-cheshire-dnsext-nbp-01.txt |
2001-09-17
|
00 | (System) | New version available: draft-cheshire-dnsext-nbp-00.txt |