Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-10.txt
神明達哉 <jinmei@wide.ad.jp> Mon, 18 January 2016 18:42 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA9281B3B7E; Mon, 18 Jan 2016 10:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PM_56NHAzIEZ; Mon, 18 Jan 2016 10:42:13 -0800 (PST)
Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A496D1B3B32; Mon, 18 Jan 2016 10:42:13 -0800 (PST)
Received: by mail-ig0-x235.google.com with SMTP id z14so61282136igp.1; Mon, 18 Jan 2016 10:42:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=U7uW1gaOZOVDogCpnNuWZ7gGKvnC+k+f9NN/pGvUaDA=; b=Ee46EncYNvHgbCMebUmnI+QRbvaGTa6V6j0Lyttrxal3c1sWnh6q5Nw+recuFyHtnj qAFDMP2wW45WXMRGBwcI+56UaVhJ+O3PyCUQQvdvx1hzkY+VAhbGY6A/Okx2F5+BK1mD hmkRXjudvlKuqQKnehzZzXMMxqIgYdgTNsqXu32pWOG/IqRWy0AEm8r9LH9oLYpKxtsa 990xf4lmkv9y/Aaqcoptibg0+tt/iRx9AFjmylSHtdaAH4SimjDfSD0pygwPaNzbZhcT kyH1MY6g0Z7AnaaQtIAdM994qZQlpWptEk5+whT37BPg57z5vCUtpqstXwujjpGkEgLK bn3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=U7uW1gaOZOVDogCpnNuWZ7gGKvnC+k+f9NN/pGvUaDA=; b=LC8XYYtaiEoZX0UBfRnEc0TDTy6qcsUFANVgIjpEaFsyvwLXWj1D0D4602takbr7AL w87IxGywbiBv45rTXDtffwIjpVf7PpU/eovmda2j8kx0YzVvUTfJ7bg8zh1dfcVFRMeW VSZwDTAXINWVUN2mvNU2ur+fGqwehBLPOf2kE9fRELLKFiFurLs2QE7BzLZO6ZVHhuIw 9PFByuMVAFOV0reNvQToO6GrBWphorH1jdi3TSN2vS4ClQUif5zk9t0FKO9x2twxUv0L dP6tn1Ha+8CEutUEht+knYeAkinGTAroVt0a2dBNKHx3/LOlNVA7nsnfCj5do+CmNKB8 Jv8A==
X-Gm-Message-State: AG10YOQaJ0w2+yN+l80muw5T1Lm7JFxJbVidobeVUtJTP6nzEJ1W+rtdjeEXHafA3m5eMFk3+SRAv1kJnfrjXw==
MIME-Version: 1.0
X-Received: by 10.50.111.111 with SMTP id ih15mr12413079igb.78.1453142533102; Mon, 18 Jan 2016 10:42:13 -0800 (PST)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.129.80 with HTTP; Mon, 18 Jan 2016 10:42:13 -0800 (PST)
In-Reply-To: <CAJ3w4NermaJtDzf3V4+WQcpJ5kEdWX6RQ9CyWiFmOmKw8+QZSQ@mail.gmail.com>
References: <CAJE_bqdZTc57BGzVq8-EaOa7kT2ME9_3bXNKFr0WGk_MzLNOBQ@mail.gmail.com> <CAJ3w4NermaJtDzf3V4+WQcpJ5kEdWX6RQ9CyWiFmOmKw8+QZSQ@mail.gmail.com>
Date: Mon, 18 Jan 2016 10:42:13 -0800
X-Google-Sender-Auth: vfjBN3OA5XRHV-1PVJ0Zm2_Q-0Q
Message-ID: <CAJE_bqeDkqhzrcKVcfPjxsVh4s5mdM3BdW1YFeOscFMmNvEZMQ@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Lishan Li <lilishan48@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/-tZBpeMs-EiVyMm0MLBpj3dFYNI>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, draft-ietf-dhc-sedhcpv6@ietf.org
Subject: Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-10.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2016 18:42:15 -0000
I'm going to answer one specific point first, as I think that's most substantial and requires explicit attention from other wg members. At Sun, 17 Jan 2016 17:11:18 +0800, Lishan Li <lilishan48@gmail.com> wrote: > > - this protocol changes DHCPv6 message exchanges quite substantially: > > previously, the client first sends a Solicit message, gets possibly > > multiple Advertise messages, chooses the server (= sender of one of > > the Advertises) that would be best for the client, and then sends a > > Request to that chosen server. Now the server selection is done at > > the key exchange phase (the initial Information-request and Reply > > exchange), and the Solicit can be sent only to a single server. If > > the client doesn't like the Advertise it could restart the whole > > process, but it will be more expensive, and there's no guarantee > > that other servers can provide a better Advertise. > > > > One might argue that it's okay as "secure DHCPv6" is an "optional" > > extension. But, with keeping in mind that the current IETF trend is > > to make everything privacy-aware (often by making everything > > encrypted), I'd personally say we should consider it to be the > > standard mode of DHCPv6 operation even if users can still disable > > it. From this point of view, I think we should either > > A. make the server selection behavior more compatible with the > > pre-encryption protocol, or > > B. accept we give up the previous server selection feature for > > privacy (after careful assessment of its effect and with clear wg > > consensus), and explicitly note that. we might even have to > > reflect that in rfc3315bis. > > > > [LS]: In my opinion, we should give up the previous server selection > feature for > privacy. Compared with rfc3315 and rfc3315bits, secure DHCPv6 is another > mode. rfc3315bis is clear-text mode. And the secure DHCPv6 is secure mode > which achieves authentication and encryption. The server selection feature > and configuration process are all different. And I think it is not > necessary > to reflect the character of secure DHCPv6 mode in rfc3315bis. Looking > forward > to your further guidance. This basically seems to be what "one might argue" in my original comment, so, obviously, I personally disagree on that rationale. But I wouldn't be surprised if the wg reaches to a different consensus than my personal opinion, so I suggest you start a separate discussion on this to form the consensus. -- JINMEI, Tatuya
- [dhcwg] comments on draft-ietf-dhc-sedhcpv6-10.txt 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Bernie Volz (volz)
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉