IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023

Daryll Swer <contact@daryllswer.com> Tue, 09 January 2024 07:03 UTC

Return-Path: <contact@daryllswer.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49052C31A617 for <dhcwg@ietfa.amsl.com>; Mon, 8 Jan 2024 23:03:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.105
X-Spam-Level:
X-Spam-Status: No, score=-7.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=daryllswer.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HRYye0Ih_MZ6 for <dhcwg@ietfa.amsl.com>; Mon, 8 Jan 2024 23:03:05 -0800 (PST)
Received: from mail-pf1-x42c.google.com (mail-pf1-x42c.google.com [IPv6:2607:f8b0:4864:20::42c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4285DC31A635 for <dhcwg@ietf.org>; Mon, 8 Jan 2024 23:03:04 -0800 (PST)
Received: by mail-pf1-x42c.google.com with SMTP id d2e1a72fcca58-6da9c834646so2187070b3a.3 for <dhcwg@ietf.org>; Mon, 08 Jan 2024 23:03:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daryllswer.com; s=google; t=1704783784; x=1705388584; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ITyncVTt4O2RTkQKi3Tr9Rq9xFgq/DW/Ch9SsSTJO/Y=; b=kCBqAXF5uokAlMnb3Rb7qPkNs3kQ4xUVl4CFQ1PdqSeI9eNr/XKny0j8X53YaTMA0a 6H9oc2Zqvipx0dvxaKDGRD1fIUTwpQo3g6VaKNq33c4q3yp0duxSF1L/hWCgQNoZn0mU BzCAw4/poIjPTwSM0uYstBpqa5CZthZlWVnMzWGtub3pTRsroOWcBzu2DmwZhLPkQ8gj CSrqKxSF9ieanpJ2iFwPGqtQ9o6QBVcIWFEsJVcLPidd5Go1ikw2gGlM0Q6njV8LST88 U34NXiUK9SKaDWfoEkgllB6hiwNYnnuycEklguXuGaCea9U+84TuZ1hEGpHg6zxooHIw pSfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704783784; x=1705388584; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ITyncVTt4O2RTkQKi3Tr9Rq9xFgq/DW/Ch9SsSTJO/Y=; b=cDAQv+hTNEYYJRmdSA+Yv1/N3azOd4X5jGGWy/hiSvOP91sKSNOxc5qt0BoC6Up9ok qWW7JFbtCckK1K4C1SGmUWqR+dG4en8oBmmnwYHGk+vx/306g3FKb4J+kiORakT3NbVp rGMEft9dh2ZLdG5xZ/wWVFgFxXMlPlPir4fcj4KX6SgfE6kwdDNFcxOE7OL7a9YmPDOm IhIdYBz3wPooXykqnDi9QU7/8w8Co38s0lQRyX41smVSCabuXXAhnxBuXLm4+yr57p19 cSIgkPq2atjkRE8Zfk8gvb/s0CBZCxVlDZifV4HzZssqxGWRfAYBctO9hkjJAVG40RCh d0eQ==
X-Gm-Message-State: AOJu0YwjkBghsJxuk0/wuPbvKUEl2rg/CekqwMS2/qVVMYPp0rc65adX LsBjCfB3NQVBBic3L0hDnjBh+D8TE/lk8P/w2Ae8xtMDhvT5Zw==
X-Google-Smtp-Source: AGHT+IFL0gJdfKFmoANR+mflWFURsTII+IKJ5G5+7No5TlhuORRPwBxtvUfAtvBKV+c/PAsxumE79Q==
X-Received: by 2002:a05:6a00:1483:b0:6db:c7a:be2a with SMTP id v3-20020a056a00148300b006db0c7abe2amr511881pfu.31.1704783783956; Mon, 08 Jan 2024 23:03:03 -0800 (PST)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com. [209.85.210.177]) by smtp.gmail.com with ESMTPSA id o8-20020a056a001b4800b006d977f70cd5sm948478pfv.23.2024.01.08.23.03.03 for <dhcwg@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 08 Jan 2024 23:03:03 -0800 (PST)
Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-6da9c834646so2187055b3a.3 for <dhcwg@ietf.org>; Mon, 08 Jan 2024 23:03:03 -0800 (PST)
X-Received: by 2002:a05:6a20:728b:b0:199:fdd3:7b34 with SMTP id o11-20020a056a20728b00b00199fdd37b34mr146007pzk.49.1704783783185; Mon, 08 Jan 2024 23:03:03 -0800 (PST)
MIME-Version: 1.0
References: <CACyFTPE0+aV35JgVCL62T3NKL_tFkxuvM=Wfq0xpcw5_Ra-u_A@mail.gmail.com> <15477.1703435979@localhost> <CAKD1Yr2TSv7cTVVDDj6sxjVY++PN-iybg3g7N3BM3vFWCU=YMg@mail.gmail.com>
In-Reply-To: <CAKD1Yr2TSv7cTVVDDj6sxjVY++PN-iybg3g7N3BM3vFWCU=YMg@mail.gmail.com>
From: Daryll Swer <contact@daryllswer.com>
Date: Tue, 09 Jan 2024 12:32:22 +0530
X-Gmail-Original-Message-ID: <CACyFTPHhMogj5iNqex9mqYA7GWONHqc+39AkCgJUyYEu3rUyWA@mail.gmail.com>
Message-ID: <CACyFTPHhMogj5iNqex9mqYA7GWONHqc+39AkCgJUyYEu3rUyWA@mail.gmail.com>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, dhcwg@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d0d406060e7de78d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/9Tt9eXugHlF3NjM6zuX7_aDZGJ0>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2024 07:03:09 -0000

>
> Regarding your "enterprises won't be happy without this" comment... why do
> you say this? One of the goals of this document is to get roughly
> equivalent forensics and logging abilities to what we have with IA_NA today
> (assuming cooperating hosts). But AFAICT the hierarchical notifications you
> describe aren't something that exists today with IA_NA. The enterprise
> either uses a local DHCPv6 server that is authoritative for the local
> prefix, or it uses a centralized DHCPv6 server to assign all addresses. In
> the former case, the only information about which addresses are assigned
> locally is in the logs of the local DHCPv6 server. The mechanism being
> proposed in this draft has the same properties.
>

The more I thought about this, the more I think, most enterprises will just
opt to stick with ia_na (possibly with added ia_pd for CLAT etc). Even if
this draft becomes approved and finalised, I have my doubt, enterprise will
opt for the mechanism here vs plain old ia_na.

Most enterprises I know and heard of are just using plain ia_na, of course
Android is excluded and gets no IPv6. Some enterprises will have a “Guest
SSID” and there's SLAAC on that one (which may or may not have internet
reachability), and it's an untrusted network, Android devices will get IPv6
there, but will need to VPN-in to get access to the internal services and
network.

*--*
Best Regards
Daryll Swer
Website: daryllswer.com
<https://mailtrack.io/link/8156cee82832ae3cd2ee8812d4b91b5ce3cf32f0?url=https%3A%2F%2Fwww.daryllswer.com&userId=2153471&signature=e42a88a14e15872d>


On Tue, 9 Jan 2024 at 06:01, Lorenzo Colitti <lorenzo=
40google.com@dmarc.ietf.org> wrote:

> On Mon, Dec 25, 2023 at 1:39 AM Michael Richardson <mcr+ietf@sandelman.ca>
> wrote:
>
>>
>> I wrote some text at:
>>   https://github.com/wkumari/draft-wkumari-dhc-addr-notification/pull/68
>>
>> and I'm sorry to open this can of worms, but I don't think that
>> enterprises
>> will be happy without this.  In particular, our desire to enable more
>> (permissionless) DHCPv6-PD downstream will get the same pushback that has
>> lead to this document.
>>
>
> I'm not sure we should take the document in that direction. Jen's concerns
> about removing the security and defining a general proxy mechanism are very
> valid. If we do want to do this I think it will require a lot more work:
> when will the messages be sent? What's the authentication model? What about
> privacy? And so on.
>
> Regarding your "enterprises won't be happy without this" comment... why do
> you say this? One of the goals of this document is to get
> roughly equivalent forensics and logging abilities to what we have with
> IA_NA today (assuming cooperating hosts). But AFAICT the hierarchical
> notifications you describe aren't something that exists today with IA_NA.
> The enterprise either uses a local DHCPv6 server that is authoritative for
> the local prefix, or it uses a centralized DHCPv6 server to assign all
> addresses. In the former case, the only information about which addresses
> are assigned locally is in the logs of the local DHCPv6 server. The
> mechanism being proposed in this draft has the same properties.
>
> Am I missing something?
>

v2.23.0 | Report a Bug | By Email