Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
"Templin, Fred L" <Fred.L.Templin@boeing.com> Thu, 25 August 2016 18:08 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E9D12D563 for <dhcwg@ietfa.amsl.com>; Thu, 25 Aug 2016 11:08:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YGqKDp95KlYg for <dhcwg@ietfa.amsl.com>; Thu, 25 Aug 2016 11:08:38 -0700 (PDT)
Received: from ewa-mbsout-01.mbs.boeing.net (ewa-mbsout-01.mbs.boeing.net [130.76.20.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2BED12D592 for <dhcwg@ietf.org>; Thu, 25 Aug 2016 11:08:37 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by ewa-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u7PI8bjH002649; Thu, 25 Aug 2016 11:08:37 -0700
Received: from XCH15-05-05.nw.nos.boeing.com (xch15-05-05.nw.nos.boeing.com [137.137.100.80]) by ewa-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u7PI8Y3K002612 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Thu, 25 Aug 2016 11:08:34 -0700
Received: from XCH15-05-05.nw.nos.boeing.com (2002:8989:6450::8989:6450) by XCH15-05-05.nw.nos.boeing.com (2002:8989:6450::8989:6450) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Thu, 25 Aug 2016 11:08:34 -0700
Received: from XCH15-05-05.nw.nos.boeing.com ([137.137.100.80]) by XCH15-05-05.nw.nos.boeing.com ([137.137.100.80]) with mapi id 15.00.1178.000; Thu, 25 Aug 2016 11:08:34 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Bernie Volz (volz)" <volz@cisco.com>
Thread-Topic: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
Thread-Index: AdHz4kyO7hzDfzYnSfqWBjHhBsGHFqBGDGeAgAA+lwCAAAn1AIAEKdgAgAH3pgCAAcHfgIABdYgAgAADMICAAPbYAIAGuH0AgAAcCACAAGAdAIAAvucAgAAFvoCAABCsgIAAAW4AgAANBwCgRB0kAL94U6OAgAB0uWD//7EwAIABOJWAgABgDKA=
Date: Thu, 25 Aug 2016 18:08:34 +0000
Message-ID: <d6f8ed9bdfc8461aa463e6542269ccda@XCH15-05-05.nw.nos.boeing.com>
References: <92dcf2e0cf08452caa5861f7258ea6c5@XCH15-05-05.nw.nos.boeing.com> <201608121919.u7CJJqcS056876@givry.fdupont.fr> <c5303eef3c124228825f32a40f229107@XCH-ALN-003.cisco.com> <ccaff4d4cb5c4eefb05eee0660c2611c@XCH15-05-05.nw.nos.boeing.com> <f46aa91e4cfb41b29dd2d8186f5959f8@XCH-ALN-003.cisco.com> <ba1c8ff573d7466b8c437373e05f1023@XCH15-05-05.nw.nos.boeing.com> <b65e1dd66b634240b3ca164b2c04c20a@XCH15-05-05.nw.nos.boeing.com> <CAJE_bqfb5sxOpkTEXkwZXckKBWof7U1-W6EFzCHk7ijnMjpMMA@mail.gmail.com> <5ec83aaf4e76497aa4b4d465483bdcf5@XCH15-05-05.nw.nos.boeing.com> <CAJE_bqeKqEgLVC2ZZyUCjsrPP5_suRJ8en2NC+g13Q5PyQL1iw@mail.gmail.com> <30c9413c4662476096ef087ac88f6314@XCH-ALN-003.cisco.com> <dc9d2c300d574732a12f7f366f6223c0@XCH15-05-11.nw.nos.boeing.com> <3A5F0B79-8C76-4E82-97E9-FA63657DE6C3@cisco.com> <CAJ3w4NdjgVxvnvuaWjGM=qtOe0qUq4N96fVXsbNrf=YkhiABbQ@mail.gmail.com> <2f45b99b50f84b1280e92ad824e39e26@XCH15-05-05.nw.nos.boeing.com> <9E9A9543-ECB0-4D99-A00F-1AAD813B6522@fugue.com> <091180442e44490ba451874d1543f814@XCH15-05-05.nw.nos.boeing.com> <CAPt1N1=pD7TBrU_NnuyGz61+CiUVp0JiyLLfMUKTz_dgnO59QQ@mail.gmail.com> <AF387F3E-1B64-4E5D-BAF7-EB5BF3ED1EB4@cisco.com>, <55dcbc0cd1484fffa264b18b2fc3322c@XCH15-05-05.nw.nos.boeing.com> <122453F6-3987-46D4-89EB-84AF99402BC3@cisco.com> <dd827ec92b874ad8a188b17f44392c54@XCH15-05-05.nw.nos.boeing.com>, <438d610f19da4f7aa39fb70a7dc11513@XCH15-05-05.nw.nos.boeing.com> <2279C5E3-0D51-4631-AFC9-DAF05339D21D@cisco.com>
In-Reply-To: <2279C5E3-0D51-4631-AFC9-DAF05339D21D@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.137.12.6]
Content-Type: multipart/alternative; boundary="_000_d6f8ed9bdfc8461aa463e6542269ccdaXCH150505nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/3RAcAM2Cj48sNOaCSm1o3jfE4To>
Cc: dhcwg <dhcwg@ietf.org>, Ted Lemon <mellon@fugue.com>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 18:08:40 -0000
Hi Bernie, VPN clients may need to configure their virtual interfaces over multiple underlying physical interfaces (e.g., WiFi, Cellular, SATCOM, etc.) - each with its own IP address. The relay then sees the client as a single network layer entity with multiple link-layer addresses. So, the client needs to have some way to tell the relay about its preferences for each of the underlying interfaces. The client does this by including an option with the preference values that the relay then needs to snoop in-the-clear, i.e., and not encrypted. Thanks - Fred fred.l.templin@boeing.com From: Bernie Volz (volz) [mailto:volz@cisco.com] Sent: Thursday, August 25, 2016 9:41 AM To: Templin, Fred L <Fred.L.Templin@boeing.com> Cc: dhcwg <dhcwg@ietf.org>; Ted Lemon <mellon@fugue.com> Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis) Please explain what else the relay needs to know. - Bernie (from iPhone) On Aug 25, 2016, at 9:34 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote: Hi, on further consideration RAAN options alone are not sufficient for my needs. For my needs, the relay has to be able to inspect the contents of both the client's messages to the server and the server's messages to the client. And, it is about more than just IA_NA and IA_PD. The use case is VPN clients connecting in to a secured home network then using DHCPv6 to obtain prefixes and/or addresses. So, the client comes in across a secured link where there is no concern for eavesdropping, but the client still needs to prove to the server that it is authorized to receive the requested addresses/prefixes. In that case, when we can say that the link is secured against eavesdropping, then there is a use case for authentication-only DHCPv6 security. Thanks - Fred fred.l.templin@boeing.com<mailto:fred.l.templin@boeing.com> From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Templin, Fred L Sent: Wednesday, August 24, 2016 12:51 PM To: Bernie Volz (volz) <volz@cisco.com<mailto:volz@cisco.com>> Cc: dhcwg <dhcwg@ietf.org<mailto:dhcwg@ietf.org>>; Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>> Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis) Can we dust this off and insert it back into the process? Thanks - Fred From: Bernie Volz (volz) [mailto:volz@cisco.com] Sent: Wednesday, August 24, 2016 12:46 PM To: Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> Cc: Ralph Droms (rdroms) <rdroms@cisco.com<mailto:rdroms@cisco.com>>; Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>; dhcwg <dhcwg@ietf.org<mailto:dhcwg@ietf.org>> Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis) Note that latest version of that draft is https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-agentopt-delegate-04. Also, 03 used the https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-srsn-option-02 draft to address out of order issues. Don't recall why 04 removed this and whether there were other issues still unresolved - though I think there were. Sadly there is no change log to indicate changes made in each rev, so we will need to review the email dialog and meeting minutes around the time of these drafts to determine open issues & how to move forward. I think interest died because cable (cmts) just started to snoop the client packets. This actually doesn't resolve out of order issues, though I think those have not caused any known problems. So while in theory they could be, in practice they are not. - Bernie (from iPhone) On Aug 24, 2016, at 11:26 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote: draft-draft-droms-dhc-dhcpv6-agentopt-delegate-00.txt
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Bernie Volz (volz)
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… 神明達哉
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… 神明達哉
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Bernie Volz (volz)
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Bernie Volz (volz)
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Francis Dupont
- [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc331… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Bernie Volz (volz)
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Lishan Li
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Ted Lemon
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Ted Lemon
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Ted Lemon
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Ralph Droms (rdroms)
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Bernie Volz (volz)
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Bernie Volz (volz)
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Ted Lemon
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Ted Lemon
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Ted Lemon
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Bernie Volz (volz)
- Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rf… Templin, Fred L