Re: [dhcwg] [Int-dir] Review of draft-ietf-dhc-relay-server-security-02

Suresh Krishnan <suresh.krishnan@ericsson.com> Wed, 01 February 2017 19:56 UTC

Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CBE1129571; Wed, 1 Feb 2017 11:56:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F_p1qcLQ2-GD; Wed, 1 Feb 2017 11:56:57 -0800 (PST)
Received: from usplmg20.ericsson.net (usplmg20.ericsson.net [198.24.6.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C419912955A; Wed, 1 Feb 2017 11:56:57 -0800 (PST)
X-AuditID: c618062d-ab7ff70000007359-5e-589244c511cf
Received: from EUSAAHC007.ericsson.se (Unknown_Domain [147.117.188.93]) by (Symantec Mail Security) with SMTP id 0D.66.29529.5C442985; Wed, 1 Feb 2017 21:27:52 +0100 (CET)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC007.ericsson.se ([147.117.188.93]) with mapi id 14.03.0319.002; Wed, 1 Feb 2017 14:56:54 -0500
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: Jouni Korhonen <jouni.nospam@gmail.com>
Thread-Topic: [dhcwg] [Int-dir] Review of draft-ietf-dhc-relay-server-security-02
Thread-Index: AQHSd5+97/nhpHQdmkuMjdpvr7SJ/6FK4VKAgAA2QQCAAFA2gIAAAySAgAAGBQCAAAf2AIABoSWAgAaNEwA=
Date: Wed, 01 Feb 2017 19:56:53 +0000
Message-ID: <B9CFAC1C-F560-43F1-B50D-C0E2C56BF292@ericsson.com>
References: <148541310715.6205.3276873953603821357.idtracker@ietfa.amsl.com> <ff898bc0-81ce-7598-c3f3-2e114d30df30@gmail.com> <e996599692ff4584b8ace30a36ea6881@XCH-ALN-003.cisco.com> <B3CE8C9D-C20C-4FAB-9054-0F09B2B87F63@gmail.com> <C099032E-F538-43AD-970F-F71A1A9E15D8@fugue.com> <367DE531-AF9C-40A3-8B1F-5F595D804023@gmail.com> <519FB5EF-52B0-4DEA-B670-2D2593C3FB66@fugue.com> <6DA7EAEF-C226-43E2-800A-9C3CB7F9FB6D@gmail.com>
In-Reply-To: <6DA7EAEF-C226-43E2-800A-9C3CB7F9FB6D@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.11]
Content-Type: multipart/signed; boundary="Apple-Mail=_E5981C9E-17BD-4CC2-92BD-FF0A454608A6"; protocol="application/pkcs7-signature"; micalg="sha1"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrOIsWRmVeSWpSXmKPExsUyuXRPrO4Jl0kRBj9nilrc7WhhtHg1YRe7 xaMr3SwW+9c1MFm8fhJq8WbNESaL/dcWMFksn6HpwOEx5fdGVo+mC8vYPXbOusvusWTJT6YA ligum5TUnMyy1CJ9uwSujIYXc1gL9tpUHF5Z2MA4w6KLkZNDQsBE4sX8XexdjFwcQgLrGSUm bT0D5SxjlNh17iYLSBUbUNWGnZ+Zuhg5OEQEtCWWbxADqWEWOMck0dh1nQmkRlggSOLeqnls ILaIQLDE0b+9zBB2ksSpBRvAbBYBFYktL3eD1fMK2EvMX3mVDWLZTmaJpVfOgi3gFLCVWH7c FaSGUUBM4vupNWD1zALiEreezGeCuFpE4uHF02wQtqjEy8f/WCFsJYmPv+ezQxw3hVHi965v bBDLBCVOznzCMoFRZBaSWbOQ1c1CUgdRpC2xbOFrZghbU2J/93KouKnE66MfGSFsa4kZvw6y QdiKElO6H7IvYORYxchRWlyQk5tuZLCJERilxyTYdHcw3p/ueYhRgINRiYfXwGBShBBrYllx Ze4hRhWg1kcbVl9glGLJy89LVRLhZbAESvOmJFZWpRblxxeV5qQWH2KU5mBREueNW30/XEgg PbEkNTs1tSC1CCbLxMEp1cB41JOx3uS8uumN9+5flnPIqLfnpuoIyRX4th86+tdm7fK9/RJ5 n9h078931a8Iy3w5e5r4j1VFRoyHHj015A09r8vet6LmkWXT9NXvikIcFr6YstBzedIewf4p vVqtZpLTa3aWNagsEZhfkF0o9/5K6oaHut7T23X3zZok8yrhU9ze2IBQxVAlluKMREMt5qLi RADH2XTN2gIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/6KFrbqbP6V6Bf-bI0OfYspd96Fs>
Cc: Bernie Volz <volz@cisco.com>, "int-dir@ietf.org" <int-dir@ietf.org>, Ted Lemon <mellon@fugue.com>, Jouni Korhonen <jounikor@gmail.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-relay-server-security.all@ietf.org" <draft-ietf-dhc-relay-server-security.all@ietf.org>
Subject: Re: [dhcwg] [Int-dir] Review of draft-ietf-dhc-relay-server-security-02
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2017 19:56:59 -0000

Hi Jouni,
  Thanks for the review. 

> On Jan 27, 2017, at 3:20 PM, jouni.nospam <jouni.nospam@gmail.com> wrote:
> 
> 
>> On Jan 26, 2017, at 11:27 AM, Ted Lemon <mellon@fugue.com> wrote:
>> 
>> On Jan 26, 2017, at 1:58 PM, jouni.nospam <jouni.nospam@gmail.com> wrote:
>>> No. But in this case there are pieces of text that change specific places in the original document from SHOULDs to MUSTs, musts to MUSTs, and adds few pieces of new stuff, etc. Now how that in not updating? Changes or “extensions” like that would be nice to follow from the base document.
>> 
>> Okay, I see your point.   But suppose the document were changed so that rather than "updating" the document as you suggest, it simply referenced the sections in question and then made the SHOULDs into MUSTs that way?   Wouldn't that mean "implementations of this extension MUST," and wouldn't that be perfectly reasonable?
>> 
> 
> I would still argue that it updates specifically if the document here is going to be standards track. If this document here would be more of a recommendation e.g., BCP I would be fine without the “updating” part (as I remember the MUST for IPsec in RFC3315bis was not endorsed by the WG).

I think the other two items in your review need to be fixed. But I have a slightly different take on this specific issue. In my view this document needs to stay on Standards track, and it should be made clear that it is an (optional) extension to RFC3315. This allows people who have implemented encryption for server-relay communications to claim compliance to RFC3315 and this document. For RFC3315bis, I think it should be discussed in the WG whether to mandate encryption or not as there are backward compatibility related considerations to be made.

Regards
Suresh