Re: [dhcwg] proposal for new global options

"Bernie Volz (volz)" <> Tue, 24 June 2014 18:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B4C711B27CD for <>; Tue, 24 Jun 2014 11:51:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.151
X-Spam-Status: No, score=-15.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yA9LA2Mi0AUi for <>; Tue, 24 Jun 2014 11:51:32 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 769A51A039C for <>; Tue, 24 Jun 2014 11:51:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=19790; q=dns/txt; s=iport; t=1403635892; x=1404845492; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=DFv4/XF0tL3dcTuj4qPiXyROOQX50vLZEW8cmLWooHg=; b=DEQtTVjAsT3yYNnOOm5WkPL+azPli2OXDG7/lPElFo5B2D1aLkIDHA+c p7j7XiTL8KByYcNqvXNLCyYTYJoP3hFKqGGC9IWXxEFJ0+X+ZSuo/gE9z UXc8OKWUeLeeIjRetmesrw+ndtfNuhEqrjSOq7VRfRUSm0IPJ9IqDHMRy 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.01,539,1400025600"; d="scan'208,217";a="335327214"
Received: from ([]) by with ESMTP; 24 Jun 2014 18:51:31 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id s5OIpV5b007567 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 24 Jun 2014 18:51:31 GMT
Received: from ([]) by ([]) with mapi id 14.03.0123.003; Tue, 24 Jun 2014 13:51:31 -0500
From: "Bernie Volz (volz)" <>
To: Kent Watsen <>, "" <>
Thread-Topic: proposal for new global options
Thread-Index: AQHPj0dLXOlBjtd4002R4EH7rllsuZuAmbcQ
Date: Tue, 24 Jun 2014 18:51:30 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_489D13FBFA9B3E41812EA89F188F018E1B5D692Cxmbrcdx04ciscoc_"
MIME-Version: 1.0
Subject: Re: [dhcwg] proposal for new global options
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 24 Jun 2014 18:51:35 -0000

Here's my personal answer (DHC WG co-chair hat off):

1) Is there merit to this approach?  - any concerns?

I will punt on this one for now.

2) Should a separate draft be submitted to DHCWG, or can I put the IANA
requests into the NETCONF WG draft?

As these are just 'data options' (not protocol options), you can do this in the NETCONF WG draft. Please look at RFC 7227, Guidelines for Creating New DHCPv6 Options. These guidelines also generally apply to DHCPv4.

3) Is it necessary to define options for both IPv4 and IPv6?

Yes. If you want to support both DHCPv4 and DHCPv6, you would have to define separate DHCPv4 and DHCPv6 options.

Note that for downloading images, DHCPv4 and DHCPv6 already have options to support this. For example, the DHCPv6 document is RFC 5970. (The DHCPv4 is covered in RFC 2132 and isn't a URI.)

-          Bernie

From: dhcwg [] On Behalf Of Kent Watsen
Sent: Monday, June 23, 2014 8:58 PM
Subject: [dhcwg] proposal for new global options

[first timer on this list]

The NETCONF WG has recently chartered a draft for ZeroTouch.   I'm
currently working on draft-ietf-netconf-zerotouch-00, which hasn't been
posted yet, but the previous I-D is here:

This draft regards devices bootstrapping their management connection to a
network management system (NMS).   The draft currently states that devices
MAY upgrade their software and/or download initial configuration first,
but that how to do so is unspecified.  The expectation was that DHCPv4
options 60/61/43 or DHCPv6 options 1/16/17 could be used.   There was
discussion during the presentation in London regarding a desire to have an
IETF-defined solution that wasn't vendor-specific, which is what this
email regards.

The ZeroTouch solution assumes that the devices have an IEEE 802.1AR
(Secure Device Identity), essentially an X.509 certificate that uniquely
identifies it.   Assuming devices from different vendors have said
certificates, we can construct a vendor-independent solution as follows:

    - have DHCP server send in its OFFER message one option encoding two
      sets of URIs
         - one for downloading software image
         - one for downloading configuration file
     - specify that when device accesses any URI, it first postpends the
       fingerprint of its IEEE 802.1AR certificate, for instance:

Thus a vendor-neutral solution.


1) Is there merit to this approach?  - any concerns?
2) Should a separate draft be submitted to DHCWG, or can I put the IANA
requests into the NETCONF WG draft?
3) Is it necessary to define options for both IPv4 and IPv6?