Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt

Thomas Narten <narten@us.ibm.com> Wed, 23 April 2003 19:40 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03950 for <dhcwg-archive@odin.ietf.org>; Wed, 23 Apr 2003 15:40:55 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h3NJr5v24085 for dhcwg-archive@odin.ietf.org; Wed, 23 Apr 2003 15:53:05 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3NJr5824082 for <dhcwg-web-archive@optimus.ietf.org>; Wed, 23 Apr 2003 15:53:05 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03934 for <dhcwg-web-archive@ietf.org>; Wed, 23 Apr 2003 15:40:24 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 198Q8i-0006ub-00 for dhcwg-web-archive@ietf.org; Wed, 23 Apr 2003 15:42:44 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 198Q8h-0006uY-00 for dhcwg-web-archive@ietf.org; Wed, 23 Apr 2003 15:42:43 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3NJou823078; Wed, 23 Apr 2003 15:50:56 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3NJmN822991 for <dhcwg@optimus.ietf.org>; Wed, 23 Apr 2003 15:48:23 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA03749 for <dhcwg@ietf.org>; Wed, 23 Apr 2003 15:35:42 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 198Q4A-0006rx-00 for dhcwg@ietf.org; Wed, 23 Apr 2003 15:38:02 -0400
Received: from e35.co.us.ibm.com ([32.97.110.133]) by ietf-mx with esmtp (Exim 4.12) id 198Q49-0006rp-00 for dhcwg@ietf.org; Wed, 23 Apr 2003 15:38:01 -0400
Received: from westrelay02.boulder.ibm.com (westrelay02.boulder.ibm.com [9.17.195.11]) by e35.co.us.ibm.com (8.12.9/8.12.2) with ESMTP id h3NJb8uT048950; Wed, 23 Apr 2003 15:37:08 -0400
Received: from rotala.raleigh.ibm.com (d03av02.boulder.ibm.com [9.17.193.82]) by westrelay02.boulder.ibm.com (8.12.8/NCO/VER6.5) with ESMTP id h3NJb7nq357576; Wed, 23 Apr 2003 13:37:08 -0600
Received: from rotala.raleigh.ibm.com (localhost.localdomain [127.0.0.1]) by rotala.raleigh.ibm.com (8.12.8/8.12.5) with ESMTP id h3NJae15014296; Wed, 23 Apr 2003 15:36:40 -0400
Received: from rotala.raleigh.ibm.com (narten@localhost) by rotala.raleigh.ibm.com (8.12.8/8.12.5/Submit) with ESMTP id h3NJaeDN014292; Wed, 23 Apr 2003 15:36:40 -0400
Message-Id: <200304231936.h3NJaeDN014292@rotala.raleigh.ibm.com>
To: Paul Duffy <paduffy@cisco.com>
cc: dhcwg@ietf.org
Subject: Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt
In-Reply-To: Message from paduffy@cisco.com of "Wed, 23 Apr 2003 15:26:20 EDT." <4.3.2.7.2.20030423151100.026384e8@funnel.cisco.com>
Date: Wed, 23 Apr 2003 15:36:40 -0400
From: Thomas Narten <narten@us.ibm.com>
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>

Hi Paul.

> > >        Code   Len      TCM
> > >       +-----+-----+-----+-----+
> > >       | TBD |  2  | m1  | m2  |
> > >       +-----+-----+-----+-----+
> >
> >It might be better to not have m1/m2, since the text talks about a
> >single 16-bit field rather than two smaller fields.

> The format is consistent with the formats presented in RFC 3495 (sections 
> 8.3, 8.4, etc.).

I guess we need to revise them and republish. :-)

> I'm not sure what you are driving at.  Suggestions?

THis is relatively minor thing, but since the field is 16-byte field,
it seems better to show it that way then to divide it up into
individual bytes.

Just change the picture to something like:
 
       Code   Len      TCM
      +-----+-----+-----+-----+
      | TBD |  2  | TC Mask   |
      +-----+-----+-----+-----+

> > >    5.   IANA Considerations
> >
> >what about future assignments of bit values?

> Yes, needs to be added.  How about...

> "IANA is requested to maintain a new number space of "CableLabs Client 
> Configuration Option Ticket Control Mask Bit Definitions", located in the 
> BOOTP-DHCP Parameters Registry.  The initial bit definitions are described 
> in section 4 of this document.  IANA is requested to register future bit 
> mask definitions via an "IETF Consensus" approval policy as described in 
> RFC 2434 [add ref}."

works for me.

> > >       However, the scenario described above is unlikely to occur.
> > >       Within the cable delivery architecture required by the various
> > >       CableLabs projects, the DHCP client is connected to a network
> > >       through a cable modem and the CMTS (head-end). The CMTS is
> > >       explicitly configured with a set of DHCP servers to which DHCP
> > >       requests are forwarded.  Further, a correctly configured CMTS
> > >       will only allow downstream traffic from specific IP
> > >       addresses/ranges.
> >
> >Could be more clear. I don't follow the last sentence, for example.

> Last sentence change to...

> "Further, the CMTS is explicitly configured to allow downstream traffic 
> only from specific IP addresses/ranges."

I don't follow the overall discussion to be honest. When clients are
using DHC, they don't have addresses yet. So what addresses are being
filtered? ANd how does this filtering prevent spoofing  of DHC
responses?

Are you saying that the CMTS verifies that all traffic supposedly
coming from a DHC server comes from a proper IP address (i.e., one
assigned ot a server?). That offers some protection. But what about
packets from spoofed addresses that correspond to DHC server
addresses? 

> P.S.  Should I hold the next draft until after IESG LC ?

Sounds reasonable.

Thomas
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg