Outsourcing Home Network Authoritative Naming Service
draft-ietf-homenet-front-end-naming-delegation-00

The information below is for an old version of the document
Document Type Active Internet-Draft (homenet WG)
Last updated 2014-09-19
Replaces draft-mglt-homenet-front-end-naming-delegation
Stream IETF
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
HOMENET                                                  D. Migault (Ed)
Internet-Draft                                                    Orange
Intended status: Standards Track                             W. Cloetens
Expires: March 22, 2015                                       SoftAtHome
                                                            C. Griffiths
                                                                     Dyn
                                                                R. Weber
                                                                 Nominum
                                                      September 18, 2014

         Outsourcing Home Network Authoritative Naming Service
         draft-ietf-homenet-front-end-naming-delegation-00.txt

Abstract

   CPEs are designed to provide IP connectivity to home networks.  Most
   CPEs assign IP addresses to the nodes of the home network which makes
   it a good candidate for hosting the naming service.  With IPv6, the
   naming service makes nodes reachable from the home network as well as
   from the Internet.

   However, CPEs have not been designed to host such a naming service
   exposed on the Internet.  This may expose the CPEs to resource
   exhaustion which would make the home network unreachable, and most
   probably would also affect the home network inner communications.

   In addition, DNSSEC management and configuration may not be well
   understood or mastered by regular end users.  Misconfiguration may
   also results in naming service disruption, thus these end users may
   prefer to rely on third party naming providers.

   This document describes a homenet naming architecture where the CPEs
   manage the DNS zone associates to its home network, and outsources
   the naming service and eventually the DNSSEC management on the
   Internet to a third party designated as the Public Authoritative
   Servers.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

Migault (Ed), et al.     Expires March 22, 2015                 [Page 1]
Internet-Draft  Outsourcing Authoritative Naming Service  September 2014

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 22, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Requirements notation . . . . . . . . . . . . . . . . . . . .   3
   2.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Architecture Description  . . . . . . . . . . . . . . . . . .   5
     4.1.  Architecture Overview . . . . . . . . . . . . . . . . . .   5
     4.2.  Example: DNS(SEC) Homenet Zone  . . . . . . . . . . . . .   7
     4.3.  Example: CPE necessary parameters for outsourcing . . . .   9
   5.  Synchronization between CPE and Public Authoritative Servers   10
     5.1.  Synchronization with a Hidden Master  . . . . . . . . . .  10
     5.2.  Securing Synchronization  . . . . . . . . . . . . . . . .  11
     5.3.  CPE Security Policies . . . . . . . . . . . . . . . . . .  12
   6.  DNSSEC compliant Homenet Architecture . . . . . . . . . . . .  13
     6.1.  Zone Signing  . . . . . . . . . . . . . . . . . . . . . .  13
     6.2.  Secure Delegation . . . . . . . . . . . . . . . . . . . .  15
   7.  Handling Different Views  . . . . . . . . . . . . . . . . . .  15
   8.  Reverse Zone  . . . . . . . . . . . . . . . . . . . . . . . .  15
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  16
     9.1.  Names are less secure than IP addresses . . . . . . . . .  16
     9.2.  Names are less volatile than IP addresses . . . . . . . .  16
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  16
   11. Acknowledgment  . . . . . . . . . . . . . . . . . . . . . . .  16
Show full document text