[dhcwg] proposal for new global options
Kent Watsen <kwatsen@juniper.net> Tue, 24 June 2014 00:57 UTC
Return-Path: <kwatsen@juniper.net>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4A1F1A0503 for <dhcwg@ietfa.amsl.com>; Mon, 23 Jun 2014 17:57:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jHg_BhTPHO8W for <dhcwg@ietfa.amsl.com>; Mon, 23 Jun 2014 17:57:41 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0141.outbound.protection.outlook.com [207.46.163.141]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B24CA1A049C for <dhcwg@ietf.org>; Mon, 23 Jun 2014 17:57:40 -0700 (PDT)
Received: from CO1PR05MB458.namprd05.prod.outlook.com (10.141.72.140) by CO1PR05MB458.namprd05.prod.outlook.com (10.141.72.140) with Microsoft SMTP Server (TLS) id 15.0.969.15; Tue, 24 Jun 2014 00:57:39 +0000
Received: from CO1PR05MB458.namprd05.prod.outlook.com ([169.254.10.23]) by CO1PR05MB458.namprd05.prod.outlook.com ([169.254.10.23]) with mapi id 15.00.0969.007; Tue, 24 Jun 2014 00:57:39 +0000
From: Kent Watsen <kwatsen@juniper.net>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: proposal for new global options
Thread-Index: AQHPj0dLXOlBjtd4002R4EH7rllsuQ==
Date: Tue, 24 Jun 2014 00:57:38 +0000
Message-ID: <CFCE453F.78652%kwatsen@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.1.140326
x-originating-ip: [66.129.241.13]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 02524402D6
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(164054003)(479174003)(199002)(189002)(50986999)(87936001)(54356999)(85306003)(85852003)(106356001)(21056001)(2656002)(83506001)(15395725005)(80022001)(99396002)(83072002)(81542001)(105586002)(31966008)(15975445006)(74662001)(81342001)(16236675004)(101416001)(106116001)(20776003)(83322001)(66066001)(36756003)(19580395003)(64706001)(46102001)(15202345003)(95666004)(99286002)(79102001)(74502001)(77982001)(76482001)(77096002)(92726001)(86362001)(92566001)(4396001); DIR:OUT; SFP:; SCL:1; SRVR:CO1PR05MB458; H:CO1PR05MB458.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_CFCE453F78652kwatsenjunipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/2TTPZGONfy5Q2sdQQf1NGhDnO7k
Subject: [dhcwg] proposal for new global options
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2014 00:57:45 -0000
[first timer on this list] The NETCONF WG has recently chartered a draft for ZeroTouch. I'm currently working on draft-ietf-netconf-zerotouch-00, which hasn't been posted yet, but the previous I-D is here: http://datatracker.ietf.org/doc/draft-kwatsen-netconf-zerotouch/. This draft regards devices bootstrapping their management connection to a network management system (NMS). The draft currently states that devices MAY upgrade their software and/or download initial configuration first, but that how to do so is unspecified. The expectation was that DHCPv4 options 60/61/43 or DHCPv6 options 1/16/17 could be used. There was discussion during the presentation in London regarding a desire to have an IETF-defined solution that wasn't vendor-specific, which is what this email regards. The ZeroTouch solution assumes that the devices have an IEEE 802.1AR (Secure Device Identity), essentially an X.509 certificate that uniquely identifies it. Assuming devices from different vendors have said certificates, we can construct a vendor-independent solution as follows: - have DHCP server send in its OFFER message one option encoding two sets of URIs - one for downloading software image - one for downloading configuration file - specify that when device accesses any URI, it first postpends the fingerprint of its IEEE 802.1AR certificate, for instance: - http://example.com/zerotouch/image?device=<fingerprint> - http://example.com/zerotouch/config?device=<fingerprint> Thus a vendor-neutral solution. Questions: 1) Is there merit to this approach? - any concerns? 2) Should a separate draft be submitted to DHCWG, or can I put the IANA requests into the NETCONF WG draft? 3) Is it necessary to define options for both IPv4 and IPv6? Thanks, Kent
- [dhcwg] proposal for new global options Kent Watsen
- Re: [dhcwg] proposal for new global options Bernie Volz (volz)