Re: [dhcwg] What sorts of services does DHCP configure?

Ole Troan <otroan@employees.org> Tue, 22 October 2013 19:03 UTC

Return-Path: <otroan@employees.org>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4043011E83AF for <dhcwg@ietfa.amsl.com>; Tue, 22 Oct 2013 12:03:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.266
X-Spam-Level:
X-Spam-Status: No, score=-10.266 tagged_above=-999 required=5 tests=[AWL=0.333, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B+nguaBOb-si for <dhcwg@ietfa.amsl.com>; Tue, 22 Oct 2013 12:03:47 -0700 (PDT)
Received: from ams-iport-3.cisco.com (ams-iport-3.cisco.com [144.254.224.146]) by ietfa.amsl.com (Postfix) with ESMTP id 939EE11E823A for <dhcwg@ietf.org>; Tue, 22 Oct 2013 12:01:29 -0700 (PDT)
X-Files: signature.asc : 496
X-IronPort-AV: E=Sophos; i="4.93,549,1378857600"; d="asc'?scan'208"; a="18459483"
Received: from ams-core-2.cisco.com ([144.254.72.75]) by ams-iport-3.cisco.com with ESMTP; 22 Oct 2013 19:01:21 +0000
Received: from dhcp-10-61-107-167.cisco.com (dhcp-10-61-107-167.cisco.com [10.61.107.167]) by ams-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r9MJ1FLa022247 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 22 Oct 2013 19:01:16 GMT
Content-Type: multipart/signed; boundary="Apple-Mail=_1307B6CA-CD5B-49A8-9AED-D07176B45BD1"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Ole Troan <otroan@employees.org>
In-Reply-To: <E319083A-FD8E-45A2-A3DA-E04D97DBF45F@nominum.com>
Date: Tue, 22 Oct 2013 21:01:15 +0200
Message-Id: <94D7FDC2-ADAE-4D93-85CF-95B66B5FDB6D@employees.org>
References: <0CAF13FF2DE695F55BFEEB8BD88E542A@thehobsons.co.uk> <489D13FBFA9B3E41812EA89F188F018E1AD1E42C@xmb-rcd-x04.cisco.com> <5D36713D8A4E7348A7E10DF7437A4B923AD49863@nkgeml512-mbx.china.huawei.com> <8E7FD62B-550F-4A71-AF31-1B2DCB53AF0F@nominum.com> <5D36713D8A4E7348A7E10DF7437A4B923AD499E3@nkgeml512-mbx.china.huawei.com> <6B818FA6-79AD-41DA-93C0-47556DFD18E7@nominum.com> <47131EA3-9EE6-4A10-8A7B-A4897D3078F0@employees.org> <E319083A-FD8E-45A2-A3DA-E04D97DBF45F@nominum.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
X-Mailer: Apple Mail (2.1510)
Cc: "dhcwg@ietf.org WG" <dhcwg@ietf.org>, "Bernie Volz \(volz\)" <volz@cisco.com>
Subject: Re: [dhcwg] What sorts of services does DHCP configure?
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 19:03:54 -0000

Ted,

>> are you sure you don't mean to say, "building networks this way is not a very good idea in most cases"?
>> because if you suspend enough disbelief, then the requirement for the network to be able to give hosts
>> information about the SAS/DAS policy table is hard to get around.
> 
> I'm deeply conflicted on the SAS option, as you may recall from my IESG review of it.  It does solve the problem, and in that sense it's good, but the security model makes me uncomfortable.   I would be a lot happier if SAS were somehow accomplished using ND options, probably for the same reason that people tend to be uncomfortable with default routes coming from DHCPv6 servers.  
> 
> "It's not a good idea" represents my most pessimistic view of the option; my optimistic view of the option is that it's useful and will make things work better in general.   But I'm waiting for reality to clue me in as to which view is more realistic.

agree.
you could, I believe generalise those concerns to most of the unauthenticated ND and DHCP provisioning options.
perhaps I want my host to use the searchlist when provided when I'm located in my home network (host owner equals network "operator"), but I probably wouldn't when connecting at my local cafe, or at my employers.

I would at least have liked that my host implementation provided more policy with regards to what DHCP options that it applied, based on what network it was connected to. that said, perhaps a lot of what we use DHCP for should better be done with service discovery.

cheers,
Ole