IETF Logo Mail Archive

Re: [dhcwg] RECONFIGURE Triggered by DHCPv6 Relay Agents (draft-boucadair-dhc-triggered-reconfigure)

<mohamed.boucadair@orange.com> Fri, 24 August 2012 14:40 UTC

Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A92BD21F86E0 for <dhcwg@ietfa.amsl.com>; Fri, 24 Aug 2012 07:40:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.069
X-Spam-Level:
X-Spam-Status: No, score=-2.069 tagged_above=-999 required=5 tests=[AWL=0.178, BAYES_00=-2.599, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TFzDd8deqnpx for <dhcwg@ietfa.amsl.com>; Fri, 24 Aug 2012 07:40:20 -0700 (PDT)
Received: from relais-inet.francetelecom.com (relais-ias92.francetelecom.com [193.251.215.92]) by ietfa.amsl.com (Postfix) with ESMTP id 8DC4121F8683 for <dhcwg@ietf.org>; Fri, 24 Aug 2012 07:40:19 -0700 (PDT)
Received: from omfedm05.si.francetelecom.fr (unknown [xx.xx.xx.1]) by omfedm11.si.francetelecom.fr (ESMTP service) with ESMTP id 9B2343B421F; Fri, 24 Aug 2012 16:40:18 +0200 (CEST)
Received: from PUEXCH11.nanterre.francetelecom.fr (unknown [10.101.44.27]) by omfedm05.si.francetelecom.fr (ESMTP service) with ESMTP id 74B3A35C045; Fri, 24 Aug 2012 16:40:18 +0200 (CEST)
Received: from PUEXCB1B.nanterre.francetelecom.fr ([10.101.44.9]) by PUEXCH11.nanterre.francetelecom.fr ([10.101.44.27]) with mapi; Fri, 24 Aug 2012 16:39:56 +0200
From: mohamed.boucadair@orange.com
To: Ted Lemon <Ted.Lemon@nominum.com>
Date: Fri, 24 Aug 2012 16:39:54 +0200
Thread-Topic: [dhcwg] RECONFIGURE Triggered by DHCPv6 Relay Agents (draft-boucadair-dhc-triggered-reconfigure)
Thread-Index: Ac2B6QUqwYS2/P4sSIahdPn5lTXDIwABPhGAABLMSoAADm1sMA==
Message-ID: <94C682931C08B048B7A8645303FDC9F36E5332AACB@PUEXCB1B.nanterre.francetelecom.fr>
References: <94C682931C08B048B7A8645303FDC9F36E5332AA39@PUEXCB1B.nanterre.francetelecom.fr> <264AF650-EB56-4C12-9A1D-F1A92FEACB39@nominum.com>
In-Reply-To: <264AF650-EB56-4C12-9A1D-F1A92FEACB39@nominum.com>
Accept-Language: fr-FR
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: fr-FR
Content-Type: multipart/alternative; boundary="_000_94C682931C08B048B7A8645303FDC9F36E5332AACBPUEXCB1Bnante_"
MIME-Version: 1.0
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2012.8.24.130320
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] RECONFIGURE Triggered by DHCPv6 Relay Agents (draft-boucadair-dhc-triggered-reconfigure)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Aug 2012 14:40:20 -0000

Dear Ted,

Thank your for the review.

Please see inline.

Cheers,
Med

________________________________
De : Ted Lemon [mailto:Ted.Lemon@nominum.com]
Envoyé : vendredi 24 août 2012 15:44
À : BOUCADAIR Mohamed OLNC/NAD/TIP
Cc : dhcwg@ietf.org
Objet : Re: [dhcwg] RECONFIGURE Triggered by DHCPv6 Relay Agents (draft-boucadair-dhc-triggered-reconfigure)

On Aug 24, 2012, at 7:49 AM, mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com> wrote:
Comments and suggestions are more than welcome.

In section 2, you propose that the reconfigure-request include an RSOO, but this is actually not necessary; what will happen is that the RECONFIGURE-REQUEST will trigger a RECONFIGURE, the client will then send a RENEW, the relay will piggyback an RSOO on the RENEW containing, e.g., the new AFTR_NAME option, and the DHCP server will send a REPLY containing the AFTR_NAME option.   So there's no need to include that in the RECONFIGURE-REQUEST.   This is a minor point--it would certainly do no _harm_ to include the AFTR_NAME option in the RSOO on the RECONFIGURE-REQUEST.
[Med] That's make sense too. I changed "MUST" to "MAY" in Section 3.3: the point is to provide the dhcp server with more information to help the server whether a RECONFIGURE is needed. If for some reason, the server detects the same information has been already supplied to the client, it may decide to not generate a RECONFIGURE message.

So of course if you make this change, you'd have to fix up section 3.2.

I would also change this, in section 3.2:


If the server is configured to reject RECONFIGURE-REQUEST, any received RECONFIGURE-REQUEST is silently dropped.

To this:


If the server is configured to reject RECONFIGURE-REQUEST, the server MUST silently discard any RECONFIGURE-REQUEST it receives.

It might be good to consistently say "silently discard" instead of "discard" in that section.
[Med] I updated my local copy.

Section 3.3 also mentions sending the RSOO, and, if you accept my argument above, should not.
[Med] Changed "MUST" to "MAY" for the reason mentioned above in my local copy.

In addition to the issues discussed in the Security Considerations section of RFC5007, you might also want to add this (possibly to section 3.2, not to the Security Considerations section):

Because this message provides a mechanism for triggering the DHCP Reconfigure message, and the DHCP Reconfigure message can be used by an attacker to control the timing of a DHCP renewal, the DHCP server must have some mechanism for determining that the relay agent is a trusted entity.   RECONFIGURE-REQUEST messages originating from unknown relay agents MUST be silently dropped.
[Med] I updated Section 3.2 with the proposed text. Thanks.

Aside from this, the document looks good, and seems useful.   Are you proposing that the working group should adopt this work?
[Med] Yes. Thanks.

v2.23.0 | Report a Bug | By Email