Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-dhcpv4-active-leasequery-06: (with DISCUSS and COMMENT)
Kim Kinnear <kkinnear@cisco.com> Tue, 06 October 2015 18:13 UTC
Return-Path: <kkinnear@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CAC51A87D9; Tue, 6 Oct 2015 11:13:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3OuNgdbf2KMs; Tue, 6 Oct 2015 11:13:13 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6DDD1ACE9B; Tue, 6 Oct 2015 11:12:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11031; q=dns/txt; s=iport; t=1444155127; x=1445364727; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=c15OqidFl18MkWEMzr1yZtL3IBNo9j7MuBfnmfeZqp0=; b=cWFz9r7tNIiOtESuiDdSVytaXdGg4L3KzYmM0YOtAWHtknXXNQnjdC/I sSuh++uBCsuL741rWCK0+JFkjohPI4VCm02sOimu2qB5UOvPbHOhiL+Aj eDhSV7uwD0bxfmWArYQ5TZPYnp2wicrEPUYlgadN4HXjaNu4URuO4Lh+J I=;
X-IronPort-AV: E=Sophos;i="5.17,644,1437436800"; d="scan'208";a="605565837"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Oct 2015 18:12:05 +0000
Received: from dhcp-10-131-65-129.cisco.com (dhcp-10-131-65-129.cisco.com [10.131.65.129]) (authenticated bits=0) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id t96IBxEi021046 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 6 Oct 2015 18:12:03 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Kim Kinnear <kkinnear@cisco.com>
In-Reply-To: <CAHbuEH5nK=sFNbfpdAKFgpOY6RAD7DSKC5VE5HjSqQ3o_E+-eQ@mail.gmail.com>
Date: Tue, 06 Oct 2015 14:11:56 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A63D1E0-4257-40CC-BBA2-CC08C5B70892@cisco.com>
References: <20150930035228.20755.429.idtracker@ietfa.amsl.com> <19846C62-DF4F-402B-A7A6-9D2CE69BD9B3@cisco.com> <2BA9B2AC-116A-4FE5-BA17-AC8758B5C212@nostrum.com> <0F3826E4-13C7-4348-9271-5439A3304572@cisco.com> <C847544D-A1AE-4732-9BC6-1C5983A12527@nostrum.com> <6AE185BE-DC68-434E-B17E-0AFB8FE46B70@cisco.com> <CAHbuEH5nK=sFNbfpdAKFgpOY6RAD7DSKC5VE5HjSqQ3o_E+-eQ@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
X-Authenticated-User: kkinnear
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/8GcetTp9A-MZAG8Xkg7sCsEWfSw>
Cc: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>, "<dhcwg@ietf.org>" <dhcwg@ietf.org>, Kim Kinnear <kkinnear@cisco.com>
Subject: Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-dhcpv4-active-leasequery-06: (with DISCUSS and COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 18:13:16 -0000
Kathleen, Ben dropped his DISCUSS based on the response of the security AD's. Ben said (on Oct 1, 2015 4:37pm EDT) > Hi, thanks for the response-response :-) > > Based on your responses, and on discussion among the IESG on today's telechat, I will clear the discuss. Further comments inline. I've removed sections that don't seem to need further discussion. Unless I missed something, I think you've covered all my concerns. > > Thanks! > > Ben. In the same email... Ben said: >>> >>> To clarify, when I talk about MTI, I mean something to the effect of saying implementations "MUST implement the secure mode, and SHOULD [or MAY] implement the insecure mode" Kim said: >> >> Thanks for the clarification. I was not clear -- the >> reasoning for allowing insecure mode is the same as for not >> requiring implementation of secure mode. I expect that some >> implementations will not wish to implement secure mode at all, >> since all of their deployments will be targeted toward >> environments which are protected by more global protections. >> >> One use of Active leasequery is an alternative to providing a >> direct connection to the DHCP server's lease state database. >> We want to standardize Active Leasequery in such a way as to >> facilitate that sort of implementation (which makes insecure >> mode appropriate) as well implementations of the more >> distributed sort which require secure mode. Ben said: > > Thanks for the explanation. We discussed this on the telechat today, and the security ADs are okay without the secure mode being MTI. So I guess I am, as well. > Regards -- Kim On Oct 6, 2015, at 1:56 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: > I'm chiming in a little late, but I agree with Ben on his mTI comment. > I had noticed that as well when reading the draft, but was mostly okay > with the language. The draft didn't spell out MTI, but seemed to talk > more about MTU. MTI for secure mode would be good. I see the > security considerations section has an MTU focus. Where is the > statement in the list of changes that resulted from Ben's discuss? > I'm not able to pick it out easily (might just be me). > > Thanks, > Kathleen > > I'm not sure the SHOULD statement is enough, but if he's okay to clear... > > On Tue, Oct 6, 2015 at 1:39 PM, Kim Kinnear <kkinnear@cisco.com> wrote: >> >> Ben, et. al. >> >> I've submitted a new version of draft-ietf-dhc-dhcpv4-active-leasequery, >> with all of the changes to which I agreed during the review process. >> I've replied to Ben's email since he had the most comments, but I >> believe that I've covered them all. >> >> I've included an rfc diff with this email, and below you will find a >> list of the changes that I have made along with whose review prompted >> that change. >> >> Thank you all for your reviews. >> >> Regards -- Kim >> >> ------------------------- >> >> 1. Changed "recommendations in [RFC7525] SHOULD be followed" to >> "recommendation in [RFC7525] apply". Alissa Cooper >> >> 2. Added "Retries SHOULD NOT be more frequent than one every >> ACTIVE_LQ_IDLE_TIMEOUT. See Section 5.3." to the two places where >> we say "... the Requestor MAY retry." Ben Campbell, Spencer Dawkins >> >> 3. Added to Section 8.1: >> >> "If a connection is to be rejected because of a limitation of the >> number of open connections, the TCP connection itself should be >> rejected, or the subsequent ACTIVELEASEQUERY message should be >> rejected. Capacity related rejections SHOULD NOT affect the response >> to the DHCPTLS message." Spencer Dawkins >> >> 4. Moved the following paragraph to appear after a paragraph explaining >> how the server needs to ensure that a constant (albeit light) stream >> of messages flows from server to requestor: >> >> "If the stream of replies becomes blocked with no messages being >> received, the Requestor SHOULD terminate the connection after >> ACTIVE_LQ_RCV_TIMEOUT, and MAY begin retry processing if configured >> to do so." Spencer Dawkins >> >> 5. Added the following paragraph to section 7.1, General Processing: >> >> "Only one DHCPACTIVELEASEQUERY is allowed on any one TCP connection >> at a time. Parallel DHCPACTIVELEASEQUERY requests on the same TCP >> are no allowed." Spencer Dawkins >> >> 6. Added the following paragraph to section 9, Security Considerations: >> >> "Operating in insecure mode (see Section 8.1) does not provide any >> way to validate the authorization of requestors of a DHCPV4 Active >> Leasequery request." Ben Campbell >> >> 7. In section 7.2, Initiating a Connection, changed: >> >> "When operating in insecure mode, the requestor SHOULD proceed to send >> a DHCPACTIVELEASEQUERY request after the establishment of a TCP >> connection." >> >> to >> >> "When operating in insecure mode, the requestor sends a >> DHCPACTIVELEASEQUERY request after the establishment of a TCP >> connection." Ben Campbell >> >> 8. In section 7.2, Initiating a Connection, changed: >> >> "... the requestor SHOULD initiate the exchange ..." >> >> to >> >> "... the requestor initiates the exchange ..." Ben Campbell >> >> 9. In section 7.3, Forming an Active Leasequery, changed: >> >> "... the requestor SHOULD place this highest base-time value into >> a query-start-time option in the ..." >> >> to >> >> "... the requestor should place this highest base-time value into >> a query-start-time option in the ..." Ben Campbell >> >> 10. In section 7.3, Forming an Active Leasequery, changed: >> >> "Note that a DHCPACTIVELEASEQUERY request specifically requests the >> DHCPv4 server to create a long-lived connection which may not have >> data transferring continuously during its lifetime." >> >> to >> >> "Note that the connection resulting from accepting a DHCPACTIVELEASEQUERY >> request may be long-lived, and may not have data transferring >> continuously during its lifetime." Ben Campbell >> >> 11. In section 7.4, Processing Active Replies, changed: >> >> "This SHOULD be the last message on that connection, and once the >> message has been transmitted, the server SHOULD close the connection." >> >> to >> >> "This MUST be the last message on that connection, and once the >> message has been transmitted, the server MUST close the connection." >> Ben Campbell >> >> 12. In section 8.1, Accepting Connections, added the following: >> >> After: >> >> "Any options appearing in a DHCPTLS message received by a DHCPv4 >> server SHOULD be ignored." >> >> added: >> >> "Any options appearing in a DHCPTLS message received by a DHCPv4 >> server SHOULD be ignored. This is a SHOULD instead of a MUST >> in order to allow use of the DHCPTLS message in later documents, >> possibly with the use of options, without requiring those documents >> to update this document." Ben Campbell >> >> 13. In section 8.1, changed the following: >> >> "If for some reason the DHCPv4 server cannot or has been configured >> to not support a TLS connection, then it SHOULD send a DHCPTLS >> message with a dhcp-status-code of TLSConnectionRefused back to >> the requestor." >> >> to >> >> "If for some reason the DHCPv4 server cannot or has been configured >> to not support a TLS connection, then it sends a DHCPTLS >> message with a dhcp-status-code of TLSConnectionRefused back to >> the requestor." Ben Campbell >> >> 14. In section 8.1.1, changed the following: >> >> "In an update to the DHCPv4 Bulk Leasequery protocol <xref >> target="RFC6926"/> (which didn't discuss this situation explicitly), >> if the DHCPv4 server receives a DHCPv4 message containing a >> dhcp-message-type option with a value that is not supported over >> a TCP connection, it SHOULD close the TCP connection." >> >> to >> >> "In an update to the DHCPv4 Bulk Leasequery protocol <xref >> target="RFC6926"/> (which didn't discuss this situation explicitly), >> if the DHCPv4 server receives a DHCPv4 message containing a >> dhcp-message-type option with a value that is not supported over >> a TCP connection, it MUST close the TCP connection." Ben Campbell >> >> 15. In section 8.4, changed the following: >> >> "The sever MAY close its end of the TCP connection after sending its >> last message, a DHCPLEASEQUERYSTATUS message in response to a query." >> >> to >> >> "The sever MAY may end communication by sending a DHCPLEASEQUERYSTATUS >> message and then immediately closing the TCP connection." Ben Campbell >> >> 16. In section 7.3, moved the paragraph starting with: >> >> "Note that until all of the recent data (catch-up data) has been ..." >> >> after the subsquent paragraph. Ben Campbell >> >> 17. In section 8.2, replaced the paragraph beginning as follows: >> >> "Note that until all of the recent data (catch-up data) has been ..." >> >> with >> >> "The DHCPv4 server SHOULD keep track of previous binding >> activity. It SHOULD limit the amount of previous binding activity it >> keeps track of." Ben Campbell >> >> 18. Addd this explanation to section 9, Security Considerations: >> >> "Two modes of operation exist for this protocol, insecure mode and >> secure mode. These two modes exists because there are essentially >> two models of use for this protocol. In one model, the requestor >> of an Active Leasequery is connected to the internet in an arbitrary >> location, and the information transmitted needs to be protected >> during transmission. In addition, the identity of both requestor >> and server need to be verified. For this model of use, the secure >> mode is appropriate. >> >> The other model of use is where the requestor of the Active Leasequery >> resides in a network element that is essentially "next to" the >> element containing the DHCP server, and both of these elements are >> inside a protected environment. For this model, the insecure mode >> is sufficient since there are other, more global, protections in >> place to protect this information." >> >> and placed references to it in section 7.2, Initiating a Connection >> and section 8.1, Accepting Connections. >> >> Alissa Cooper >> >> 19. Three situations where statements with normative language were used >> which echoed other similar statements also using normative language were >> changed to not use normative language. References to the section of the >> document where the normative language remains were added. These >> changes were made in sections 3, 7.1, and 7.4.1. Ben Campbell >> >> > > > > -- > > Best regards, > Kathleen
- [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kim Kinnear
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kim Kinnear
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kim Kinnear
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kathleen Moriarty
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kim Kinnear
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kathleen Moriarty