Re: [dhcwg] DHCP hackathon in Berlin?

Tomek Mrugalski <> Wed, 01 June 2016 12:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3BC5712D1B7 for <>; Wed, 1 Jun 2016 05:38:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YOUIdn4cRvgy for <>; Wed, 1 Jun 2016 05:38:03 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 149BC12D1AB for <>; Wed, 1 Jun 2016 05:38:03 -0700 (PDT)
Received: by with SMTP id b73so11835822lfb.3 for <>; Wed, 01 Jun 2016 05:38:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=P2BaQXO3b3EM1UVYBch+QNFSXozuc0z1KacN5+R3tkA=; b=QHruNHP04kcPSY9PUsxdb0Mqn8BbqNc7xJUtftSRX1ocmDUJnv+34XVmef+67UBRZT Vy/LqpbgGgLZ1iQYGmIj1riYOIbVqexKEQPy4XABd8y7LfPrJWbNE0g6EBOuKkXcYw1L Wrk7JYooLT8y1osuTetPxK3rnUtzCF9JSs2YuEzuwUg2/Q4lIrDw49mfoyZQbbXKlJBt QGOW7Ch8V6iYcVitk7omZ5JIq/j0OHzKlh+EZPdz6ZzURWX46PjOVKbu5c/uPrW/V2Z0 nSN8PfAuq4sFP1jbpmT1emvKgJUPl+T0m6hf4u/g7vmM9+Jlv3VqdgSwf4vlGGQ8D4uE vxwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=P2BaQXO3b3EM1UVYBch+QNFSXozuc0z1KacN5+R3tkA=; b=in2NminibixWHvpVNnkX25jLfMAyszmJ0LxyCrkXGvd4dLPXhDG20EDR9vfdaz+ejs Zi3uhJz2tu8btk3x8+LV6q2GgjSFZKTOIeDlgWssqWVSmKEQtBBCvtxtyC3NxmlOp9i4 9xoWwiIz3EoXogoHGif7JAp2cU/68XH0qMc2oK2uJkkTg+9plEzsFh6fGl8ipS6JjlVN STINeDHR4tSVsm7NhWwq+kv882MxwAtrTWzR1NF7qhPd/Fb91xkvgxh/U0heYsugTPBj ICgbqYY5YwRv++SHFA5gwOSPoG8NkY3aeNVt7I0oiOlby5do3sV7Q7HuElvYfn2jPxjP xmgg==
X-Gm-Message-State: ALyK8tKE1VcK033AL7jTanQLzZFhTSaOhcYTbmCq8cczFWpytePI668a/K2i1Z27UgA2Bg==
X-Received: by with SMTP id j12mr1669940lfb.47.1464784681214; Wed, 01 Jun 2016 05:38:01 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id t11sm5798573lfd.20.2016. (version=TLSv1/SSLv3 cipher=OTHER); Wed, 01 Jun 2016 05:38:00 -0700 (PDT)
To: Roy Marples <>
References: <> <> <>
From: Tomek Mrugalski <>
X-Enigmail-Draft-Status: N1110
Message-ID: <>
Date: Wed, 1 Jun 2016 14:37:58 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <>
Cc: dhcwg <>
Subject: Re: [dhcwg] DHCP hackathon in Berlin?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 01 Jun 2016 12:38:05 -0000

On 01.06.2016 13:29, Roy Marples wrote:
> No love for dhcpcd for client testing? 
We'd certainly like to test this implementation, but we need someone
who's familiar with it enough to run it and fix any issues found.

> While I think it should already support the basics of RFC7550 I
> haven't extensively tested it against every bullet point.
That's the idea here. We want to test whether we missed anything, what's
the most reasonable behavior in odd corner cases etc.

> It should also support secure DHCPv6 from RFC3315 as well.
I would be cautious with using "secure" and "3315" in the same sentence. :)

> I'm quite new to this list and am unaware if there are any newer RFC
> documents in the works to change secure transactions over RFC3315.
Yes, there are. First, there's secure DHCPv6 draft that's being
currently actively worked on draft-ietf-dhc-sedhcpv6-12 [1]. It's a
significant step forward as compared to what 3315 offered.

Second, there's RFC3315bis work [2] in progress that hopes to clean up,
clarify and fix lots of issues in DHCPv6. The current draft is
dhc-rfc3315bis-04. There's a whole separate mailing list and issue
tracker [3] dedicated to it. Authors are planning to publish -05 version
in the next couple days. If you're interested in what has changed, we
maintain a changelog (see Appendix A). It may not be exhaustive, though.

One of the changes in 3315bis is the Delayed Authentication mechanism
being deprecated. The mechanism was underspecified, difficult to deploy,
had significant operational burden and its actual deployment in
production networks was extremely limited at best. As there's a new
alternative (sedhcpv6), we decided to get rid of the delayed auth.

Both of those drafts are hoping to go through WGLC (working group last
call) in the next couple months. Feel free to review them and post your
comments here.