Re: [dhcwg] DHC WG charter
Thomas Narten <narten@us.ibm.com> Mon, 21 October 2002 20:09 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13532 for <dhcwg-archive@odin.ietf.org>; Mon, 21 Oct 2002 16:09:49 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g9LKBdu20675 for dhcwg-archive@odin.ietf.org; Mon, 21 Oct 2002 16:11:39 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9LKBdv20672 for <dhcwg-web-archive@optimus.ietf.org>; Mon, 21 Oct 2002 16:11:39 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13517 for <dhcwg-web-archive@ietf.org>; Mon, 21 Oct 2002 16:09:18 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9LK9Fv20599; Mon, 21 Oct 2002 16:09:16 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9LK51v19946 for <dhcwg@optimus.ietf.org>; Mon, 21 Oct 2002 16:05:01 -0400
Received: from e33.co.us.ibm.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA13320 for <dhcwg@ietf.org>; Mon, 21 Oct 2002 16:02:39 -0400 (EDT)
Received: from westrelay03.boulder.ibm.com (westrelay03.boulder.ibm.com [9.17.194.24]) by e33.co.us.ibm.com (8.12.2/8.12.2) with ESMTP id g9LK4oQm025648; Mon, 21 Oct 2002 16:04:50 -0400
Received: from rotala.raleigh.ibm.com (rotala.raleigh.ibm.com [9.27.12.14]) by westrelay03.boulder.ibm.com (8.12.3/NCO/VER6.4) with ESMTP id g9LK4nDL075148; Mon, 21 Oct 2002 14:04:49 -0600
Received: from rotala.raleigh.ibm.com (narten@localhost) by rotala.raleigh.ibm.com (8.11.6/8.11.6) with ESMTP id g9LK2Ck23663; Mon, 21 Oct 2002 16:02:12 -0400
Message-Id: <200210212002.g9LK2Ck23663@rotala.raleigh.ibm.com>
To: Ralph Droms <rdroms@cisco.com>
cc: dhcwg@ietf.org
Subject: Re: [dhcwg] DHC WG charter
In-Reply-To: Message from Ralph Droms <rdroms@cisco.com> of "Tue, 15 Oct 2002 09:06:44 EDT." <4.3.2.7.2.20021015085610.00b5baa8@funnel.cisco.com>
Date: Mon, 21 Oct 2002 16:02:12 -0400
From: Thomas Narten <narten@us.ibm.com>
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Hi Ralph. > > > * Develop a threat model and analysis of the authentication > > > protection provided by RFC3118; specific issues to be addressed > > > include: > > > - Improved key management and scalability > > > >Sounds here like your already jumping ahead to the requirements for > >new protocols. I.e., shouldn't this phase be focused on undertstanding > >limiations of the current mechanisms? Is this just a wording issue? > Perhaps it is a wording issue? s/include/might include/ ?? The intended > purpose for the bullet list is to capture current "common knowledge" about > the threat model and RFC3118. The word "improved" implies to me not analyzing/understanding the current systems, but jumping to the next steps of what is needed. Seems like the threat model/analysis should be focused on understanding the limitations and threats of what we have specified today. Having said that, I don't doubt that improvements are needed. :-) So this is a wording issue I think. > > > - Security for messages passed between relay agents and servers > > > - Threats of DoS attacks through FORCERENEW > > > > > * Develop requirements for any new protocols to address threats or > > > other enhancement identified by the threat model and analysis of > > > 3118 > > > >What's missing above is a clear statement that this WG will develop > >new authentication mechanisms that address the deployability problems > >with the current schemes (whether through an extension to 3118 or > >something else). Or that it will address the relay-agent to DHC server > >path. > Can you explain this comment in a different way, as it seems to be at > cross-purposes with your previous comment about "jumping ahead to the > requirements". I think we're in having a violent agreement that we want to > (a) get some DHCP authentication out to the client deployed and common > wisdom is that the best path is through new mechanisms in the RFC3118 > framework; and (b) secure communication between the DHCP relay agents and > servers. Maybe what is needed is a context paragraph before the specific tasks. It could say something like: RFC 3118 defines current security mechanisms for DHCP. Unfortunately, RFC 3118 has neither been implemented nor deployed to date. There is widespread feeling that its current restriction to manual keying of clients limits its deployability. It is the goal of this WG to rectify this situation by defining extensions that have better deployability properties. In order to achive this goal, the WG will perform the following security-related tasks: [and then list specific items] > > > * Complete the specification of DHCP for IPv6 (DHCPv6): > > > - Gain acceptance and publication of current Internet Draft as > > > Proposed Standard > > > - Develop and publish specifications for options and other > > > extensions to DHCPv6, including those already published as > > > Internet Drafts > > > >General comment on options (both IPv4 and IPv6). I'd like the charter > >to clearly indicate that the DHC WG will be reviewing options to make > >sure they are consistent with the protocol, other option usages, etc. > The charter has a separate bullet item for review of options. Are you > suggesting that the bullet item be extended to include "consistent with the > protocol, other option usages, etc." as specific types of review? I think it would be useful to have more specific text that describes how (and when) options will be reviewed by the WG, and when they will be taken on by the WG. I.e, something like: This WG also is responsible for reviewing (and sometimes developing) DHC options (for both IPv4 and IPv6). The WG is expected to review all proposed DHC options to ensure that they are consistent with the DHC protocol, other option formats, that they do not duplicate existing options, etc. The WG cannot (generally) be responsible for evaluating the semantic content of proposed options. Only subject matter experts for the technology the option relates to can do so. The DHC WG will not adopt new DHC option proposals as WG documents without first coordinating with other relevant WGs and determining who has the responsibility for reviewing the semantic content of an option. I don't have a strong feeling about which WG owns a DHC option document (when the option is needed by another WG). So long as the two WGs coordinate, things should work out. But in anycase, the WG should sign off on all DHC options no later than (and hopefully much sooner than) IETF LC. But this level of detail can probably be left out of the charter and dealt with on a case-by-case basis. > >Also, I don't like the "other client and relay agent options" as it is > >too open ended. I think the WG needs a way of vetting potential > >options before the WG takes them on officially. > There are other options currently in the pipeline; this "other ... options" > bullet is intended to refer to those options that are "work in > progress". New work is intended to fall under the following bullet > item. The problem is that once the charter is out, there is no context for recalling which options were "in the pipeline" when the charter was written and which are new. Thus, it would probably be better to just list the IDs that the WG thinks it still has responsbility for. Thomas _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [Dhcwg] Re: Change to 'seconds' field in DHCP mes… Ralph Droms
- RE: [Dhcwg] Re: Change to 'seconds' field in DHCP… Bernie Volz (EUD)
- [dhcwg] RE: Change to 'seconds' field in DHCP mes… Ralph Droms
- Re: [Dhcwg] Re: Change to 'seconds' field in DHCP… Ted Lemon
- Re: [Dhcwg] Re: Change to 'seconds' field in DHCP… Ralph Droms
- Re: [Dhcwg] Re: Change to 'seconds' field in DHCP… Ted Lemon
- Re: [Dhcwg] Re: Change to 'seconds' field in DHCP… Ted Lemon
- Re: [Dhcwg] Re: Change to 'seconds' field in DHCP… Ralph Droms
- Re: [Dhcwg] Re: Change to 'seconds' field in DHCP… Ralph Droms
- Re: [Dhcwg] Re: Change to 'seconds' field in DHCP… Ted Lemon
- [dhcwg] Changes to remove "client-link-local-addr… Ralph Droms
- Re: [dhcwg] Changes to remove "client-link-local-… Ted Lemon
- Re: [dhcwg] Changes to remove "client-link-local-… Ralph Droms
- Re: [dhcwg] Changes to remove "client-link-local-… Ted Lemon
- Re: Re[2]: [dhcwg] Lease database storage in DHCP… Thomas Narten
- Re: [dhcwg] Assigning DHCPv6 option codes Thomas Narten
- Re: [dhcwg] dhcpv6-24: randomization delay before… Thomas Narten
- Re: [dhcwg] dhcpv6-24: randomization delay before… Thomas Narten
- Re: [dhcwg] dhcpv6-24: movement detection and Con… Thomas Narten
- Re: [dhcwg] dhcpv6-24: use of anycast Thomas Narten
- Re: [dhcwg] dhcpv6-24: use of anycast Thomas Narten
- Re: [dhcwg] dhcpv6-24: vendor-specific issues Thomas Narten
- Re: [dhcwg] status of draft-ietf-dhc-agent-subnet… Thomas Narten
- Re: [dhcwg] status of draft-ietf-dhc-agent-subnet… Thomas Narten
- Re: [dhcwg] DHC WG charter Thomas Narten
- Re: [dhcwg] DHC WG charter Thomas Narten
- RE: [dhcwg] DHC WG charter Ralph Droms
- Re: [dhcwg] DHC WG charter Thomas Narten
- Re: [dhcwg] DHC WG charter Ralph Droms
- Re: [dhcwg] Agenda items for IETF-59, Seoul Naiming Shen
- Re: [dhcwg] *DRAFT* minutes from WG meeting in Se… Naiming Shen
- Re: [dhcwg] dhc wg last call on "DHCP Relay Agent… Thomas Narten