Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17

神明達哉 <jinmei@wide.ad.jp> Mon, 28 November 2016 18:00 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B09E129F8C for <dhcwg@ietfa.amsl.com>; Mon, 28 Nov 2016 10:00:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.7
X-Spam-Level:
X-Spam-Status: No, score=-1.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wp4vzEzt2gZU for <dhcwg@ietfa.amsl.com>; Mon, 28 Nov 2016 10:00:41 -0800 (PST)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E802129F89 for <dhcwg@ietf.org>; Mon, 28 Nov 2016 10:00:41 -0800 (PST)
Received: by mail-qk0-x229.google.com with SMTP id n21so148263853qka.3 for <dhcwg@ietf.org>; Mon, 28 Nov 2016 10:00:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=JHKR3/51xYEFB8TdEtcEvLwBNFA1Y9Lu5Kt101PHUmk=; b=r6gbk+lQp2RFonYI0Gf5i2QG5eR5TTJlQbHS8bQr0tykpqgIo80aKE5rYkr31DwwOu NoQTZZ+J8ADrfdc/2AfsfHVAfFHbIGod7d5Fvdim88ZIbFOTlNTyM/etDObTQyDxV/Be wo1UjajKTyXrLMce89yC9L+RGXDNY6eipFn7KhxVBEYhmUDvCZuXYE4fWPXmtEaj1IXv KRcQMzsaFx1g0eUuFStwX711MNHxakV252xDRY/81bkUqGL68OfelzJulShAJ+uhPG6f KKT/ZJC1TiTTnRSeMEpoQdnhakzcGMNDiM0YeMMe4MDYCzdVtm2DefG/XCmyhINq9epE M1Vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=JHKR3/51xYEFB8TdEtcEvLwBNFA1Y9Lu5Kt101PHUmk=; b=FZNAO6sRupjli5abqvHEj/ByBaidudY9xgtf/eUprh6Q5d7D/FYnlNI/VZ8gJ37aWt ofQ1kteY6FA5gD/RC/kq28nXG0mKzPLxun85wmOyTXH9/IvTVj+vV1/XiKyXBClW35m2 cRET/ntwQ558eu5PGoylluUziuXMU6XycdLqVERAYvWhSJVlM/dXs9ro46aFXXhbomUB ji+oIEAd+tpEPd99AsOeAA4CI85g6ndSuRXGC5AoVVFbUrONKGMNmwwnf8I2fV2m28b7 IZmdWgF+9l46hhZozlzlv2UFQ9DLOrTO+IbJSzDjNXWRkOOsnv9CMvoOMTfR+3qAdoVx 9/9w==
X-Gm-Message-State: AKaTC00DEUlXBmvuAzccS5Crdxs8FU6ZXmTr4JHzdCeOlbA92O9H+gsdLBzKmBUNBFx357Btf96nOAJ8JiaRww==
X-Received: by 10.55.134.1 with SMTP id i1mr20133579qkd.219.1480356040413; Mon, 28 Nov 2016 10:00:40 -0800 (PST)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.237.53.155 with HTTP; Mon, 28 Nov 2016 10:00:39 -0800 (PST)
In-Reply-To: <CAJ3w4Ne81LVsaznu_yck7fG7iJyGm=WY4=i2AF8gx39Tf59eMA@mail.gmail.com>
References: <CAJE_bqebwr2WUUgaNgiYS4_8L77Gxj4Os+oPRG407B6ELMEhCQ@mail.gmail.com> <CAJ3w4Ndi5Gq63n5kZnanRhLM8nWE2wsWGh0kJJLJnq=VoXLuCg@mail.gmail.com> <CAJE_bqegh1DfWjfK2BxeC_fWa0cEk-KJNP0AT-TQuEa39w_wVQ@mail.gmail.com> <CAJ3w4NdM99nv4C19Xj=aosNme+_Ymyys=xQ3UWUfeZReZC4ckA@mail.gmail.com> <CAJE_bqdhGZnK16MooiyujDgthDNnR74EiwW0OevrN6uq4b4ANw@mail.gmail.com> <CAJE_bqfKUZe2yaW1sAq7rrib0M7wz28HHtPLqCHK=vXcN6amgg@mail.gmail.com> <CAJ3w4Nd3s+ZojjiotLkKwys6truhUgK6F-90UYjcpB9iw=fKKQ@mail.gmail.com> <m2r36nuqvn.wl%jinmei.tatuya@gmail.com> <CAJ3w4NeuNYTrX4p5rtZ6UceD5ydQ-B-vY6aqQzxWnXsrDOEFEA@mail.gmail.com> <CAJE_bqdh-bgk7BHZJnaFFBr3PDj4ZnSSGeGNdQ70F7dv91iQrA@mail.gmail.com> <CAJ3w4NfU9PrC9a+MGnJ=Es1yir_asHB3p1=9GfxZZ0iSe+At+Q@mail.gmail.com> <CAJE_bqfRBYkrniWQ+vtPULTURnvyV792QNGvr8JhhZpGQ0MSdA@mail.gmail.com> <CAJ3w4NerRzHYsRqcUAkAjHX23PYVF4Jv0wKcd33vXRRg+-0EAQ@mail.gmail.com> <CAJ3w4NekPk0TuAZW_jmTDYQHd8JP3GsrA0qrKYrnyqSSk3qwxw@mail.gmail.com> <CAJE_bqc8hkrc3dYefTPWi-mUCtZD+oYsrobCK1KjmVGRnNfMCw@mail.gmail.com> <CAJ3w4NejrFAT3RK7i0W46HkQNJjhPxbhzQiL=3fcrceidTzHNQ@mail.gmail.com> <CAJE_bqcCwZWPHuZ0UR8_jyCUsaTrYKzLD8zUKwChYaCL06yT9A@mail.gmail.com> <CAJ3w4NfS8PKOMHcP5s_Nsp5K5eWJfXWRF-vNEau_ekqTRwE=wA@mail.gmail.com> <CAJE_bqfqSXFR9R5wf1USg-zs+nvdohQFq99kQL2DiapXvUdEqA@mail.gmail.com> <CAJ3w4Ncj40JwrW6UB+TVFvymByU5Y9iFv5QroWhwUzkLrS2DTg@mail.gmail.com> <CAJE_bqd38grUh9q57a-H29GsMx5Dpv9VE0iBMO7v_-y97zZZUg@mail.gmail.com> <CAJ3w4Ne63cnqoeTZk=PDmAN9+i6jwzyxbK+up45wB9h+xUDSfw@mail.gmail.com> <CAJE_bqceK7YLpMqhgjqrFQh7641a+ZRcnO0F6p6BiM8EMKmA7w@mail.gmail.com> <CAJ3w4Nf65b1zo-smMguZBc_-RbFh2y8kk7Fnu__TKCQEVbs48w@mail.gmail.com> <CAJE_bqeVciLxS_q=deRKLBr12ZGXxx2wdFiztJxJjfS7aAV2Ag@mail.gmail.com> <CAJ3w4NcvyeuRWJatGGH7U4g413GQvr9LHtDiX13zSOz7kBGEhw@mail.gmail.com> <CAJE_bqfFOhe26huAP8_BFKjnTXbG4F0vUfMYs5Xy=3RQigS7FA@mail.gmail.com> <CAJ3w4Ne81LVsaznu_yck7fG7iJyGm=WY4=i2AF8gx39Tf59eMA@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Mon, 28 Nov 2016 10:00:39 -0800
X-Google-Sender-Auth: lNfj_V5CeXhzJl03hM2xCgNAqEg
Message-ID: <CAJE_bqceRD2+vkfwR+Egr=CgyAT4wd1Wmxp1S=f3WRFGs9j4sg@mail.gmail.com>
To: Lishan Li <lilishan48@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/R4AuuZn8HCliFZzOMKc0S6ALwrs>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2016 18:00:42 -0000
X-List-Received-Date: Mon, 28 Nov 2016 18:00:42 -0000

At Fri, 25 Nov 2016 14:29:41 +0800,
Lishan Li <lilishan48@gmail.com> wrote:

> > Anything that would generate reasonably different values for different
> > keys (but it doesn't have to be guaranteed) is fine.  A simple
> > "checksum" like the RRSIG key tag would probably suffice; using a
> > commonly known modern hash is also fine.
> >
> [LS]: So it is mostly a implementation problem and don't need to specify
> it.

We need to describe it as part of the protocol as it's necessary for
interoperability.  It's similar to the fact that the calculation of
the DNS RRSIG key tag is part of the protocol standard.

> Another problem is that: how the client identify which public/private key
> pair is used for DHCPv6 configuration process when the client have multiple
> key pairs. In most cases, the client communicate with only one DHCPv6
> server. Then, the client only uses one public/private key pair for the
> DHCPv6 configuration process. So there is no need to define the mechanism.
> Could you please check whether my understanding correct?

In this case we can normally use the transaction ID (unlike the case
where the server needs to identify the key pair to decrypt the
received data)...except for Reconfigure.  So, in the end we probably
need to include the key tag option in the Encryption-Response
message.  Hmm, this leads to another question: which encryption
message should we use, Encryption-Query or Encryption-Response, to
encrypt a Reconfigure message?

--
JINMEI, Tatuya