IETF Logo Mail Archive

Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)

Ted Lemon <Ted.Lemon@nominum.com> Wed, 12 September 2012 02:52 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3558021F84D5 for <dhcwg@ietfa.amsl.com>; Tue, 11 Sep 2012 19:52:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.253
X-Spam-Level:
X-Spam-Status: No, score=-106.253 tagged_above=-999 required=5 tests=[AWL=-0.254, BAYES_00=-2.599, J_CHICKENPOX_72=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AvleTBeDRMdE for <dhcwg@ietfa.amsl.com>; Tue, 11 Sep 2012 19:52:44 -0700 (PDT)
Received: from exprod7og125.obsmtp.com (exprod7og125.obsmtp.com [64.18.2.28]) by ietfa.amsl.com (Postfix) with ESMTP id 80C6421F84CD for <dhcwg@ietf.org>; Tue, 11 Sep 2012 19:52:44 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob125.postini.com ([64.18.6.12]) with SMTP ID DSNKUE/4++frALgGVI5mY3+798f/4sHChjMC@postini.com; Tue, 11 Sep 2012 19:52:44 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 5B05DF809D for <dhcwg@ietf.org>; Tue, 11 Sep 2012 19:52:43 -0700 (PDT)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 52E6819005C; Tue, 11 Sep 2012 19:52:43 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-01.WIN.NOMINUM.COM ([64.89.228.131]) with mapi id 14.02.0247.003; Tue, 11 Sep 2012 19:52:43 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: "Gaurav Halwasia (ghalwasi)" <ghalwasi@cisco.com>
Thread-Topic: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
Thread-Index: AQHNkE8cKpbVbNLxRMad4YyhUAitE5eGD8kAgABVhgCAABLFgA==
Date: Wed, 12 Sep 2012 02:52:42 +0000
Message-ID: <F8B51038-A94A-4D9B-9F91-8542D0D09127@nominum.com>
References: <201209111856.q8BIuCJS024680@gateway1.orleans.occnc.com> <5F1BEB17-0FC5-4C84-A189-90BFBE868D7B@nominum.com> <90903C21C73202418A48BFBE80AEE5EB19241E49@xmb-rcd-x06.cisco.com>
In-Reply-To: <90903C21C73202418A48BFBE80AEE5EB19241E49@xmb-rcd-x06.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <0FD6AACD7076524E87A1E6AADBCB0C13@nominum.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "dhcwg@ietf.org WG" <dhcwg@ietf.org>
Subject: Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2012 02:52:45 -0000

On Sep 11, 2012, at 9:45 PM, "Gaurav Halwasia (ghalwasi)" <ghalwasi@cisco.com>
 wrote:
> I am talking about a deployment where we do create *session* database for hosts either based upon DHCP packet (Discover) or the normal IP packet in case few of the hosts has not done DHCP but instead has just DONE DHCP INFORM to get the config parameters. So in this kind of deployment we do anyways maintain the session(or binding in terms of DHCP) database on the box. Having said that I don't think storing client information is a problem (at least in this deployment). The only extra thing which we would need to store is a 'nonce'. 

This is a heavy burden for the working group to take on for a small deployment.   Can you go into some detail about why this is the right way to solve the problem, and what bad things would happen if you didn't have FORCERENEW?

I'm sorry to be stubborn about this, but you're talking about a DHCPv4 protocol extension, and as you know from another draft that just went to the IESG, bandwidth is limited for the DHC working group—we've had presentation marathons at the last two IETFs, and I've had to chivvy presenters mercilessly just to avoid running over the generous time slots we've been given.   I feel really bad about doing that, and so I'm going to push back on proposals like this if I don't have a clear sense of their broad utility.   I say this sort of wearing my working group co-chair hat and sort of wearing my working group participant hat—as a participant, I don't see the broad utility in this proposal, and as a chair I see a lot of work in my future.   So please, give us a clear sales pitch for why we should feel good about taking on this work.

v2.37.1 | Report a Bug | By Email | System Status