Outsourcing Home Network Authoritative Naming Service
draft-ietf-homenet-front-end-naming-delegation-03

The information below is for an old version of the document
Document Type Active Internet-Draft (homenet WG)
Last updated 2015-07-02
Replaces draft-mglt-homenet-front-end-naming-delegation
Stream IETF
Intended RFC status Proposed Standard
Formats plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
HOMENET                                                  D. Migault (Ed)
Internet-Draft                                                  Ericsson
Intended status: Standards Track                                R. Weber
Expires: January 3, 2016                                         Nominum
                                                               R. Hunter
                                                    Globis Consulting BV
                                                            C. Griffiths

                                                             W. Cloetens
                                                              SoftAtHome
                                                            July 2, 2015

         Outsourcing Home Network Authoritative Naming Service
         draft-ietf-homenet-front-end-naming-delegation-03.txt

Abstract

   RFC7368 'IPv6 Home Networking Architecture Principles' section 3.7
   describes architecture principles related to naming and service
   discovery in residential home networks.

   Customer Edge Routers and other Customer Premises Equipment (CPEs)
   are designed to provide IP connectivity to home networks.  Most CPEs
   assign IP addresses to the nodes of the home network which makes them
   good candidates for hosting the naming service.  IPv6 provides global
   connectivity, and nodes from the home network will be reachable from
   the global Internet.  As a result, the naming service is expected to
   be exposed on the Internet.

   However, CPEs have not been designed to host such a naming service
   exposed on the Internet.  Running a naming service visible on the
   Internet may expose the CPEs to resource exhaustion and other
   attacks, which could make the home network unreachable, and most
   probably would also affect the internal communications of the home
   network.

   In addition, regular end users may not understand, or possess the
   necessary skills to be able to perform, DNSSEC management and
   configuration.  Misconfiguration may also result in naming service
   disruption, thus these end users may prefer to rely on third party
   name service providers.

   This document describes a homenet naming architecture, where the CPEs
   manage the DNS zones associated with its own home network, and
   outsource elements of the naming service (possibly including DNSSEC
   management) to a third party running on the Internet.

Migault (Ed), et al.     Expires January 3, 2016                [Page 1]
Internet-Draft  Outsourcing Authoritative Naming Service       July 2015

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 3, 2016.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Requirements notation . . . . . . . . . . . . . . . . . . . .   3
   2.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Architecture Description  . . . . . . . . . . . . . . . . . .   6
     4.1.  Architecture Overview . . . . . . . . . . . . . . . . . .   6
     4.2.  Example: Homenet Zone . . . . . . . . . . . . . . . . . .   8
     4.3.  Example: CPE necessary parameters for outsourcing . . . .  10
   5.  Synchronization between CPE and the Synchronization Server  .  11
     5.1.  Synchronization with a Hidden Primary . . . . . . . . . .  11
     5.2.  Securing Synchronization  . . . . . . . . . . . . . . . .  12
     5.3.  CPE Security Policies . . . . . . . . . . . . . . . . . .  13
   6.  DNSSEC compliant Homenet Architecture . . . . . . . . . . . .  14
     6.1.  Zone Signing  . . . . . . . . . . . . . . . . . . . . . .  14
     6.2.  Secure Delegation . . . . . . . . . . . . . . . . . . . .  16
Show full document text