Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Thu, 25 August 2016 18:08 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E9D12D563 for <dhcwg@ietfa.amsl.com>; Thu, 25 Aug 2016 11:08:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YGqKDp95KlYg for <dhcwg@ietfa.amsl.com>; Thu, 25 Aug 2016 11:08:38 -0700 (PDT)
Received: from ewa-mbsout-01.mbs.boeing.net (ewa-mbsout-01.mbs.boeing.net [130.76.20.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2BED12D592 for <dhcwg@ietf.org>; Thu, 25 Aug 2016 11:08:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by ewa-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u7PI8bjH002649; Thu, 25 Aug 2016 11:08:37 -0700
Received: from XCH15-05-05.nw.nos.boeing.com (xch15-05-05.nw.nos.boeing.com [137.137.100.80]) by ewa-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u7PI8Y3K002612 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Thu, 25 Aug 2016 11:08:34 -0700
Received: from XCH15-05-05.nw.nos.boeing.com (2002:8989:6450::8989:6450) by XCH15-05-05.nw.nos.boeing.com (2002:8989:6450::8989:6450) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Thu, 25 Aug 2016 11:08:34 -0700
Received: from XCH15-05-05.nw.nos.boeing.com ([137.137.100.80]) by XCH15-05-05.nw.nos.boeing.com ([137.137.100.80]) with mapi id 15.00.1178.000; Thu, 25 Aug 2016 11:08:34 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Bernie Volz (volz)" <volz@cisco.com>
Thread-Topic: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
Thread-Index: AdHz4kyO7hzDfzYnSfqWBjHhBsGHFqBGDGeAgAA+lwCAAAn1AIAEKdgAgAH3pgCAAcHfgIABdYgAgAADMICAAPbYAIAGuH0AgAAcCACAAGAdAIAAvucAgAAFvoCAABCsgIAAAW4AgAANBwCgRB0kAL94U6OAgAB0uWD//7EwAIABOJWAgABgDKA=
Date: Thu, 25 Aug 2016 18:08:34 +0000
Message-ID: <d6f8ed9bdfc8461aa463e6542269ccda@XCH15-05-05.nw.nos.boeing.com>
References: <92dcf2e0cf08452caa5861f7258ea6c5@XCH15-05-05.nw.nos.boeing.com> <201608121919.u7CJJqcS056876@givry.fdupont.fr> <c5303eef3c124228825f32a40f229107@XCH-ALN-003.cisco.com> <ccaff4d4cb5c4eefb05eee0660c2611c@XCH15-05-05.nw.nos.boeing.com> <f46aa91e4cfb41b29dd2d8186f5959f8@XCH-ALN-003.cisco.com> <ba1c8ff573d7466b8c437373e05f1023@XCH15-05-05.nw.nos.boeing.com> <b65e1dd66b634240b3ca164b2c04c20a@XCH15-05-05.nw.nos.boeing.com> <CAJE_bqfb5sxOpkTEXkwZXckKBWof7U1-W6EFzCHk7ijnMjpMMA@mail.gmail.com> <5ec83aaf4e76497aa4b4d465483bdcf5@XCH15-05-05.nw.nos.boeing.com> <CAJE_bqeKqEgLVC2ZZyUCjsrPP5_suRJ8en2NC+g13Q5PyQL1iw@mail.gmail.com> <30c9413c4662476096ef087ac88f6314@XCH-ALN-003.cisco.com> <dc9d2c300d574732a12f7f366f6223c0@XCH15-05-11.nw.nos.boeing.com> <3A5F0B79-8C76-4E82-97E9-FA63657DE6C3@cisco.com> <CAJ3w4NdjgVxvnvuaWjGM=qtOe0qUq4N96fVXsbNrf=YkhiABbQ@mail.gmail.com> <2f45b99b50f84b1280e92ad824e39e26@XCH15-05-05.nw.nos.boeing.com> <9E9A9543-ECB0-4D99-A00F-1AAD813B6522@fugue.com> <091180442e44490ba451874d1543f814@XCH15-05-05.nw.nos.boeing.com> <CAPt1N1=pD7TBrU_NnuyGz61+CiUVp0JiyLLfMUKTz_dgnO59QQ@mail.gmail.com> <AF387F3E-1B64-4E5D-BAF7-EB5BF3ED1EB4@cisco.com>, <55dcbc0cd1484fffa264b18b2fc3322c@XCH15-05-05.nw.nos.boeing.com> <122453F6-3987-46D4-89EB-84AF99402BC3@cisco.com> <dd827ec92b874ad8a188b17f44392c54@XCH15-05-05.nw.nos.boeing.com>, <438d610f19da4f7aa39fb70a7dc11513@XCH15-05-05.nw.nos.boeing.com> <2279C5E3-0D51-4631-AFC9-DAF05339D21D@cisco.com>
In-Reply-To: <2279C5E3-0D51-4631-AFC9-DAF05339D21D@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.137.12.6]
Content-Type: multipart/alternative; boundary="_000_d6f8ed9bdfc8461aa463e6542269ccdaXCH150505nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/3RAcAM2Cj48sNOaCSm1o3jfE4To>
Cc: dhcwg <dhcwg@ietf.org>, Ted Lemon <mellon@fugue.com>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 18:08:40 -0000

Hi Bernie,

VPN clients may need to configure their virtual interfaces over multiple
underlying physical interfaces (e.g., WiFi, Cellular, SATCOM, etc.) - each
with its own IP address. The relay then sees the client as a single network
layer entity with multiple link-layer addresses. So, the client needs to
have some way to tell the relay about its preferences for each of the
underlying interfaces. The client does this by including an option with the
preference values that the relay then needs to snoop in-the-clear,
i.e., and not encrypted.

Thanks - Fred
fred.l.templin@boeing.com

From: Bernie Volz (volz) [mailto:volz@cisco.com]
Sent: Thursday, August 25, 2016 9:41 AM
To: Templin, Fred L <Fred.L.Templin@boeing.com>
Cc: dhcwg <dhcwg@ietf.org>; Ted Lemon <mellon@fugue.com>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)

Please explain what else the relay needs to know.

- Bernie (from iPhone)

On Aug 25, 2016, at 9:34 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
Hi, on further consideration RAAN options alone are not sufficient for my
needs. For my needs, the relay has to be able to inspect the contents of
both the client's messages to the server and the server's messages to
the client. And, it is about more than just IA_NA and IA_PD.

The use case is VPN clients connecting in to a secured home network then
using DHCPv6 to obtain prefixes and/or addresses. So, the client comes in
across a secured link where there is no concern for eavesdropping, but
the client still needs to prove to the server that it is authorized to receive
the requested addresses/prefixes.

In that case, when we can say that the link is secured against eavesdropping,
then there is a use case for authentication-only DHCPv6 security.

Thanks - Fred
fred.l.templin@boeing.com<mailto:fred.l.templin@boeing.com>

From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Templin, Fred L
Sent: Wednesday, August 24, 2016 12:51 PM
To: Bernie Volz (volz) <volz@cisco.com<mailto:volz@cisco.com>>
Cc: dhcwg <dhcwg@ietf.org<mailto:dhcwg@ietf.org>>; Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)

Can we dust this off and insert it back into the process?

Thanks - Fred

From: Bernie Volz (volz) [mailto:volz@cisco.com]
Sent: Wednesday, August 24, 2016 12:46 PM
To: Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>>
Cc: Ralph Droms (rdroms) <rdroms@cisco.com<mailto:rdroms@cisco.com>>; Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>; dhcwg <dhcwg@ietf.org<mailto:dhcwg@ietf.org>>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)

Note that latest version of that draft is https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-agentopt-delegate-04.

Also, 03 used the https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-srsn-option-02 draft to address out of order issues. Don't recall why 04 removed this and whether there were other issues still unresolved - though I think there were.

Sadly there is no change log to indicate changes made in each rev, so we will need to review the email dialog and meeting minutes around the time of these drafts to determine open issues & how to move forward. I think interest died because cable (cmts) just started to snoop the client packets. This actually doesn't resolve out of order issues, though I think those have not caused any known problems. So while in theory they could be, in practice they are not.
- Bernie (from iPhone)

On Aug 24, 2016, at 11:26 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
draft-draft-droms-dhc-dhcpv6-agentopt-delegate-00.txt