Re: [dhcwg] What sorts of services does DHCP configure?

Ted Lemon <Ted.Lemon@nominum.com> Tue, 22 October 2013 17:32 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7949411E81F0 for <dhcwg@ietfa.amsl.com>; Tue, 22 Oct 2013 10:32:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.591
X-Spam-Level:
X-Spam-Status: No, score=-106.591 tagged_above=-999 required=5 tests=[AWL=0.008, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQhJFX-Sf5x9 for <dhcwg@ietfa.amsl.com>; Tue, 22 Oct 2013 10:32:41 -0700 (PDT)
Received: from exprod7og125.obsmtp.com (exprod7og125.obsmtp.com [64.18.2.28]) by ietfa.amsl.com (Postfix) with ESMTP id 756FA11E81BF for <dhcwg@ietf.org>; Tue, 22 Oct 2013 10:32:35 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob125.postini.com ([64.18.6.12]) with SMTP ID DSNKUma2s+X/2D1zTzvCzC1o9m3+8sZSpJF+@postini.com; Tue, 22 Oct 2013 10:32:35 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id ABAEE1B82F7 for <dhcwg@ietf.org>; Tue, 22 Oct 2013 10:32:30 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 87B86190052; Tue, 22 Oct 2013 10:32:30 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-02.WIN.NOMINUM.COM ([64.89.228.132]) with mapi id 14.03.0158.001; Tue, 22 Oct 2013 10:32:30 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Ole Troan <otroan@employees.org>
Thread-Topic: [dhcwg] What sorts of services does DHCP configure?
Thread-Index: AQHOynEUO3egx6OKW0yTJaZVryMLm5n31OqAgACxKQD//+s9gIAASJSA//++ToCACPedAIAACgSA
Date: Tue, 22 Oct 2013 17:32:29 +0000
Message-ID: <E319083A-FD8E-45A2-A3DA-E04D97DBF45F@nominum.com>
References: <0CAF13FF2DE695F55BFEEB8BD88E542A@thehobsons.co.uk> <489D13FBFA9B3E41812EA89F188F018E1AD1E42C@xmb-rcd-x04.cisco.com> <5D36713D8A4E7348A7E10DF7437A4B923AD49863@nkgeml512-mbx.china.huawei.com> <8E7FD62B-550F-4A71-AF31-1B2DCB53AF0F@nominum.com> <5D36713D8A4E7348A7E10DF7437A4B923AD499E3@nkgeml512-mbx.china.huawei.com> <6B818FA6-79AD-41DA-93C0-47556DFD18E7@nominum.com> <47131EA3-9EE6-4A10-8A7B-A4897D3078F0@employees.org>
In-Reply-To: <47131EA3-9EE6-4A10-8A7B-A4897D3078F0@employees.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <91BB9D8EE7D2DA45A94C672FB30BAC7F@nominum.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "dhcwg@ietf.org WG" <dhcwg@ietf.org>, "Bernie Volz \(volz\)" <volz@cisco.com>
Subject: Re: [dhcwg] What sorts of services does DHCP configure?
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 17:32:48 -0000

On Oct 22, 2013, at 12:56 PM, Ole Troan <otroan@employees.org> wrote:
> are you sure you don't mean to say, "building networks this way is not a very good idea in most cases"?
> because if you suspend enough disbelief, then the requirement for the network to be able to give hosts
> information about the SAS/DAS policy table is hard to get around.

I'm deeply conflicted on the SAS option, as you may recall from my IESG review of it.  It does solve the problem, and in that sense it's good, but the security model makes me uncomfortable.   I would be a lot happier if SAS were somehow accomplished using ND options, probably for the same reason that people tend to be uncomfortable with default routes coming from DHCPv6 servers.  

"It's not a good idea" represents my most pessimistic view of the option; my optimistic view of the option is that it's useful and will make things work better in general.   But I'm waiting for reality to clue me in as to which view is more realistic.