IETF Logo Mail Archive

Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-dhcpv4-active-leasequery-06: (with DISCUSS and COMMENT)

Kim Kinnear <kkinnear@cisco.com> Tue, 06 October 2015 18:13 UTC

Return-Path: <kkinnear@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CAC51A87D9; Tue, 6 Oct 2015 11:13:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3OuNgdbf2KMs; Tue, 6 Oct 2015 11:13:13 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6DDD1ACE9B; Tue, 6 Oct 2015 11:12:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11031; q=dns/txt; s=iport; t=1444155127; x=1445364727; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=c15OqidFl18MkWEMzr1yZtL3IBNo9j7MuBfnmfeZqp0=; b=cWFz9r7tNIiOtESuiDdSVytaXdGg4L3KzYmM0YOtAWHtknXXNQnjdC/I sSuh++uBCsuL741rWCK0+JFkjohPI4VCm02sOimu2qB5UOvPbHOhiL+Aj eDhSV7uwD0bxfmWArYQ5TZPYnp2wicrEPUYlgadN4HXjaNu4URuO4Lh+J I=;
X-IronPort-AV: E=Sophos;i="5.17,644,1437436800"; d="scan'208";a="605565837"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Oct 2015 18:12:05 +0000
Received: from dhcp-10-131-65-129.cisco.com (dhcp-10-131-65-129.cisco.com [10.131.65.129]) (authenticated bits=0) by aer-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id t96IBxEi021046 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 6 Oct 2015 18:12:03 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Kim Kinnear <kkinnear@cisco.com>
In-Reply-To: <CAHbuEH5nK=sFNbfpdAKFgpOY6RAD7DSKC5VE5HjSqQ3o_E+-eQ@mail.gmail.com>
Date: Tue, 06 Oct 2015 14:11:56 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A63D1E0-4257-40CC-BBA2-CC08C5B70892@cisco.com>
References: <20150930035228.20755.429.idtracker@ietfa.amsl.com> <19846C62-DF4F-402B-A7A6-9D2CE69BD9B3@cisco.com> <2BA9B2AC-116A-4FE5-BA17-AC8758B5C212@nostrum.com> <0F3826E4-13C7-4348-9271-5439A3304572@cisco.com> <C847544D-A1AE-4732-9BC6-1C5983A12527@nostrum.com> <6AE185BE-DC68-434E-B17E-0AFB8FE46B70@cisco.com> <CAHbuEH5nK=sFNbfpdAKFgpOY6RAD7DSKC5VE5HjSqQ3o_E+-eQ@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
X-Authenticated-User: kkinnear
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/8GcetTp9A-MZAG8Xkg7sCsEWfSw>
Cc: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>, "<dhcwg@ietf.org>" <dhcwg@ietf.org>, Kim Kinnear <kkinnear@cisco.com>
Subject: Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-dhcpv4-active-leasequery-06: (with DISCUSS and COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 18:13:16 -0000

Kathleen,

Ben dropped his DISCUSS based on the response of the security AD's.

Ben said (on Oct 1, 2015 4:37pm EDT)

> Hi, thanks for the response-response :-)
> 
> Based on your responses, and on discussion among the IESG on today's telechat, I will clear the discuss. Further comments inline. I've removed sections that don't seem to need further discussion. Unless I missed something, I think you've covered all my concerns.
> 
> Thanks!
> 
> Ben.

In the same email...

Ben said:

>>> 
>>> To clarify, when I talk about MTI, I mean something to the effect of saying implementations "MUST implement the secure mode, and SHOULD [or MAY] implement the insecure mode"

Kim said:

>> 
>> 	Thanks for the clarification.  I was not clear -- the
>> 	reasoning for allowing insecure mode is the same as for not
>> 	requiring implementation of secure mode.  I expect that some
>> 	implementations will not wish to implement secure mode at all,
>> 	since all of their deployments will be targeted toward
>> 	environments which are protected by more global protections.
>> 
>> 	One use of Active leasequery is an alternative to providing a
>> 	direct connection to the DHCP server's lease state database.
>> 	We want to standardize Active Leasequery in such a way as to
>> 	facilitate that sort of implementation (which makes insecure
>> 	mode appropriate) as well implementations of the more
>> 	distributed sort which require secure mode.

Ben said:

> 
> Thanks for the explanation. We discussed this on the telechat today, and the security ADs are okay without the secure mode being MTI. So I guess I am, as well.
> 

Regards -- Kim


On Oct 6, 2015, at 1:56 PM, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:

> I'm chiming in a little late, but I agree with Ben on his mTI comment.
> I had noticed that as well when reading the draft, but was mostly okay
> with the language.  The draft didn't spell out MTI, but seemed to talk
> more about MTU.  MTI for secure mode would be good.  I see the
> security considerations section has an MTU focus.  Where is the
> statement in the list of changes that resulted from Ben's discuss?
> I'm not able to pick it out easily (might just be me).
> 
> Thanks,
> Kathleen
> 
> I'm not sure the SHOULD statement is enough, but if he's okay to clear...
> 
> On Tue, Oct 6, 2015 at 1:39 PM, Kim Kinnear <kkinnear@cisco.com> wrote:
>> 
>> Ben, et. al.
>> 
>> I've submitted a new version of draft-ietf-dhc-dhcpv4-active-leasequery,
>> with all of the changes to which I agreed during the review process.
>> I've replied to Ben's email since he had the most comments, but I
>> believe that I've covered them all.
>> 
>> I've included an rfc diff with this email, and below you will find a
>> list of the changes that I have made along with whose review prompted
>> that change.
>> 
>> Thank you all for your reviews.
>> 
>> Regards -- Kim
>> 
>> -------------------------
>> 
>> 1. Changed "recommendations in [RFC7525] SHOULD be followed" to
>> "recommendation in [RFC7525] apply".  Alissa Cooper
>> 
>> 2. Added "Retries SHOULD NOT be more frequent than one every
>> ACTIVE_LQ_IDLE_TIMEOUT.  See Section 5.3." to the two places where
>> we say "... the Requestor MAY retry."  Ben Campbell, Spencer Dawkins
>> 
>> 3. Added to Section 8.1:
>> 
>> "If a connection is to be rejected because of a limitation of the
>> number of open connections, the TCP connection itself should be
>> rejected, or the subsequent ACTIVELEASEQUERY message should be
>> rejected.  Capacity related rejections SHOULD NOT affect the response
>> to the DHCPTLS message." Spencer Dawkins
>> 
>> 4. Moved the following paragraph to appear after a paragraph explaining
>> how the server needs to ensure that a constant (albeit light) stream
>> of messages flows from server to requestor:
>> 
>> "If the stream of replies becomes blocked with no messages being
>> received, the Requestor SHOULD terminate the connection after
>> ACTIVE_LQ_RCV_TIMEOUT, and MAY begin retry processing if configured
>> to do so."  Spencer Dawkins
>> 
>> 5.  Added the following paragraph to section 7.1, General Processing:
>> 
>> "Only one DHCPACTIVELEASEQUERY is allowed on any one TCP connection
>> at a time.  Parallel DHCPACTIVELEASEQUERY requests on the same TCP
>> are no allowed."  Spencer Dawkins
>> 
>> 6. Added the following paragraph to section 9, Security Considerations:
>> 
>> "Operating in insecure mode (see Section 8.1) does not provide any
>> way to validate the authorization of requestors of a DHCPV4 Active
>> Leasequery request."  Ben Campbell
>> 
>> 7. In section 7.2, Initiating a Connection, changed:
>> 
>> "When operating in insecure mode, the requestor SHOULD proceed to send
>> a DHCPACTIVELEASEQUERY request after the establishment of a TCP
>> connection."
>> 
>> to
>> 
>> "When operating in insecure mode, the requestor sends a
>> DHCPACTIVELEASEQUERY request after the establishment of a TCP
>> connection."  Ben Campbell
>> 
>> 8. In section 7.2, Initiating a Connection, changed:
>> 
>> "... the requestor SHOULD initiate the exchange ..."
>> 
>> to
>> 
>> "... the requestor initiates the exchange ..." Ben Campbell
>> 
>> 9. In section 7.3, Forming an Active Leasequery, changed:
>> 
>> "... the requestor SHOULD place this highest base-time value into
>> a query-start-time option in the ..."
>> 
>> to
>> 
>> "... the requestor should place this highest base-time value into
>> a query-start-time option in the ..." Ben Campbell
>> 
>> 10. In section 7.3, Forming an Active Leasequery, changed:
>> 
>> "Note that a DHCPACTIVELEASEQUERY request specifically requests the
>> DHCPv4 server to create a long-lived connection which may not have
>> data transferring continuously during its lifetime."
>> 
>> to
>> 
>> "Note that the connection resulting from accepting a DHCPACTIVELEASEQUERY
>> request may be long-lived, and may not have data transferring
>> continuously during its lifetime." Ben Campbell
>> 
>> 11. In section 7.4, Processing Active Replies, changed:
>> 
>> "This SHOULD be the last message on that connection, and once the
>> message has been transmitted, the server SHOULD close the connection."
>> 
>> to
>> 
>> "This MUST be the last message on that connection, and once the
>> message has been transmitted, the server MUST close the connection."
>> Ben Campbell
>> 
>> 12. In section 8.1, Accepting Connections, added the following:
>> 
>> After:
>> 
>> "Any options appearing in a DHCPTLS message received by a DHCPv4
>> server SHOULD be ignored."
>> 
>> added:
>> 
>> "Any options appearing in a DHCPTLS message received by a DHCPv4
>> server SHOULD be ignored.  This is a SHOULD instead of a MUST
>> in order to allow use of the DHCPTLS message in later documents,
>> possibly with the use of options, without requiring those documents
>> to update this document." Ben Campbell
>> 
>> 13.  In section 8.1, changed the following:
>> 
>> "If for some reason the DHCPv4 server cannot or has been configured
>> to not support a TLS connection, then it SHOULD send a DHCPTLS
>> message with a dhcp-status-code of TLSConnectionRefused back to
>> the requestor."
>> 
>> to
>> 
>> "If for some reason the DHCPv4 server cannot or has been configured
>> to not support a TLS connection, then it sends a DHCPTLS
>> message with a dhcp-status-code of TLSConnectionRefused back to
>> the requestor."  Ben Campbell
>> 
>> 14. In section 8.1.1, changed the following:
>> 
>> "In an update to the DHCPv4 Bulk Leasequery protocol <xref
>> target="RFC6926"/> (which didn't discuss this situation explicitly),
>> if the DHCPv4 server receives a DHCPv4 message containing a
>> dhcp-message-type option with a value that is not supported over
>> a TCP connection, it SHOULD close the TCP connection."
>> 
>> to
>> 
>> "In an update to the DHCPv4 Bulk Leasequery protocol <xref
>> target="RFC6926"/> (which didn't discuss this situation explicitly),
>> if the DHCPv4 server receives a DHCPv4 message containing a
>> dhcp-message-type option with a value that is not supported over
>> a TCP connection, it MUST close the TCP connection."  Ben Campbell
>> 
>> 15. In section 8.4, changed the following:
>> 
>> "The sever MAY close its end of the TCP connection after sending its
>> last message, a DHCPLEASEQUERYSTATUS message in response to a query."
>> 
>> to
>> 
>> "The sever MAY may end communication by sending a DHCPLEASEQUERYSTATUS
>> message and then immediately closing the TCP connection." Ben Campbell
>> 
>> 16. In section 7.3, moved the paragraph starting with:
>> 
>> "Note that until all of the recent data (catch-up data) has been ..."
>> 
>> after the subsquent paragraph. Ben Campbell
>> 
>> 17. In section 8.2, replaced the paragraph beginning as follows:
>> 
>> "Note that until all of the recent data (catch-up data) has been ..."
>> 
>> with
>> 
>> "The DHCPv4 server SHOULD keep track of previous binding
>> activity.  It SHOULD limit the amount of previous binding activity it
>> keeps track of."  Ben Campbell
>> 
>> 18. Addd this explanation to section 9, Security Considerations:
>> 
>> "Two modes of operation exist for this protocol, insecure mode and
>> secure mode.  These two modes exists because there are essentially
>> two models of use for this protocol.  In one model, the requestor
>> of an Active Leasequery is connected to the internet in an arbitrary
>> location, and the information transmitted needs to be protected
>> during transmission.  In addition, the identity of both requestor
>> and server need to be verified.  For this model of use, the secure
>> mode is appropriate.
>> 
>> The other model of use is where the requestor of the Active Leasequery
>> resides in a network element that is essentially "next to" the
>> element containing the DHCP server, and both of these elements are
>> inside a protected environment.  For this model, the insecure mode
>> is sufficient since there are other, more global, protections in
>> place to protect this information."
>> 
>> and placed references to it in section 7.2, Initiating a Connection
>> and section 8.1, Accepting Connections.
>> 
>> Alissa Cooper
>> 
>> 19. Three situations where statements with normative language were used
>> which echoed other similar statements also using normative language were
>> changed to not use normative language.  References to the section of the
>> document where the normative language remains were added.  These
>> changes were made in sections 3, 7.1, and 7.4.1.  Ben Campbell
>> 
>> 
> 
> 
> 
> -- 
> 
> Best regards,
> Kathleen

v2.23.0 | Report a Bug | By Email