Skip to main content

Requirements for a Protocol to Replace the AppleTalk Name Binding Protocol (NBP)
draft-cheshire-dnsext-nbp-10

Revision differences

Document history

Date Rev. By Action
2013-02-12
10 (System) RFC Editor state changed to AUTH48-DONE from AUTH48-DONE
2012-08-22
10 (System) post-migration administrative database adjustment to the No Objection position for Sean Turner
2012-08-22
10 (System) post-migration administrative database adjustment to the No Objection position for Russ Housley
2011-01-12
10 (System) New version available: draft-cheshire-dnsext-nbp-10.txt
2010-12-21
10 Amy Vezza State changed to RFC Ed Queue from Approved-announcement sent.
2010-12-20
10 (System) IANA Action state changed to No IC from In Progress
2010-12-20
10 (System) IANA Action state changed to In Progress
2010-12-20
10 Amy Vezza IESG state changed to Approved-announcement sent
2010-12-20
10 Amy Vezza IESG has approved the document
2010-12-20
10 Amy Vezza Closed "Approve" ballot
2010-12-20
10 Amy Vezza Approval announcement text regenerated
2010-12-20
10 Amy Vezza Ballot writeup text changed
2010-12-16
10 Amy Vezza State changed to Approved-announcement to be sent from IESG Evaluation.
2010-12-16
10 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded
2010-12-16
10 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded
2010-12-14
10 Ralph Droms State changed to IESG Evaluation from Waiting for AD Go-Ahead.
2010-12-08
10 David Harrington Request for Last Call review by TSVDIR is assigned to Nandita Dukkipati
2010-12-08
10 David Harrington Request for Last Call review by TSVDIR is assigned to Nandita Dukkipati
2010-12-02
10 Sean Turner
[Ballot comment]
The rewritten security considerations include two points a) had the protocol been developed with security in mind then it would have been done …
[Ballot comment]
The rewritten security considerations include two points a) had the protocol been developed with security in mind then it would have been done differently b) when a new/modern version is designed the requirement is that it have security measures appropriate to the environment in which it will be used.  Based on the changes, I'm changing to no objection.
2010-12-02
10 Sean Turner
[Ballot comment]
The rewritten security considerations include two points a) had the protocol been developed with security in mind then it would have been done …
[Ballot comment]
The rewritten security considerations include two points a) had the protocol been developed with security in mind then it would have been done differently b) when a new/modern version is designed the requirements is that it have security measures appropriate to the environment in which it will be used.  Based on the changes, I'm changing to no objection.
2010-12-02
10 Sean Turner [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss
2010-12-02
10 Russ Housley [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss
2010-12-01
10 Ralph Droms Telechat date was changed to 2010-12-16 from 2010-12-02 by Ralph Droms
2010-12-01
10 Ralph Droms Note field has been cleared by Ralph Droms
2010-12-01
10 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded
2010-12-01
10 Peter Saint-Andre [Ballot Position Update] New position, No Objection, has been recorded
2010-11-29
10 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded
2010-11-23
10 (System) State changed to Waiting for AD Go-Ahead from In Last Call.
2010-11-13
10 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Jürgen Schönwälder.
2010-11-01
10 Amanda Baber We understand that this document does not require any IANA actions.
2010-10-29
10 Samuel Weiler Request for Last Call review by SECDIR is assigned to Jürgen Schönwälder
2010-10-29
10 Samuel Weiler Request for Last Call review by SECDIR is assigned to Jürgen Schönwälder
2010-10-26
10 Amy Vezza Last call sent
2010-10-26
10 Amy Vezza State changed to In Last Call from Last Call Requested by Amy Vezza
2010-10-26
10 Ralph Droms Placed on agenda for telechat - 2010-12-02 by Ralph Droms
2010-10-26
10 Ralph Droms Status Date has been changed to 2010-10-26 from None by Ralph Droms
2010-10-26
10 Ralph Droms Last Call was requested by Ralph Droms
2010-10-26
10 Ralph Droms State changed to Last Call Requested from AD Evaluation by Ralph Droms
2010-10-26
10 Ralph Droms [Ballot Position Update] New position, Yes, has been recorded for Ralph Droms
2010-10-26
10 Ralph Droms Ballot has been issued by Ralph Droms
2010-10-25
09 (System) New version available: draft-cheshire-dnsext-nbp-09.txt
2010-09-13
10 Ralph Droms State changed to AD Evaluation from IESG Evaluation::AD Followup by Ralph Droms
2010-04-08
10 Sean Turner
[Ballot discuss]
I am picking up Pasi's DISCUSS on this document.

I think the document should be clearer whether these requirements
represent some kind of …
[Ballot discuss]
I am picking up Pasi's DISCUSS on this document.

I think the document should be clearer whether these requirements
represent some kind of IETF consensus, or just opinions of the
authors.  I'm guessing it's the latter, but this guess is mostly based
on the I-D file name (which won't be visible once this becomes an RFC).

I agree with Chris that Section 6 should be more realistic about the
security goals: things like determining the authenticity of received
information, or authority to request some information, can't usually
be done with zero configuration.  Even with non-zero configuration, a
security solution that's realistically deployable in e.g. enterprise
environment probably has to be able to leverage existing
authentication and authorization infrastructure (things like Active
Directory, Kerberos, or internal PKIs come to mind). Besides, the
problem solved by DNSSEC (authenticating a hierarchical delegation
structure) is quite different from securing an AppleTalk NBP like
protocol (even if the messages re-use DNS formats).
2010-04-08
10 Sean Turner [Ballot Position Update] New position, Discuss, has been recorded by Sean Turner
2010-04-03
10 Russ Housley
[Ballot discuss]
[Holding a discuss for IANA]
Section 7 should be clearer about the actions IANA is expected
to take when this document is approved.  …
[Ballot discuss]
[Holding a discuss for IANA]
Section 7 should be clearer about the actions IANA is expected
to take when this document is approved.  Please add an IANA
considerations section, even if it says, "This document has
no IANA actions.").
2010-04-03
10 Russ Housley [Ballot Position Update] New position, Discuss, has been recorded by Russ Housley
2010-03-08
10 (System) Sub state has been changed to AD Follow up from New Id Needed
2010-03-08
08 (System) New version available: draft-cheshire-dnsext-nbp-08.txt
2009-04-07
10 Ralph Droms Responsible AD has been changed to Ralph Droms from Mark Townsley
2009-02-06
10 Mark Townsley Sent email to Stuart asking for update
2009-02-06
10 Mark Townsley State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation::AD Followup by Mark Townsley
2008-12-19
10 Amanda Baber
IANA Evaluation comments/questions:

QUESTION: We understand that the Service Name is a 32-character
ASCII String. Should UTF8 be allowed? If so, would that be 32 …
IANA Evaluation comments/questions:

QUESTION: We understand that the Service Name is a 32-character
ASCII String. Should UTF8 be allowed? If so, would that be 32
octets or 32 characters?

Upon approval of this document, the IANA will create the registry
"Name Binding Protocol Namespace" at
http://www.iana.org/assignments/TBD

Registration Procedures: FCFS
Initial contents of this registry will be:

Service Name Reference
------------ ---------
2008-12-04
10 Amy Vezza State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Amy Vezza
2008-12-04
10 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2008-12-04
10 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2008-12-04
10 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded by Jari Arkko
2008-12-04
10 Lisa Dusseault [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault
2008-12-04
10 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2008-12-04
10 Dan Romascanu
[Ballot comment]
I find the name of the document and of the page headers completely misleading. IMO the name should be 'Requirements for Replacing AppleTalk …
[Ballot comment]
I find the name of the document and of the page headers completely misleading. IMO the name should be 'Requirements for Replacing AppleTalk Name Binding Protocol (NBP)'.
2008-12-04
10 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2008-12-04
10 Pasi Eronen
[Ballot discuss]
I think the document should be clearer whether these requirements
represent some kind of IETF consensus, or just opinions of the
authors.  I'm …
[Ballot discuss]
I think the document should be clearer whether these requirements
represent some kind of IETF consensus, or just opinions of the
authors.  I'm guessing it's the latter, but this guess is mostly based
on the I-D file name (which won't be visible once this becomes an RFC).

I agree with Chris that Section 6 should be more realistic about the
security goals: things like determining the authenticity of received
information, or authority to request some information, can't usually
be done with zero configuration.  Even with non-zero configuration, a
security solution that's realistically deployable in e.g. enterprise
environment probably has to be able to leverage existing
authentication and authorization infrastructure (things like Active
Directory, Kerberos, or internal PKIs come to mind). Besides, the
problem solved by DNSSEC (authenticating a hierarchical delegation
structure) is quite different from securing an AppleTalk NBP like
protocol (even if the messages re-use DNS formats).

Section 7 should probably be clearer what actions IANA is expected
to take when this document is approved (I'm guessing it's "none", but
then the text should say "This document has no IANA actions.").
[Holding a discuss for IANA]
2008-12-03
10 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2008-12-03
10 Pasi Eronen
[Ballot discuss]
I think the document should be clearer whether these requirements
represent some kind of IETF consensus, or just opinions of the
authors.  I'm …
[Ballot discuss]
I think the document should be clearer whether these requirements
represent some kind of IETF consensus, or just opinions of the
authors.  I'm guessing it's the latter, but this guess is mostly based
on the I-D file name (which won't be visible once this becomes an RFC).

I agree with Chris that Section 6 should be more realistic about the
security goals: things like determining the authenticity of received
information, or authority to request some information, can't usually
be done with zero configuration.  Even with non-zero configuration, a
security solution that's realistically deployable in e.g. enterprise
environment probably has to be able to leverage existing
authentication and authorization infrastructure (things like Active
Directory, Kerberos, or internal PKIs come to mind). Besides, the
problem solved by DNSSEC (authenticating a hierarchical delegation
structure) is quite different from securing an AppleTalk NBP like
protocol (even if the messages re-use DNS formats).

Section 7 should probably be clearer what actions IANA is expected
to take when this document is approved (I'm guessing it's "none", but
then the text should say "This document has no IANA actions.").
2008-12-03
10 Pasi Eronen [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen
2008-12-03
10 Mark Townsley [Ballot Position Update] New position, Yes, has been recorded for Mark Townsley
2008-12-03
10 Mark Townsley Ballot has been issued by Mark Townsley
2008-12-03
10 (System) Ballot writeup text was added
2008-12-03
10 (System) Last call text was added
2008-12-03
10 (System) Ballot approval text was added
2008-12-02
10 Chris Newman
[Ballot comment]
I found the security considerations weak, albeit tolerable for this sort
of informational document.

Some discussion of the usability/deployability/security tradeoffs
between a zeroconf …
[Ballot comment]
I found the security considerations weak, albeit tolerable for this sort
of informational document.

Some discussion of the usability/deployability/security tradeoffs
between a zeroconf home network and a fully managed DNSSEC
infrastructure would be informative.  Further, I suspect it's a critical
requirement to replace Appletalk NBP that "no security" be a protocol option since there's no way to get something with the same
ease-of-use/ease-of-deployment profile in a home network.

Right now there are two security options proposed: none or manually
configured DNS unicast w/ DNSSEC.  While I consider the "none" option
very important since that's exactly the security I want to deploy on
my home WLAN when it comes to this protocol (WPA2-AES is good
enough for my home WLAN), there are scenarios where I might want
some sort of middle ground without having to administer a
DNS infrastructure.  For example, "make sure I connect
to the same file service as last time", or "make sure I use ipp/tls
to the printer service and it's the same printer service I used last
time".  Has any sort of leap-of-faith SSH-style keying been
considered within this framework?  Indeed, in a large corporation with
outsourced IT, getting competent DNSSEC management is probably not
feasible so "grassroots" security might be more viable.
2008-12-02
10 Chris Newman
[Ballot comment]
I found the security considerations weak, albeit tolerable for this sort
of informational document.

Right now there are two security options proposed: none …
[Ballot comment]
I found the security considerations weak, albeit tolerable for this sort
of informational document.

Right now there are two security options proposed: none or manually
configured DNS unicast w/ DNSSEC.  While I consider the "none" option
very important since that's exactly the security I want to deploy on
my home WLAN when it comes to this protocol (WPA2-AES is plenty good
enough for my home WLAN), there are scenarios where I might want
some sort of middle ground without having to administer a
DNS infrastructure.  For example, "make sure I connect
to the same file service as last time", or "make sure I use ipp/tls
to the printer service and it's the same printer service I used last
time".  Has any sort of leap-of-faith SSH-style keying been
considered within this framework?  Indeed, in a large corporation with
outsourced IT, getting competent DNSSEC management is probably not
feasible so "grassroots" security might be more viable.
2008-12-02
10 Chris Newman [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman
2008-12-02
10 Tim Polk [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk
2008-12-02
10 Tim Polk
[Ballot comment]
Section 3.15 (Immediate and Ongoing Information Presentation) describes user interface requirements rather than the underlying protocol requirements.  I suggest revising this
section in …
[Ballot comment]
Section 3.15 (Immediate and Ongoing Information Presentation) describes user interface requirements rather than the underlying protocol requirements.  I suggest revising this
section in terms of the protocol requirements.
2008-12-02
10 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2008-12-01
10 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2008-12-01
10 Cullen Jennings [Ballot comment]
This needs a ballot.
2008-12-01
10 Cullen Jennings Created "Approve" ballot
2008-11-27
10 Mark Townsley State Changes to IESG Evaluation from AD Evaluation by Mark Townsley
2008-11-27
10 Mark Townsley Placed on agenda for telechat - 2008-12-04 by Mark Townsley
2008-11-17
07 (System) New version available: draft-cheshire-dnsext-nbp-07.txt
2008-09-12
10 Mark Townsley State Changes to AD Evaluation from Publication Requested by Mark Townsley
2008-09-12
10 Mark Townsley Draft Added by Mark Townsley in state Publication Requested
2008-09-12
06 (System) New version available: draft-cheshire-dnsext-nbp-06.txt
2007-03-01
10 (System) Document has expired
2006-08-28
05 (System) New version available: draft-cheshire-dnsext-nbp-05.txt
2005-07-01
04 (System) New version available: draft-cheshire-dnsext-nbp-04.txt
2004-02-16
03 (System) New version available: draft-cheshire-dnsext-nbp-03.txt
2003-06-27
02 (System) New version available: draft-cheshire-dnsext-nbp-02.txt
2002-12-23
01 (System) New version available: draft-cheshire-dnsext-nbp-01.txt
2001-09-17
00 (System) New version available: draft-cheshire-dnsext-nbp-00.txt