Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - summary

Ted Lemon <> Wed, 19 April 2017 14:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0544612952D for <>; Wed, 19 Apr 2017 07:47:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vagvVX9IDAUx for <>; Wed, 19 Apr 2017 07:47:02 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1820B12944F for <>; Wed, 19 Apr 2017 07:47:02 -0700 (PDT)
Received: by with SMTP id h67so21977490qke.0 for <>; Wed, 19 Apr 2017 07:47:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=RaiG2aGCU5kehg3t7smAywDBHpWg2VUiZXGtx8xBrrc=; b=cWiERK9rmjrjFB2SqsLaB2F5IKp5wNdQBAwAPxaRueSQKdUG03pjQ3MlC5GeHAiOLY Jqn6CBBO6f9xRKvMVVj9kzwDKL0Ox731TQkOxNCZxcSJUT0uKFQUfu67WFgzdO7oXN+9 7NhhSh7BInobkO8IgRKktG6fizjJTCACwdfjl4YydSDFhgSBQEEwQqQKTuuGBkSg6v1m 93VCX4bCeFyOhF45AlSAVJBRyjwLliDkUHDccV1o63ZQPmnkJe2tX/bfCfMWqGfScQ6E bggkRAn31Bszb1vK8A2Z+q5fzLyLKlZiVQNTeyAn6ETZySc5S4nBH0qbpDjWrb4WR00X f3gA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=RaiG2aGCU5kehg3t7smAywDBHpWg2VUiZXGtx8xBrrc=; b=F6Nmj78CrdavW74b8XVRsv8KpCiloG7JVvEE+H2Rev+h5biAIfnZ7QeDpxFlwIxxXZ mOdppdZsRIGfXhEDce4acgm7dfudUE+BXo5/oP3HpHGBMfh/DtSlPfrDchZVhi3IbwyV IV/33tk6JDvajdmyQqfS0cqvMpZwlIHmEqv+WQvqIYns089D1y/XrRPce5CE9xjSZ5XD 4V+YpHXoaTEZjwg4aEc3Szi6CqABZMVJI8+VgG/nm//Zo7oPfp4IoE9IHG9+bXSxLuNh /cHOUphUWPFkrUL1nlHBYB2JKbitHvKQheZ9PcXnHXc/GNvVTeIj8PvWg9FhE8gulgQ+ pTLQ==
X-Gm-Message-State: AN3rC/6OjqbrRYmTAnlwS3XRvjciS6rq40o4ttJpu+YEa5OltZxU5886 Pe0Adxz8FIst+w==
X-Received: by with SMTP id u129mr2651071qkd.124.1492613221200; Wed, 19 Apr 2017 07:47:01 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id 123sm2012155qkm.22.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Apr 2017 07:47:00 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Ted Lemon <>
In-Reply-To: <>
Date: Wed, 19 Apr 2017 10:46:59 -0400
Cc: "Templin, Fred L" <>, dhcwg <>, draft-ietf-dhc-sedhcpv6 authors <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <>
To: Lishan Li <>
X-Mailer: Apple Mail (2.3273)
Archived-At: <>
Subject: Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - summary
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Apr 2017 14:47:04 -0000

It might be worth evaluating how commonly SAVI is deployed in practice before becoming concerned about this.   Also, since SAVI actually solves some of the same problems as sedhcpv6, it seems reasonable to think that the availability of two incompatible solutions may still result in more overall win.   A way to address this in the document would be to simply say that at present, the two approaches solve related problems but are mutually incompatible, so the choice must be made between one and the other.

This is also not a very serious problem in the sense that RFC 7513 proposes a DHCPv6-only address configuration model, which is not very common in practice.   In practice, SAVI First Come First Served (RFC 6620) should be compatible with secure DHCPv6, and will generally produce better results.

For sites that want absolute control over address assignment through a DHCP server, the options are either to not use Secure DHCPv6, or to implement an updated SAVI that would have to be written up that takes the assigned IP address out of the un-signed wrapper, or else uses layer 2 relay in combination with putting the IP address in the relay wrapper, as you've been advocating, Fred.