draft-ietf-homenet-dot-09.txt   draft-ietf-homenet-dot-10.txt 
Network Working Group P. Pfister Network Working Group P. Pfister
Internet-Draft Cisco Systems Internet-Draft Cisco Systems
Updates: RFC7788 (if approved) T. Lemon Updates: RFC7788 (if approved) T. Lemon
Intended status: Standards Track Nominum, Inc. Intended status: Standards Track Nominum, Inc.
Expires: January 4, 2018 July 3, 2017 Expires: January 29, 2018 July 28, 2017
Special Use Domain '.home.arpa' Special Use Domain 'home.arpa.'
draft-ietf-homenet-dot-09 draft-ietf-homenet-dot-10
Abstract Abstract
This document specifies the behavior that is expected from the Domain This document specifies the behavior that is expected from the Domain
Name System with regard to DNS queries for names ending with Name System with regard to DNS queries for names ending with
'.home.arpa.', and designates this domain as a special-use domain '.home.arpa.', and designates this domain as a special-use domain
name. 'home.arpa' is designated for non-unique use in residential name. 'home.arpa.' is designated for non-unique use in residential
home networks. Home Networking Control Protocol (HNCP) is updated to home networks. Home Networking Control Protocol (HNCP) is updated to
use the '.home.arpa' domain instead of '.home'. use the 'home.arpa.' domain instead of '.home'.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2018. This Internet-Draft will expire on January 29, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 15 skipping to change at page 2, line 15
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3 3. General Guidance . . . . . . . . . . . . . . . . . . . . . . 3
4. Domain Name Reservation Considerations . . . . . . . . . . . 3 4. Domain Name Reservation Considerations . . . . . . . . . . . 3
5. Updates to Home Networking Control Protocol . . . . . . . . . 5 5. Updates to Home Networking Control Protocol . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . 5
7. Delegation of 'home.arpa' . . . . . . . . . . . . . . . . . . 7 7. Delegation of 'home.arpa.' . . . . . . . . . . . . . . . . . 7
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
10.1. Normative References . . . . . . . . . . . . . . . . . . 7 10.1. Normative References . . . . . . . . . . . . . . . . . . 7
10.2. Informative References . . . . . . . . . . . . . . . . . 8 10.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
Users and devices within a home network (hereafter "homenet") require Users and devices within a home network (hereafter "homenet") require
devices and services to be identified by names that are unique within devices and services to be identified by names that are unique within
the boundaries of the homenet [RFC7368]. The naming mechanism needs the boundaries of the homenet [RFC7368]. The naming mechanism needs
to function without configuration from the user. While it may be to function without configuration from the user. While it may be
possible for a name to be delegated by an ISP, homenets must also possible for a name to be delegated by an ISP, homenets must also
function in the absence of such a delegation. A default name with a function in the absence of such a delegation. A default name with a
scope limited to each individual homenet needs to be used. scope limited to each individual homenet needs to be used.
This document corrects an error in [RFC7788], replacing '.home' with This document corrects an error in [RFC7788], replacing '.home' with
'.home.arpa' as the default domain-name for homenets. '.home' had 'home.arpa.' as the default domain-name for homenets. '.home' had
been selected as the most user-friendly option. However, there are been selected as the most user-friendly option. However, there are
existing uses of '.home' that may be in conflict with this use: existing uses of '.home' that may be in conflict with this use:
evidence indicates that '.home' queries frequently leak out and reach evidence indicates that '.home' queries frequently leak out and reach
the root name servers [ICANN1] [ICANN2]. the root name servers [ICANN1] [ICANN2].
In addition, it's necessary, for compatibility with DNSSEC In addition, it's necessary, for compatibility with DNSSEC
(Section 6), that an unsigned delegation be present for the name. (Section 6), that an unsigned delegation be present for the name.
There is an existing process for allocating names under '.arpa' There is an existing process for allocating names under '.arpa'
[RFC3172]. No such process is available for requesting a similar [RFC3172]. No such process is available for requesting a similar
delegation in the root at the request of the IETF, which does not delegation in the root at the request of the IETF, which does not
administer that zone. As a result, the use of '.home' is deprecated. administer that zone. As a result, the use of '.home' is deprecated.
This document registers the domain '.home.arpa.' as a special-use This document registers the domain '.home.arpa.' as a special-use
domain name [RFC6761] and specifies the behavior that is expected domain name [RFC6761] and specifies the behavior that is expected
from the Domain Name System with regard to DNS queries for names from the Domain Name System with regard to DNS queries for names
whose rightmost non-terminal labels are '.home.arpa'. Queries for whose rightmost non-terminal labels are 'home.arpa.'. Queries for
names ending with '.home.arpa.' are of local significance within the names ending with '.home.arpa.' are of local significance within the
scope of a homenet, meaning that identical queries will result in scope of a homenet, meaning that identical queries will result in
different results from one homenet to another. In other words, a different results from one homenet to another. In other words, a
name ending in '.home.arpa' is not globally unique. name ending in 'home.arpa.' is not globally unique.
Although this document makes specific reference to RFC7788, it is not Although this document makes specific reference to RFC7788, it is not
intended that the use of '.home.arpa' be restricted solely to intended that the use of 'home.arpa.' be restricted solely to
networks where HNCP is deployed; it is rather the case that networks where HNCP is deployed; it is rather the case that
'.home.arpa' is the correct domain for uses like the one described 'home.arpa.' is the correct domain for uses like the one described
for '.home' in RFC7788: local name service in residential homenets. for '.home' in RFC7788: local name service in residential homenets.
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
skipping to change at page 3, line 38 skipping to change at page 3, line 38
nodes and/or services that are located within a homenet (e.g., a nodes and/or services that are located within a homenet (e.g., a
printer, or a toaster). printer, or a toaster).
DNS queries for names ending with '.home.arpa.' are resolved using DNS queries for names ending with '.home.arpa.' are resolved using
local resolvers on the homenet. Such queries MUST NOT be recursively local resolvers on the homenet. Such queries MUST NOT be recursively
forwarded to servers outside the logical boundaries of the homenet. forwarded to servers outside the logical boundaries of the homenet.
Some service discovery user interfaces that are expected to be used Some service discovery user interfaces that are expected to be used
on homenets conceal information such as domain names from end users. on homenets conceal information such as domain names from end users.
However, it is still expected that in some cases, users will need to However, it is still expected that in some cases, users will need to
see, remember, and even type, names ending with '.home.arpa'. It is see, remember, and even type, names ending with 'home.arpa.'. It is
therefore desirable that users identify the domain and understand therefore desirable that users identify the domain and understand
that using it expresses the intention to connect to a service that is that using it expresses the intention to connect to a service that is
specific to the homenet to which they are connected. Enforcing the specific to the homenet to which they are connected. Enforcing the
fulfillment of this intention is out of scope for this document. fulfillment of this intention is out of scope for this document.
4. Domain Name Reservation Considerations 4. Domain Name Reservation Considerations
This section defines the behavior of systems involved in domain name This section defines the behavior of systems involved in domain name
resolution when resolving queries for names ending with '.home.arpa.' resolution when resolving queries for names ending with '.home.arpa.'
(as per [RFC6761]). (as per [RFC6761]).
1. Users can use names ending with '.home.arpa.' just as they would 1. Users can use names ending with '.home.arpa.' just as they would
use any other domain name. The '.home.arpa' name is chosen to be use any other domain name. The 'home.arpa.' name is chosen to be
readily recognized by users as signifying that the name is readily recognized by users as signifying that the name is
addressing a service on the homenet to which the user's device is addressing a service on the homenet to which the user's device is
connected. connected.
2. Application software SHOULD NOT treat names ending in 2. Application software SHOULD NOT treat names ending in
'.home.arpa' differently than other names. In particular, there 'home.arpa.' differently than other names. In particular, there
is no basis for trusting names that are subdomains of is no basis for trusting names that are subdomains of
'.home.arpa' (see Section 6). 'home.arpa.' (see Section 6).
3. Name resolution APIs and libraries MUST NOT recognize names that 3. Name resolution APIs and libraries MUST NOT recognize names that
end in '.home.arpa.' as special and MUST NOT treat them end in '.home.arpa.' as special and MUST NOT treat them
differently. Name resolution APIs MUST send queries for such differently. Name resolution APIs MUST send queries for such
names to a recursive DNS server that is configured to be names to a recursive DNS server that is configured to be
authoritative for the '.home.arpa' zone appropriate to the authoritative for the 'home.arpa.' zone appropriate to the
homenet. One or more IP addresses for recursive DNS servers will homenet. One or more IP addresses for recursive DNS servers will
usually be supplied to the client through router advertisements usually be supplied to the client through router advertisements
or DHCP. If a host is configured to use a resolver other than or DHCP. If a host is configured to use a resolver other than
one that is authoritative for the appropriate '.home.arpa' zone, one that is authoritative for the appropriate 'home.arpa.' zone,
the client may be unable to resolve, or may receive incorrect the client may be unable to resolve, or may receive incorrect
results for, names in sub domains of '.home.arpa'. results for, names in sub domains of 'home.arpa.'.
4. Unless configured otherwise, recursive resolvers and DNS proxies 4. Unless configured otherwise, recursive resolvers and DNS proxies
MUST behave as described in Locally Served Zones ([RFC6303] MUST behave as described in Locally Served Zones ([RFC6303]
Section 3). Recursive resolvers that can be used in a homenet Section 3). Recursive resolvers that can be used in a homenet
MUST be configurable with a delegation to an authoritative server MUST be configurable with a delegation to an authoritative server
for that particular homenet's instance of the domain for that particular homenet's instance of the domain
'.home.arpa', and, when so configured, MUST NOT attempt to look 'home.arpa.', and, when so configured, MUST NOT attempt to look
up a delegation for '.home.arpa' in the public DNS. Of course, up a delegation for 'home.arpa.' in the public DNS. Of course,
from an implementation standpoint it may be that a hybrid name from an implementation standpoint it may be that a hybrid name
server acts as a caching resolver or DNS proxy for non-local server acts as a caching resolver or DNS proxy for non-local
domains and as an authoritative server for '.home.arpa' and other domains and as an authoritative server for 'home.arpa.' and other
locally served zones, responding directly to queries for locally served zones, responding directly to queries for
subdomains of '.home.arpa' rather than using a delegation. subdomains of 'home.arpa.' rather than using a delegation.
5. No special processing of '.home.arpa' is required for 5. No special processing of 'home.arpa.' is required for
authoritative DNS server implementations. However, it is authoritative DNS server implementations. It is possible that an
possible that an authoritative DNS server might attempt to authoritative DNS server might attempt to check the authoritative
validate the delegation for a zone before answering servers for 'home.arpa.' for a delegation beneath that name
authoritatively for that zone. In this situation, it would find before answering authoritatively for such a delegated name. In
an invalid delegation, and would not answer authoritatively. A such a case, because the name always has only local significance
server that implements this sort of check MUST be configurable so there will be no such delegation in the 'home.arpa.' zone, and so
that either it does not do this check for the 'home.arpa' domain, the server would refuse to answer authoritatively for such a
or it ignores the results of the check. zone. A server that implements this sort of check MUST be
configurable so that either it does not do this check for the
'home.arpa.' domain, or it ignores the results of the check.
6. DNS server operators MAY configure an authoritative server for 6. DNS server operators MAY configure an authoritative server for
'.home.arpa' for use in homenets and other home networks. The 'home.arpa.' for use in homenets and other home networks. The
operator for the DNS servers authoritative for '.home.arpa' in operator for the DNS servers authoritative for 'home.arpa.' in
the global DNS will configure any such servers as described in the global DNS will configure any such servers as described in
Section 7. Section 7.
7. 'home.arpa' is a subdomain of the 'arpa' top-level domain, which 7. 'home.arpa.' is a subdomain of the 'arpa' top-level domain, which
is operated by IANA under the authority of the Internet is operated by IANA under the authority of the Internet
Architecture Board according to the rules established in Architecture Board according to the rules established in
[RFC3172]. There are no other registrars for .arpa. [RFC3172]. There are no other registrars for .arpa.
5. Updates to Home Networking Control Protocol 5. Updates to Home Networking Control Protocol
The final paragraph of Home Networking Control Protocol [RFC7788], The final paragraph of Home Networking Control Protocol [RFC7788],
section 8, is updated as follows: section 8, is updated as follows:
OLD: OLD:
skipping to change at page 5, line 33 skipping to change at page 5, line 34
administrator MAY configure the announcement of a Domain-Name TLV administrator MAY configure the announcement of a Domain-Name TLV
(Section 10.6) for the network to use a different one. In case (Section 10.6) for the network to use a different one. In case
multiple are announced, the domain of the node with the greatest multiple are announced, the domain of the node with the greatest
node identifier takes precedence. node identifier takes precedence.
NEW: NEW:
Names and unqualified zones are used in an HNCP network to provide Names and unqualified zones are used in an HNCP network to provide
naming and service discovery with local significance. A network- naming and service discovery with local significance. A network-
wide zone is appended to all single labels or unqualified zones in wide zone is appended to all single labels or unqualified zones in
order to qualify them. '.home.arpa' is the default; however, an order to qualify them. 'home.arpa.' is the default; however, an
administrator MAY configure the announcement of a Domain-Name TLV administrator MAY configure the announcement of a Domain-Name TLV
(Section 10.6) for the network to use a different one. In case (Section 10.6) for the network to use a different one. In case
multiple are announced, the domain of the node with the greatest multiple are announced, the domain of the node with the greatest
node identifier takes precedence. node identifier takes precedence.
The '.home.arpa' special-use name does not require a special The 'home.arpa.' special-use name does not require a special
resolution protocol. Names for which the rightmost two labels are resolution protocol. Names for which the rightmost two labels are
'.home.arpa' are resolved using the DNS protocol [RFC1035]. 'home.arpa.' are resolved using the DNS protocol [RFC1035].
6. Security Considerations 6. Security Considerations
A DNS record that is returned as a response to a query for an FQDN in A DNS record that is returned as a response to a query for an FQDN in
the domain '.home.arpa.' is expected to have local significance. It the domain '.home.arpa.' is expected to have local significance. It
is expected to be returned by a server involved in name resolution is expected to be returned by a server involved in name resolution
for the homenet the device is connected in. However, such response for the homenet the device is connected in. However, such response
MUST NOT be considered more trustworthy than would be a similar MUST NOT be considered more trustworthy than would be a similar
response for any other DNS query. response for any other DNS query.
Because '.home.arpa' is not globally scoped and cannot be secured Because 'home.arpa.' is not globally scoped and cannot be secured
using DNSSEC based on the root domain's trust anchor, there is no way using DNSSEC based on the root domain's trust anchor, there is no way
to tell, using a standard DNS query, in which homenet scope an answer to tell, using a standard DNS query, in which homenet scope an answer
belongs. Consequently, users may experience surprising results with belongs. Consequently, users may experience surprising results with
such names when roaming to different homenets. To prevent this from such names when roaming to different homenets. To prevent this from
happening, it may be useful for the resolver to identify different happening, it may be useful for the resolver to identify different
homenets on which it has resolved names, but this is out of scope for homenets on which it has resolved names, but this is out of scope for
this document. this document.
It is not possible to install a trust anchor for this zone in the It is not possible to install a trust anchor for this zone in the
'.arpa' zone. The reason for this is that in order to do so, it '.arpa' zone. The reason for this is that in order to do so, it
would be necessary to have the key-signing key for the zone would be necessary to have the key-signing key for the zone
([RFC4034] Section 5). Since the zone is not globally unique, no one ([RFC4034] Section 5). Since the zone is not globally unique, no one
key would work. key would work.
An alternative would be to install a authenticated denial of An alternative would be to install a authenticated denial of
existence ([RFC4033] Section 3.2). However, this assumes that existence ([RFC4033] Section 3.2). However, this assumes that
validation is being done on a caching resolver that is aware of the validation is being done on a caching resolver that is aware of the
special local meaning of '.home.arpa'. If a host stub resolver special local meaning of 'home.arpa.'. If a host stub resolver
attempts to validate a name in '.home.arpa', an authenticated denial attempts to validate a name in 'home.arpa.', an authenticated denial
of existence of 'home' as a subdomain of 'arpa.' would cause the of existence of 'home' as a subdomain of 'arpa.' would cause the
validation to fail. Therefore, the only delegation that will allow validation to fail. Therefore, the only delegation that will allow
names under '.home.arpa' to be resolved is an unsigned delegation. names under 'home.arpa.' to be resolved is an unsigned delegation.
Consequently, unless a trust anchor for the particular instance of Consequently, unless a trust anchor for the particular instance of
the '.home.arpa' zone being validated is manually configured on the the 'home.arpa.' zone being validated is manually configured on the
validating resolver, DNSSEC signing of names within the '.home.arpa' validating resolver, DNSSEC signing of names within the 'home.arpa.'
zone is not possible. zone is not possible.
Although in principle it might be useful to install a trust anchor Although in principle it might be useful to install a trust anchor
for a particular instance of '.home.arpa', it's reasonable to expect for a particular instance of 'home.arpa.', it's reasonable to expect
that a host with such a trust anchor might from time to time connect that a host with such a trust anchor might from time to time connect
to more than one network with its own instance of '.home.arpa'. Such to more than one network with its own instance of 'home.arpa.'. Such
a host would be unable to access services on any instance of a host would be unable to access services on any instance of
'.home.arpa' other than the one for which a trust anchor was 'home.arpa.' other than the one for which a trust anchor was
configured. configured.
It is in principle possible to attach an identifier to an instance of It is in principle possible to attach an identifier to an instance of
'.home.arpa' that could be used to identify which trust anchor to 'home.arpa.' that could be used to identify which trust anchor to
rely on for validating names in that particular instance. However, rely on for validating names in that particular instance. However,
the security implications of this are complicated, and such a the security implications of this are complicated, and such a
mechanism, as well as a discussion of those implications, is out of mechanism, as well as a discussion of those implications, is out of
scope for this document. scope for this document.
7. Delegation of 'home.arpa' 7. Delegation of 'home.arpa.'
In order to be fully functional, there must be a delegation of In order to be fully functional, there must be a delegation of
'home.arpa' in the '.arpa' zone [RFC3172]. This delegation MUST NOT 'home.arpa.' in the '.arpa.' zone [RFC3172]. This delegation MUST
be signed, MUST NOT include a DS record, and MUST point to one or NOT be signed, MUST NOT include a DS record, and MUST point to one or
more black hole servers, for example BLACKHOLE-1.IANA.ORG and more black hole servers, for example 'blackhole-1.iana.org.' and
BLACKHOLE-2.IANA.ORG. The reason that this delegation must not be 'blackhole-2.iana.org.'. The reason that this delegation must not be
signed is that not signing the delegation breaks the DNSSEC chain of signed is that not signing the delegation breaks the DNSSEC chain of
trust, which prevents a validating stub resolver from rejecting names trust, which prevents a validating stub resolver from rejecting names
published under 'home.arpa' on a homenet name server. published under 'home.arpa.' on a homenet name server.
8. IANA Considerations 8. IANA Considerations
IANA is requested to record the domain name '.home.arpa' in the IANA is requested to record the domain name 'home.arpa.' in the
Special-Use Domain Names registry [SUDN]. IANA is requested, with Special-Use Domain Names registry [SUDN]. IANA is requested, with
the approval of IAB, to implement the delegation requested in the approval of IAB, to implement the delegation requested in
Section 7. Section 7.
9. Acknowledgments 9. Acknowledgments
The authors would like to thank Stuart Cheshire for his prior work on The authors would like to thank Stuart Cheshire for his prior work on
'.home', as well as the homenet chairs: Mark Townsley and Ray Bellis. '.home', as well as the homenet chairs: Mark Townsley and Ray Bellis.
We would also like to thank Paul Hoffman for providing review and We would also like to thank Paul Hoffman for providing review and
comments on the IANA considerations section and Suzanne Woolf and Ray comments on the IANA considerations section, Andrew Sullivan for his
Bellis for their detailed review comments. review and proposed text, and Suzanne Woolf and Ray Bellis for their
very detailed review comments and process insights.
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 8, line 11 skipping to change at page 8, line 11
[RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names",
RFC 6761, DOI 10.17487/RFC6761, February 2013, RFC 6761, DOI 10.17487/RFC6761, February 2013,
<http://www.rfc-editor.org/info/rfc6761>. <http://www.rfc-editor.org/info/rfc6761>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <http://www.rfc-editor.org/info/rfc8174>. May 2017, <http://www.rfc-editor.org/info/rfc8174>.
10.2. Informative References 10.2. Informative References
[ICANN1] "New gTLD Collision Risk Mitigation", October 2013,
<https://www.icann.org/en/system/files/files/new-gtld-
collision-mitigation-05aug13-en.pdf>.
[ICANN2] "New gTLD Collision Occurence Management", October 2013,
<https://www.icann.org/en/system/files/files/resolutions-
new-gtld-annex-1-07oct13-en.pdf>.
[RFC1035] Mockapetris, P., "Domain names - implementation and [RFC1035] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <http://www.rfc-editor.org/info/rfc1035>. November 1987, <http://www.rfc-editor.org/info/rfc1035>.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", Rose, "DNS Security Introduction and Requirements",
RFC 4033, DOI 10.17487/RFC4033, March 2005, RFC 4033, DOI 10.17487/RFC4033, March 2005,
<http://www.rfc-editor.org/info/rfc4033>. <http://www.rfc-editor.org/info/rfc4033>.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
skipping to change at page 8, line 42 skipping to change at page 8, line 34
[RFC7368] Chown, T., Ed., Arkko, J., Brandt, A., Troan, O., and J. [RFC7368] Chown, T., Ed., Arkko, J., Brandt, A., Troan, O., and J.
Weil, "IPv6 Home Networking Architecture Principles", Weil, "IPv6 Home Networking Architecture Principles",
RFC 7368, DOI 10.17487/RFC7368, October 2014, RFC 7368, DOI 10.17487/RFC7368, October 2014,
<http://www.rfc-editor.org/info/rfc7368>. <http://www.rfc-editor.org/info/rfc7368>.
[RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking [RFC7788] Stenberg, M., Barth, S., and P. Pfister, "Home Networking
Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April Control Protocol", RFC 7788, DOI 10.17487/RFC7788, April
2016, <http://www.rfc-editor.org/info/rfc7788>. 2016, <http://www.rfc-editor.org/info/rfc7788>.
[ICANN1] "New gTLD Collision Risk Mitigation", October 2013,
<https://www.icann.org/en/system/files/files/new-gtld-
collision-mitigation-05aug13-en.pdf>.
[ICANN2] "New gTLD Collision Occurence Management", October 2013,
<https://www.icann.org/en/system/files/files/resolutions-
new-gtld-annex-1-07oct13-en.pdf>.
[SUDN] "Special-Use Domain Names Registry", July 2012, [SUDN] "Special-Use Domain Names Registry", July 2012,
<http://www.iana.org/assignments/special-use-domain-names/ <http://www.iana.org/assignments/special-use-domain-names/
special-use-domain-names.xhtml>. special-use-domain-names.xhtml>.
Authors' Addresses Authors' Addresses
Pierre Pfister Pierre Pfister
Cisco Systems Cisco Systems
Paris Paris
France France
 End of changes. 42 change blocks. 
65 lines changed or deleted 68 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/