IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023

Lorenzo Colitti <lorenzo@google.com> Tue, 09 January 2024 00:31 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A50ADC338925 for <dhcwg@ietfa.amsl.com>; Mon, 8 Jan 2024 16:31:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.609
X-Spam-Level:
X-Spam-Status: No, score=-17.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vX0oo2uziusI for <dhcwg@ietfa.amsl.com>; Mon, 8 Jan 2024 16:31:24 -0800 (PST)
Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 379B1C33893D for <dhcwg@ietf.org>; Mon, 8 Jan 2024 16:31:24 -0800 (PST)
Received: by mail-qk1-x72a.google.com with SMTP id af79cd13be357-78313803243so232241785a.3 for <dhcwg@ietf.org>; Mon, 08 Jan 2024 16:31:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1704760283; x=1705365083; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vy4zpZbe3k94WWYUwydHLDBdiMnnbNZYxDZheJUc764=; b=ujn/0WJ1nXWH3Eg3yD/yWEHRAzxdgRRaNHpSQy8xtNnDeL8gIcnOfo9eVCqKv7rly9 8Wfci7GU90bv3hKd4qZ/9GabDrd4m2xU/PIBb1Hd58sX5qy6xM3vJBDQGoBya1gYZhXu O627zN/7G4Zmaj4w8fqaTH5r/nheMgzv9V0ZQMs2HRQOE7vBZoBZQjaldR9daMzVARKJ 4iw245NA8awSQNDys2qoCScOSTSUlKkyStIPfTLQfbFd/N/FB+ntoPu8B4tacksQ/LO8 WFrNqWVx31jvkvBdc8ZXT41Cj70w3X3U9IxrUb6q/giCBFYF4h4r1Q7iP0a5Y81wJlyp oVxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704760283; x=1705365083; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vy4zpZbe3k94WWYUwydHLDBdiMnnbNZYxDZheJUc764=; b=tg13pUAY+PLzRJ7vczxLkiQM1Cm4wpcPx3Zd+00anYawv//RjoHDsmCDrPymrGC2+d rY+g9uPOc7s0uYrSmTmnZOkxtlQmaZQECuNShbhXNd9MtGtVkxPcZGQurY5r89uKoiDo cTjCHP8Y+AF3DkQhnAkXFIETY+gcb7IFW+GubNmMHeASglvKRmvj2AIzRUVmHQkyow5E l8JX3C5ucYAjMhgWdld5Ulm9uCF0nWM6bDLIHT1eP02oAAl3qkGVOmvBf+WxzpIOY7Rk BAnkDBr0tDi7g+pkgGN72E/0v4Dje0XgCFqH8ugmJqnUvlF7pWQXsGA0laOcLwsFp6Q1 EI4g==
X-Gm-Message-State: AOJu0Yx8QL/BShorZbCO/taRZEOe4+EZlP6x3H3EUYHl+QAk0zTuQL+F JFJ8IXu7BkLBHVPPo3XlJ9+fnL/wCBiGKe4OdfR5MxUVozot8/vENoDPkHxK6mJ5
X-Google-Smtp-Source: AGHT+IFiFigmwzxzKXGhpp84MZqi8gMxFsAVTGj1GdXANEF9b1BBD4sWHcpUVa6TKzs4U1dATh/0/EHT18BpJUtLu40=
X-Received: by 2002:a05:6214:d05:b0:681:11af:455d with SMTP id 5-20020a0562140d0500b0068111af455dmr615929qvh.1.1704760282819; Mon, 08 Jan 2024 16:31:22 -0800 (PST)
MIME-Version: 1.0
References: <CACyFTPE0+aV35JgVCL62T3NKL_tFkxuvM=Wfq0xpcw5_Ra-u_A@mail.gmail.com> <15477.1703435979@localhost>
In-Reply-To: <15477.1703435979@localhost>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Tue, 09 Jan 2024 09:31:07 +0900
Message-ID: <CAKD1Yr2TSv7cTVVDDj6sxjVY++PN-iybg3g7N3BM3vFWCU=YMg@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: dhcwg@ietf.org, Daryll Swer <contact=40daryllswer.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001643c0060e786fb5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/B0y0H_CQ4ZY3Kzm0mAMyIvrko1c>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2024 00:31:28 -0000

On Mon, Dec 25, 2023 at 1:39 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> I wrote some text at:
>   https://github.com/wkumari/draft-wkumari-dhc-addr-notification/pull/68
>
> and I'm sorry to open this can of worms, but I don't think that enterprises
> will be happy without this.  In particular, our desire to enable more
> (permissionless) DHCPv6-PD downstream will get the same pushback that has
> lead to this document.
>

I'm not sure we should take the document in that direction. Jen's concerns
about removing the security and defining a general proxy mechanism are very
valid. If we do want to do this I think it will require a lot more work:
when will the messages be sent? What's the authentication model? What about
privacy? And so on.

Regarding your "enterprises won't be happy without this" comment... why do
you say this? One of the goals of this document is to get
roughly equivalent forensics and logging abilities to what we have with
IA_NA today (assuming cooperating hosts). But AFAICT the hierarchical
notifications you describe aren't something that exists today with IA_NA.
The enterprise either uses a local DHCPv6 server that is authoritative for
the local prefix, or it uses a centralized DHCPv6 server to assign all
addresses. In the former case, the only information about which addresses
are assigned locally is in the logs of the local DHCPv6 server. The
mechanism being proposed in this draft has the same properties.

Am I missing something?

v2.23.0 | Report a Bug | By Email