Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
Curtis Villamizar <curtis@occnc.com> Fri, 14 September 2012 03:13 UTC
Return-Path: <curtis@occnc.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E179821F861C for <dhcwg@ietfa.amsl.com>; Thu, 13 Sep 2012 20:13:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.344
X-Spam-Level:
X-Spam-Status: No, score=-2.344 tagged_above=-999 required=5 tests=[AWL=-0.344, BAYES_00=-2.599, J_CHICKENPOX_72=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VoHS0jCoZ060 for <dhcwg@ietfa.amsl.com>; Thu, 13 Sep 2012 20:13:28 -0700 (PDT)
Received: from gateway1.orleans.occnc.com (gateway1.orleans.occnc.com [IPv6:2001:470:1f07:1545::1:132]) by ietfa.amsl.com (Postfix) with ESMTP id 4A26E21F8600 for <dhcwg@ietf.org>; Thu, 13 Sep 2012 20:13:28 -0700 (PDT)
Received: from harbor1.ipv6.occnc.com (harbor1.ipv6.occnc.com [IPv6:2001:470:1f07:1545::2:819]) (authenticated bits=0) by gateway1.orleans.occnc.com (8.14.5/8.14.5) with ESMTP id q8E3DK2H049568; Thu, 13 Sep 2012 23:13:20 -0400 (EDT) (envelope-from curtis@occnc.com)
Message-Id: <201209140313.q8E3DK2H049568@gateway1.orleans.occnc.com>
To: "Bernie Volz (volz)" <volz@cisco.com>
From: Curtis Villamizar <curtis@occnc.com>
In-reply-to: Your message of "Wed, 12 Sep 2012 03:01:22 -0000." <CC7572B0.223C%volz@cisco.com>
Date: Thu, 13 Sep 2012 23:13:20 -0400
Cc: "dhcwg@ietf.org WG" <dhcwg@ietf.org>, Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: curtis@occnc.com
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Sep 2012 03:13:29 -0000
In message <CC7572B0.223C%volz@cisco.com> "Bernie Volz (volz)" writes: > > Ted - I think you are spot on. We really have to prioritize and > handle the major issues and also focus on the future - IPv6 and > getting there. Marginal extensions to IPv4 should be very low > priority (or even better dropped). > > - Bernie Bernie, FORCERENEW and Forcerenew Nonce Authentication apply to IPv6 as well as IPv4. A short draft saying the RFC6704 also applies to INFORM would not be a big distraction. A statement could even be short enough to be an errata if we were willing to change RFC6704 with an errata (though I don't suggest we do this as an errata). Curtis > On 9/11/12 10:52 PM, "Ted Lemon" <Ted.Lemon@nominum.com> wrote: > > >On Sep 11, 2012, at 9:45 PM, "Gaurav Halwasia (ghalwasi)" > ><ghalwasi@cisco.com> > > wrote: > >> I am talking about a deployment where we do create *session* database > >>for hosts either based upon DHCP packet (Discover) or the normal IP > >>packet in case few of the hosts has not done DHCP but instead has just > >>DONE DHCP INFORM to get the config parameters. So in this kind of > >>deployment we do anyways maintain the session(or binding in terms of > >>DHCP) database on the box. Having said that I don't think storing client > >>information is a problem (at least in this deployment). The only extra > >>thing which we would need to store is a 'nonce'. > > > >This is a heavy burden for the working group to take on for a small > >deployment. Can you go into some detail about why this is the right way > >to solve the problem, and what bad things would happen if you didn't have > >FORCERENEW? > > > >I'm sorry to be stubborn about this, but you're talking about a DHCPv4 > >protocol extension, and as you know from another draft that just went to > >the IESG, bandwidth is limited for the DHC working group - we've had > >presentation marathons at the last two IETFs, and I've had to chivvy > >presenters mercilessly just to avoid running over the generous time slots > >we've been given. I feel really bad about doing that, and so I'm going > >to push back on proposals like this if I don't have a clear sense of > >their broad utility. I say this sort of wearing my working group > >co-chair hat and sort of wearing my working group participant hat - as a > >participant, I don't see the broad utility in this proposal, and as a > >chair I see a lot of work in my future. So please, give us a clear > >sales pitch for why we should feel good about taking on this work.
- [dhcwg] Reg RFC6704 (Forcerenew Nonce Authenticat… Gaurav Halwasia (ghalwasi)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Ted Lemon
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Ted Lemon
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Curtis Villamizar
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Curtis Villamizar
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Gaurav Halwasia (ghalwasi)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Gaurav Halwasia (ghalwasi)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Ted Lemon
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Bernie Volz (volz)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Bernie Volz (volz)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Gaurav Halwasia (ghalwasi)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Bernie Volz (volz)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Ted Lemon
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Curtis Villamizar