[dhcwg] Updated DHCPv4 Active Leasequery draft
Kim Kinnear <kkinnear@cisco.com> Mon, 02 March 2015 21:21 UTC
Return-Path: <kkinnear@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD7991A89A7 for <dhcwg@ietfa.amsl.com>; Mon, 2 Mar 2015 13:21:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YV7_xn9azhiS for <dhcwg@ietfa.amsl.com>; Mon, 2 Mar 2015 13:21:22 -0800 (PST)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5BD561A89A6 for <dhcwg@ietf.org>; Mon, 2 Mar 2015 13:21:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2005; q=dns/txt; s=iport; t=1425331282; x=1426540882; h=from:content-transfer-encoding:subject:date:message-id: cc:to:mime-version; bh=IWLQTBZOiuC4ADo7eHSJD0asfbcCV3vIksdDogcYikg=; b=dpn1qElssMMQoU3/b86Y4S7nrdOvAHJiOqA5UGBxeqCCvATnQNHE/ACa grl4+/P0pSafJEWhSh3CchwZPkqJiMf/kyCgOr7EMVs6iZSI+QL4hCIgr QtbVyqbHvpR6tTaDvRjlJfiH72cRDs5VFMFPC0QiBHqnixddTcI1I7i5h 8=;
X-IronPort-AV: E=Sophos;i="5.09,677,1418083200"; d="scan'208";a="400278343"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-5.cisco.com with ESMTP; 02 Mar 2015 21:21:22 +0000
Received: from [161.44.70.111] ([161.44.70.111]) (authenticated bits=0) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id t22LLIM2009875 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 2 Mar 2015 21:21:20 GMT
From: Kim Kinnear <kkinnear@cisco.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Mon, 02 Mar 2015 16:21:18 -0500
Message-Id: <D0480E1C-407D-4078-AEFF-523B33745AF1@cisco.com>
To: "dhcwg@ietf.org WG" <dhcwg@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
X-Authenticated-User: kkinnear
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/O21xu_Y4l9cKRO4peH8Ic9o22XQ>
Cc: Kim Kinnear <kkinnear@cisco.com>
Subject: [dhcwg] Updated DHCPv4 Active Leasequery draft
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2015 21:21:24 -0000
Along about the middle of 2014 Ted reviewed the DHCPv6 Active Leasequery draft after it had passed WGLC. He found a number of textual changes that were required, as well as directing us to add TLS for additional security. The DHCPv4 and DHCPv6 Active Leasequery drafts are about as identical as we could make them other than the differences required for the different base protocols, so we had to update each of these drafts to respond to Ted's review comments. I have submitted the updated DHCPv4 Active Leasequery draft just now: draft-ietf-dhc-dhcpv4-active-leasequery-02.txt http://datatracker.ietf.org/doc/draft-ietf-dhc-dhcpv4-active-leasequery/ It contains the following changes: 1. Removed "requirements by government agencies" as a motivational reason to support active leasequeries. 2. Draft now "updates" RFC6926, DHCPv4 Bulk Leasequery, to say what to do if an unknown message is received over a TCP connection. The answer: drop the TCP connection. 3. Defined a "blocked TCP connection" in the glossary. 4. Instructed systems administrators to not allow a DHCPACTIVELEASEQUERY message to be sent over a DHCP TCP connection to a system which does not support DHCPv4 Active Leasequery (since the action to take was undefined). 5. Instructed people who implemented DHCPv4 Bulk Leasequery but not DHCPv4 Active Leasequery to implement at least the update to RFC6926; i.e., to drop the TCP connection if a message that is unknown is received. 6. Added TLS for data integrity, and defined a message (DHCPTLS) to be used to request TLS over a TCP connection (as well as a status code to indicate that TLS is not allowed: TLSConnectionRefused). 7. Simplified the Security section to largely rely on TLS as the approach to security. 8. A number of paragraphs were changed to clarify the wording. No changes to the operation of the protocol was made in these changes for clarity. Regards -- Kim