Re: [dhcwg] Last Call: <draft-ietf-dhc-option-guidelines-14.txt> (Guidelines for Creating New DHCPv6 Options) to Best Current Practice

Cullen Jennings <fluffy@iii.ca> Wed, 09 October 2013 17:33 UTC

Return-Path: <fluffy@iii.ca>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A619821E811C; Wed, 9 Oct 2013 10:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id og7NnDy-2hbR; Wed, 9 Oct 2013 10:33:06 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by ietfa.amsl.com (Postfix) with ESMTP id 8883B21E805F; Wed, 9 Oct 2013 10:33:06 -0700 (PDT)
Received: from [192.168.4.100] (unknown [128.107.239.233]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 50CE722E200; Wed, 9 Oct 2013 13:32:59 -0400 (EDT)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <29DE3138-F0E6-4CCB-A8A0-AD5D975E0866@nominum.com>
Date: Wed, 9 Oct 2013 11:32:57 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <F474FA9D-CDC4-4DB7-937E-1252E203749F@iii.ca>
References: <20130919215457.30925.98345.idtracker@ietfa.amsl.com> <C5E08FE080ACFD4DAE31E4BDBF944EB123C933B2@xmb-aln-x02.cisco.com> <EF97C65E-A58C-4076-B737-014126786442@nominum.com> <C5E08FE080ACFD4DAE31E4BDBF944EB123C96CF3@xmb-aln-x02.cisco.com> <29DE3138-F0E6-4CCB-A8A0-AD5D975E0866@nominum.com>
To: Ted Lemon <ted.lemon@nominum.com>
X-Mailer: Apple Mail (2.1510)
X-Mailman-Approved-At: Wed, 09 Oct 2013 10:46:54 -0700
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [dhcwg] Last Call: <draft-ietf-dhc-option-guidelines-14.txt> (Guidelines for Creating New DHCPv6 Options) to Best Current Practice
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2013 17:33:11 -0000

On Oct 9, 2013, at 9:47 AM, Ted Lemon <ted.lemon@nominum.com>
 wrote:

> On Oct 9, 2013, at 11:26 AM, Cullen Jennings (fluffy) <fluffy@cisco.com> wrote:
>> Help educate me on this a bit - I don't see all the things that get requested of DHCP. What are some examples of things where people are request FQDN where IP would be better. I think having some real examples that have come up would make it easier to see what advice is needed.
> 
> DNS server IP address.   NTP server IP address.   Router IP address (not in DHCPv6, of course).   AFTR IP address.   Basically, network infrastructure IP addresses.

Well DNS and Router obviously won't work with FQDN so lets talk about NTP for a minute. (and sorry, I don't even know what AFTR IP is). I design lots of devices that have to be plugged into a network and just start working with no user interaction. Getting the correct time is often really useful to have - particularly with synchronization protocols. 

One approach would be to hard code that NTP server name in the the product. That is not my preferred approach because stuff goes wrong and you end up with things like http://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse . Another approach is for DHCP to provide the NTP server info. I would argue that getting a FQDN of the NTP server pool is a better design for DHCP than getting an IP address because this allow DNS load balancing across the pool and allows the server IP to change over time and still not have client failures. 

You agree that FQDN is would be a better design than IP for NTP ?


> 
> Bear in mind that the set of services configured by DHCP ought to be pretty small—just things that really are local network infrastructure services, not things that are specific to the host and not to the network.   It's not even clear to me that NTP ought to be configured by DHCP, and indeed in most cases it is not, despite there being an RFC describing how to do it.
> 
> Considering the case of SIP, when you configure SIP I think that's probably a configuration that shouldn't change as the phone moves from network to network.   

Agree - it does not change as phones move network to network. It is uses DHCP the first time the phone is plugged in. The whole design is around making sure the phone can go from the manufacture to the end user without ever being removed from the box or powered up be an admin. The admin configures the call control system based on knowledge about the phone and which user the phone is going to but the admin does not need to touch the phone. When the phone first boots it imprint baby duck style on a network to get the configuration information which is encrypted with that phones public key. After that the phone use that configuration information not the DHCP (unless the phone is factory reset). It's actually a lot more complicated than that because security relies on replacement of manufacture certificates with the service provider certificates to make sure a comprise of the manufactures CA only results in service provider not being able to enroll new phones but does not compromise security of operational phone network. 

However, the first time the phone boots, DHCP needs to let the phone know who the likely service provider might be. If the phone gets the wrong DHCP information from an attacker or wrong network, the phone fails to configure but does not suffer MITM attacks. Using DHCP for phones has been used by pretty much every IP phone manufactures and most enterprise deployments and many residential providers including folks ranging from vonage to AT&T take advantage of it.  DHCP greatly reduce the deployment costs of setting up VoIP networks. 

We had a lot of learning from the phone deployments and I expect us to use what we learned there for how we do IoT. (I presented a paper on this at the IAB workshop on IoT). One of the things we learned the hard way was names work better than numbers. 


> So it shouldn't be configured by DHCP.   In the case where the phone happens not to be likely to move from network to network, you could _get away_ with using DHCP.   But a solution that would work for phones that _do_ move from network to network would also work for phones that do not, and that solution would therefore be preferable, particularly as an MTI solution, since it addresses all use cases.
> 
> As I mentioned in the IESG discussion, it is a shame that aggsrv didn't become a working group, since it was intended to address this specific problem, at least as I understood it.
>