Re: [dhcwg] [Int-dir] Review of draft-ietf-dhc-relay-server-security-02

"jouni.nospam" <jouni.nospam@gmail.com> Thu, 26 January 2017 18:25 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF6ED129970; Thu, 26 Jan 2017 10:25:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Yh-WscksZgx; Thu, 26 Jan 2017 10:25:48 -0800 (PST)
Received: from mail-pg0-x243.google.com (mail-pg0-x243.google.com [IPv6:2607:f8b0:400e:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D556312996A; Thu, 26 Jan 2017 10:25:48 -0800 (PST)
Received: by mail-pg0-x243.google.com with SMTP id 204so22927306pge.2; Thu, 26 Jan 2017 10:25:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MV6aH6jnnJjC1jQEGh1SjGvdbBspjN+BBGcX+ZrfmZw=; b=ly7pbI4KZD8y75oAsiUJmZpOUKjdqLcC8GzpnAYJizuRbdCtH/pkU0Fxt6MQKL8pDx r/TICeynK/JWRrV5Bwmr3a5OCZnr8MYBbH8xjtvzfvKYtK15oFdrpXYIJg9LVbmJ+zfP aozbB37sDpX38HPR3JkKljkRsLlAYL6pbTjBiO6QdeGE9+9qrHl3tf+LMw05vkNb5BLL upsyfhkd9kRHRU7apcDwKHn9gnSa9vLPa+HC7D88bv+bgBdqinKzAZVxvo8+gbWjg9Uw Aj9yGGUp9Y7whHkzlCqr70nZx+qD+FJPW9SNx/PkosIImGjroOAkLUbyt/ScAC/Jq+nh k45Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=MV6aH6jnnJjC1jQEGh1SjGvdbBspjN+BBGcX+ZrfmZw=; b=P7b/+zhv39stN/LXowuyKAbm+UTjA/kF+15z3UeRkc+Xr0oxCu1YjSJ3K6ON0qrW93 aAdBPXhICRS53CKpVdFLuRmq6/BP6mwwaNBZLkFjA6qL6qPfa25Lwam3tG5jqIGNTAXN 72hucGmYV1NNcT2MdoUmc0DZFr7Z3dOHeigo5E0GnMBDc52S0AMjtgQ7lSZ9eeo2cODe Qwga+MzK89f+vzvYkFfvmrEvdsYHs8GrdPF/zE3K60w012Eum5EnKhJCPZIpihqPqGjX Cj2iVW+AmE+061j76CLco+Sf5+nLuTh2oQi256IMSEuFke/1k1IPnPIYI0EG4WOrIOjJ Q3jw==
X-Gm-Message-State: AIkVDXIlQqxJBhBbbGWGyRvQZuMtlWrxgtiRPd0Bdfgck8J3L4mYk4H0UsDNAofcFnSlkA==
X-Received: by 10.84.179.99 with SMTP id a90mr6059857plc.139.1485455148314; Thu, 26 Jan 2017 10:25:48 -0800 (PST)
Received: from [192.168.89.94] ([216.31.219.19]) by smtp.gmail.com with ESMTPSA id d128sm5101368pfg.56.2017.01.26.10.25.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Jan 2017 10:25:47 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: "jouni.nospam" <jouni.nospam@gmail.com>
In-Reply-To: <e996599692ff4584b8ace30a36ea6881@XCH-ALN-003.cisco.com>
Date: Thu, 26 Jan 2017 10:25:45 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <B3CE8C9D-C20C-4FAB-9054-0F09B2B87F63@gmail.com>
References: <148541310715.6205.3276873953603821357.idtracker@ietfa.amsl.com> <ff898bc0-81ce-7598-c3f3-2e114d30df30@gmail.com> <e996599692ff4584b8ace30a36ea6881@XCH-ALN-003.cisco.com>
To: "Bernie Volz (volz)" <volz@cisco.com>, Tomek Mrugalski <tomasz.mrugalski@gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/SRtXeQUaEH0Ch5hs-qahySzxW44>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-relay-server-security.all@ietf.org" <draft-ietf-dhc-relay-server-security.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, Jouni Korhonen <jounikor@gmail.com>, "int-dir@ietf.org" <int-dir@ietf.org>
Subject: Re: [dhcwg] [Int-dir] Review of draft-ietf-dhc-relay-server-security-02
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2017 18:25:51 -0000

Bernie, Tomek,


> On Jan 26, 2017, at 5:38 AM, Bernie Volz (volz) <volz@cisco.com>; wrote:
> 
> Hi:
>  
> Thanks for the review Jouni (as Int-Dir coordinator and document coauthor).
>  
> Regarding the main issue and to extend Tomek’s comment …
>  
> We actually have used this text, but without the MUST, in 3315bis (the updated version has not been published as the coauthors are still working through the remaining open issues from the approximately 300 that we captured during the 3315bis WGLC back in August). We do expect to publish an updated version before the IETF-98 deadline (hopefully with all issues addressed, but we’ll see).
>  
> And, as Tomek explained, this idea here was to make this an OPTIONAL feature that vendors could implement (much like any new DHCP option) – but if we left the text as a SHOULD or similar, vendors could claim they supported it without actually implementing it. Thus, this document has a MUST. And, it does not update – but rather extends – 3315 and 1542.

Hmm.. I really do not like specification “games” like this. If you cannot justify a MUST into RFC3315bis, then trying to circumvent the fact in another document (that does not update the RFC3315 or RFC3315bis) should not be a Standards Track document. I could accept this as a BCP or a like.

- Jouni

>  o I would separate the new recommendation text for DHCPv4 and DHCPv6
> into their own respective section. Having just a one-liner statement
> "also applies to DHCPv4 [RFC1542].." is kind of confusing in a middle
> of very DHCPv6 specific text. I recon the DHCPv4 section would be
> short, but definitely more clear in that way.
>  
> BV> I’ll discuss this with Yogendra … I think we can just make this clearer by either breaking out this applicability text for v4/v6 into separate paragraphs. I don’t think there really should be a need to duplicate the main material – i.e., have separate sections which basically would be the same text on the IPsec items.
>  
> o Although it should be obvious, but I would explicitly point it out
> in the Security Considerations that the security model here is
> hop-by-hop. If there are multiple relays then there will be multiple
> IPsec tunnels as well.
>  
> BV> Sure, we can add that.
>  
> o Section 14:  s/section 14,/Section 14,
>  
> BV> OK, thanks for catching that.
>  
> Again, thanks.
>  
> -          Bernie
>  
> From: Tomek Mrugalski [mailto:tomasz.mrugalski@gmail.com] 
> Sent: Thursday, January 26, 2017 5:24 AM
> To: Jouni Korhonen <jounikor@gmail.com>;; int-dir@ietf.org
> Cc: dhcwg@ietf.org; ietf@ietf.org; draft-ietf-dhc-relay-server-security.all@ietf.org
> Subject: Re: Review of draft-ietf-dhc-relay-server-security-02
>  
> W dniu 26.01.2017 o 07:45, Jouni Korhonen pisze:
> Reviewer: Jouni Korhonen
> Review result: Not Ready
>  
> Disclaimer: I have not followed recent DHC discussions to the extent
> that the existence this document was new to me.
>  
> Issues:
>  
> My issues with the document are the following. First, it actually
> updates a great deal of RFC3315 (Section 21.1) while there is
> RFC3315bis in progress. Why the DHCPv6 part of this document is not
> directly contributed to RFC3315bis work? There's even author overlap
> so there must be a good reason. Second, if there is a reason to keep
> the content of this document separate from RFC3315 body of work, at
> least this specification should then target to update RFC3315bis and
> not RFC3315.
> Hi Jouni,
> First of all, thanks for doing the review.
> 
> I will leave it up to the authors to provide further details on this, but with my shepherd hat on, let me explain that this omission was made on purpose. The decision was made to not update 3315 and not bundle this into 3315bis on purpose. If we did that, then every DHCP server would HAVE to support IPSec. This would make implementation, certification and deployment much more complex and this is something we wanted to avoid. With the current approach, operators can be specific whether they need relay server security (by requiring their vendors to support both 3315 and this document) or not (just 3315).
> 
> This is also explained in the write-up:
> (16) Will publication of this document change the status of any
> existing RFCs? Are those RFCs listed on the title page header, listed
> in the abstract, and discussed in the introduction? If the RFCs are not
> listed in the Abstract and Introduction, explain why, and point to the
> part of the document where the relationship of this document to the
> other RFCs is discussed. If this information is not in the document,
> explain why the WG considers it unnecessary.
>  
>   No. Even though this I-D introduces changes to RFC3315, the WG doesn't
>   want to enforce IPsec encryption on every DHCPv6 server. Therefore
>   it does not update RFC3315.
> 
> 
> Also, I'd like to clarify that 3315bis is not a wildcard that bundles every RFC related to DHCPv6 ever published. This document is 133 pages long and that size causes difficulties moving the work forward. We're thinking what are the things we can take out of it, rather what else we could add. The previous argument still stands here. We want to have the core spec and an additional RFC that people can point to when they require secure server-relay communication.
> 
> If that explanation is not acceptable for you, how do you propose to structure the text and possibly add updates 2131/3315 to achieve the goal or being a non-mandatory feature?
> 
> I'll let the authors comment on the nits.
> 
> Again, thanks for the review. It's good to receive one that shakes things up a bit once in a while :)
> Tomek
> 
> Other smaller nits:
>  
> o This document updates both RFC3315(bis) and RFC1542. Those are not
> reflected in the document title page and abstract. 
>  
> o I would separate the new recommendation text for DHCPv4 and DHCPv6
> into their own respective section. Having just a one-liner statement
> "also applies to DHCPv4 [RFC1542].." is kind of confusing in a middle
> of very DHCPv6 specific text. I recon the DHCPv4 section would be
> short, but definitely more clear in that way.
>  
> o Although it should be obvious, but I would explicitly point it out
> in the Security Considerations that the security model here is
> hop-by-hop. If there are multiple relays then there will be multiple
> IPsec tunnels as well.
>  
> o Section 14:  s/section 14,/Section 14,
>  
> o 
>  
>  
> 
> _______________________________________________
> Int-dir mailing list
> Int-dir@ietf.org
> https://www.ietf.org/mailman/listinfo/int-dir