Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by September 13, 2023
Mark Smith <markzzzsmith@gmail.com> Mon, 25 September 2023 14:07 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0263EC14CF1D for <dhcwg@ietfa.amsl.com>; Mon, 25 Sep 2023 07:07:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.593
X-Spam-Level:
X-Spam-Status: No, score=-6.593 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pR_jtgMGu0VR for <dhcwg@ietfa.amsl.com>; Mon, 25 Sep 2023 07:07:42 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CF7BC1522AF for <dhcwg@ietf.org>; Mon, 25 Sep 2023 07:07:42 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-9a9cd066db5so862633866b.0 for <dhcwg@ietf.org>; Mon, 25 Sep 2023 07:07:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695650860; x=1696255660; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/bZ2zk5qmCV9qi97vendcgZ3o1wO0+gJsWSKfuXDPsE=; b=maR3coxfJ4vIn0T6evtA1h8wdrHgzB2tqhsEuw2u/p7wrz5C2L/TRg0LoGX5iK8XQp PeLFYuOoSBKcDCBixaTAv/Tz6gQaf8tsPg8homlG5ChTgoAFCfRpAfZjR5papYWXziF1 ZuahimKFb9ddzI6T9b6l69NakuKPGT/pIZdSgratMf1t5Qb/ery0Y7bFtSxrX01vN4FD yHZFJ754z0k3Eew2AUu/slFjV0MuyHtzM4iNRlL0bvG2KdRgOTUAb0C64Oo3tCACWZHl s82xmpzI+IpoD6seYEXibph1Xy431B0UM+T/Wki+p1EWbsSFoe5AXzrsVrcVZzIbRzsn WAHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695650860; x=1696255660; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/bZ2zk5qmCV9qi97vendcgZ3o1wO0+gJsWSKfuXDPsE=; b=WwtbfRU9S+/jWTOowBDlMgTHx6q2Iob45WGfQW+jppBVpYUo78g5MQp7goRgrHmiZd vZLUyrLjcj5zVGZ/xpfG1UMIGbWW7A0kSSW5h0c9xwjCxHynuXC6Gm37PZX8kP1z3HM5 s6f+dkrOlA22PWOpW0LmIojFPOEsnSPvrUEm6y60THd+fzwjIhaQfpfqAcv5/54CtcwY PxgPM/IRXrEkNrQw3+QMHwEpVMD6k7jBCrjRAJuovypt+WCyKURB2yaYlz6nUi70F0HI qxyQzMmlsKrq24APVj/b0EaEp6tZE/RFow9QkaZAU9aw18wZ2hWyRb28ZP1GEeVM7sYX gFlg==
X-Gm-Message-State: AOJu0YyrmR12+hUMz4BcOO6Usb2jSRogsEcy4LMYfA8ZnvGkYijSvLPw sixKOlt9ATmifRmgXHSwQTcvTFMXzBNr4fyiNMI=
X-Google-Smtp-Source: AGHT+IGx39pM7yoxZqPXHDBQBpqI3lNmxHrOHzOi2bktYPuBlYjZJLWfOgpv++31PfSKv036DY2eFM1M1tBl7mOHQc4=
X-Received: by 2002:a17:906:220f:b0:9ae:65e5:497d with SMTP id s15-20020a170906220f00b009ae65e5497dmr6847746ejs.59.1695650860229; Mon, 25 Sep 2023 07:07:40 -0700 (PDT)
MIME-Version: 1.0
References: <CAJgLMKvATJP78ONPc8f6kG2eNWq83XCTSdvRLVGKWB26JGrANQ@mail.gmail.com> <1E185C09-B45E-4B1E-81F8-3CB6141B9881@employees.org> <CAJgLMKtYy2U1vScQoW4eWD3sLipeUTak7BqkELXZ61=6_cKJDQ@mail.gmail.com> <1418C8C0-DBCA-4222-B1C4-604E4B389DEA@employees.org>
In-Reply-To: <1418C8C0-DBCA-4222-B1C4-604E4B389DEA@employees.org>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Tue, 26 Sep 2023 00:07:30 +1000
Message-ID: <CAO42Z2yUT628xbyi9hA_adxtVNm17spgVsb=LRhVK2KXuqP=2g@mail.gmail.com>
To: Ole Troan <otroan=40employees.org@dmarc.ietf.org>
Cc: Timothy Winters <tim@qacafe.com>, dhcwg <dhcwg@ietf.org>, Ted Lemon <mellon@fugue.com>
Content-Type: multipart/alternative; boundary="0000000000002fe96c06062f7bfd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/N5t1pCK2qggmPY5qNGrHyZdG5YA>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by September 13, 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Sep 2023 14:07:47 -0000
On Mon, 25 Sept 2023, 23:55 Ole Troan, <otroan= 40employees.org@dmarc.ietf.org> wrote: > > We have had some operators' interests in this solution over scrapping > switches and routers. I think it would be helpful to hear from network > operators or DHCPv6 server solutions about how viable and deployable this > solution is. > > I hope we are not suggesting scrapping all switches and routers. > Wouldn’t be much of a network then! :-D > > It would be useful to hear from enterprise network operators indeed. > We need to make it clear to them that this mechanism depends on hosts > (voluntarily) notifying the DHCP server about it’s addresses. And unless > that’s also enforced through the network in other ways, the information > given is “just another datapoint with some probability of being correct”). > > “Scraping” of routers and switches isn’t the direct alternative to DHCP > address notification. Although some level of first hop security functions > is likely required. I would think DHCPv6 address assignment is the obvious > solution instead of this. > DHCPv6 isn't a solution when you think about what the security requirements are. The Stateful DHCPv6 Myth. No, it doesn't record IPv6 addresses in use. Neither does DHCPv4. https://ipv6tao.blogspot.com/2021/09/the-stateful-dhcpv6-myth-no-it-doesnt.html?m=1 > O. > > > > > > ~Tim > > > > On Sat, Sep 23, 2023 at 4:08 AM Ole Trøan <otroan@employees.org> wrote: > > Thanks Tim, > > > > I do wonder if it’s not worth doing a complete retake of this proposal. > > > > If the operator requirement is to know which address has been in use in > the network by which device at any point in time, then that cannot be > guaranteed with this mechanism. Existing first-hop security mechanisms in > switches and routers would be much more robust. > > > > O. > > > >> On 22 Sep 2023, at 22:22, Timothy Winters <tim@qacafe.com> wrote: > >> > >> Hi Everyone, > >> > >> The working group had some great discussion about this document during > the WGLC. Based on the discussion it didn't pass WGLC at this time. It > will mostly need another round of discussion and potentially a revision > based on those discussions. > >> > >> Additionally, Bernie and I discussed and think it's a good idea to wait > to ask IANA for a early code points until we have passed WGLC. > >> > >> Regards, > >> Tim > >> > >> On Thu, Sep 14, 2023 at 3:16 PM Bernie Volz <bevolz@gmail.com> wrote: > >> An interesting question may be do we need new messages at all? Using > Information Request / Reply with new option is perhaps cleanest? > >> - existing clients can do what they do today > >> - existing servers (and relays or other snoopers) will not know option > so ignore (hopefully silently) > >> - existing servers only see “more” Information-Request for clients not > supporting this new work when enabling O-bit to request address > registrations > >> - “new” clients that do SLAAC when O-bit set and did support > Information-Request can do initial registration in first message (or send > when address assigned) and do periodic updates (perhaps even ask for other > options via ORO to refresh information) … they may actually have no more > messages than today (well, except if they have multiple SLAAC addresses as > need to use a separate Information-Request for each) … they could also > decouple previous and new behavior at increase in traffic. > >> - registration only clients that did not use Information-Request > previously add new traffic … which is exactly what we want > >> > >> The only downside is it kind of overloads Information-Request as it is > now also a client to server communication. Though the client already can > send information to server in Information-Request (user class, vendor > class, vendor information, …). And, we could say the client is asking > whether the server supports registration (by getting new option in Reply). > >> > >> Note: It may be worth thinking about making use of the new > “registration address” option’s encapsulated options field if client wants > to send other information (such as fqdn). This isn’t really bad as this is > likely address specific and any server that wanted to do something with > this data needs updating anyway. This keeps all of the registration > information hidden from those devices that don’t that registration option. > >> > >> Anyway, this is now a very good reason to hold off on early assignment > for message types (and likely say WGLC failed). > >> > >> - Bernie (from iPad) > >> > >>> On Sep 14, 2023, at 2:32 PM, Bernie Volz <bevolz@gmail.com> wrote: > >>> > >>> Hi: > >>> > >>> (Just catching up and responding to this as was asked > specifically…there could have been more I haven’t yet read.) > >>> > >>> 8415bis only prohibits IA options in Information-Request > >>> > >>> 16.12. Information-request Message > >>> > >>> Clients MUST discard any received Information-request messages. > >>> > >>> Servers MUST discard any received Information-request message that > >>> meets any of the following conditions: > >>> > >>> * the message includes a Server Identifier option (see > >>> Section 21.3), and the DUID in the option does not match the > >>> server's DUID. > >>> > >>> * the message includes an IA option. > >>> > >>> I wonder however if having an Address Registration option specifically > would be better (the Information-Request and new registration request could > use this instead of IA_Addr option). This might avoid an overly aggressive > server or relay that checks the Information-Request or its Reply for > options from doing odd things if it sees the IAAddr. If we’re trying to > make things safe, this may be best. Note also that it may help other > devices in the path that may want to snoop for this data. (But it could > have downside if any “options” are developed as then those specifications > would need to determine if they are also allowed in this new address > option). > >>> > >>> > >>> On a separate note, one issue the current draft may need to document > and is a consideration is that when O-bit (RA) and A-bit (PIO) is set, a > registration only server should really support Information-Request as it > will also get lots of those from clients that support DHCPv6 - it may just > send back a pretty empty Reply. > >>> > >>> By using Ted’s suggestion of using Information-Request, it would be > natural for registration only to be implemented at least sufficiently to > send a well formed Reply even when not address registration request. > >>> > >>> It seems like a clever idea to use Information-Request at least for > initial determination of support. > >>> - it avoids extra packets. > >>> - client could honor server’s INF_MAX_RT to reduce frequency of > probing (likely periodic probing is not a bad idea). > >>> > >>> > >>> - Bernie (from iPad) > >>> > >>>> On Sep 14, 2023, at 11:29 AM, Lorenzo Colitti <lorenzo@google.com> > wrote: > >>>> > >>>> On Fri, Sep 15, 2023 at 12:22 AM Ted Lemon <mellon@fugue.com> wrote: > >>>> What I think would be most expedient (if we must use DHCP to probe > for support of address registration) would be to do the first address > registration as an information request with the additional information in > the information request, using the source address being registered. If the > reply that comes back confirms the address registration, then all > subsequent address registrations on this link would be sent as address > registrations. > >>>> > >>>> Well, but if we can come up with a reasonable way to represent an > address registration using an information-request packet, then why not make > all registrations be information-request packets? > >>>> > >>>> +Bernie Volz any thoughts on using information-request and reply > messages, instead of the new addr-reg-inform and addr-reg-reply messages > currently defined in the draft? > >> _______________________________________________ > >> dhcwg mailing list > >> dhcwg@ietf.org > >> https://www.ietf.org/mailman/listinfo/dhcwg > >> _______________________________________________ > >> dhcwg mailing list > >> dhcwg@ietf.org > >> https://www.ietf.org/mailman/listinfo/dhcwg > > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg >
- [dhcwg] WGLC for draft-ietf-dhc-addr-notification… Timothy Winters
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Erik Kline
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… David Farmer
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Li HUANG
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… David Farmer
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Nick Buraglio
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Timothy Winters
- [dhcwg] Fwd: WGLC for draft-ietf-dhc-addr-notific… Li HUANG
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Li HUANG
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Timothy Winters
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Mark Smith
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… David Farmer
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Alan DeKok
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… rob@deepdivenetworklng.com
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Nick Buraglio