Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)

"Bernie Volz (volz)" <volz@cisco.com> Thu, 25 August 2016 16:40 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 269A212D1EB for <dhcwg@ietfa.amsl.com>; Thu, 25 Aug 2016 09:40:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.068
X-Spam-Level:
X-Spam-Status: No, score=-15.068 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4PKv0MbLVhXn for <dhcwg@ietfa.amsl.com>; Thu, 25 Aug 2016 09:40:38 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2EAA12D18D for <dhcwg@ietf.org>; Thu, 25 Aug 2016 09:40:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12930; q=dns/txt; s=iport; t=1472143237; x=1473352837; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=duN+f3czpfwxtbXpxPkmv+czpyMx6R4iirrOQpwzGI4=; b=fnjXceNu4foGBXEjyj/8ouOMPpFzI6RQGn6K0HG3z/bBhl2+4egBdJBD p3pM9iTjT7ZHeOte2dft8KIA67vgqNx3+LesdVK13Q7Z00G9obe+I+RvU NLOPuGHDw1SPSVHiq1e05KKvSMkIsnSfN00hR+WEB9fQzhyH/MExjNQDG E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DlAgCJHr9X/4UNJK1dgnYzAQEBAQEeVnyFTa1IhQiBfCSEHoFbAoFbOBQCAQEBAQEBAV4nhGEBAQUtTBACAQgRBAEBKAcyFAkIAgQOBYgyDr9jAQEBAQEBAQEBAQEBAQEBAQEBAQEBFwWIJgiCTYQSEQEGJBgQgneCLwWZSgGGH4MAhgaBbYRdiQeMQYN4AR42ghoXgUxwAYRhgh8BAQE
X-IronPort-AV: E=Sophos;i="5.28,576,1464652800"; d="scan'208,217";a="141851565"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 25 Aug 2016 16:40:36 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u7PGeaMG017778 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 25 Aug 2016 16:40:36 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 25 Aug 2016 11:40:35 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Thu, 25 Aug 2016 11:40:35 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Thread-Topic: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
Thread-Index: AQHR9NA4CHku5xpnb0Wx+Hz1v40PpaBGDGeAgAA+lwCAAAn1AIAEKdgAgAH3pgCAAcHfgIABdYgAgAADMICAAPbYAIAGuH0AgAAcCACAAGAdAIAAvucAgAAFvoCAABCsgIAAAW4AgAANBwCAABPxgP//wnaGgABVHYCAATnRgP//z5E9
Date: Thu, 25 Aug 2016 16:40:35 +0000
Message-ID: <2279C5E3-0D51-4631-AFC9-DAF05339D21D@cisco.com>
References: <92dcf2e0cf08452caa5861f7258ea6c5@XCH15-05-05.nw.nos.boeing.com> <201608121919.u7CJJqcS056876@givry.fdupont.fr> <c5303eef3c124228825f32a40f229107@XCH-ALN-003.cisco.com> <ccaff4d4cb5c4eefb05eee0660c2611c@XCH15-05-05.nw.nos.boeing.com> <f46aa91e4cfb41b29dd2d8186f5959f8@XCH-ALN-003.cisco.com> <ba1c8ff573d7466b8c437373e05f1023@XCH15-05-05.nw.nos.boeing.com> <b65e1dd66b634240b3ca164b2c04c20a@XCH15-05-05.nw.nos.boeing.com> <CAJE_bqfb5sxOpkTEXkwZXckKBWof7U1-W6EFzCHk7ijnMjpMMA@mail.gmail.com> <5ec83aaf4e76497aa4b4d465483bdcf5@XCH15-05-05.nw.nos.boeing.com> <CAJE_bqeKqEgLVC2ZZyUCjsrPP5_suRJ8en2NC+g13Q5PyQL1iw@mail.gmail.com> <30c9413c4662476096ef087ac88f6314@XCH-ALN-003.cisco.com> <dc9d2c300d574732a12f7f366f6223c0@XCH15-05-11.nw.nos.boeing.com> <3A5F0B79-8C76-4E82-97E9-FA63657DE6C3@cisco.com> <CAJ3w4NdjgVxvnvuaWjGM=qtOe0qUq4N96fVXsbNrf=YkhiABbQ@mail.gmail.com> <2f45b99b50f84b1280e92ad824e39e26@XCH15-05-05.nw.nos.boeing.com> <9E9A9543-ECB0-4D99-A00F-1AAD813B6522@fugue.com> <091180442e44490ba451874d1543f814@XCH15-05-05.nw.nos.boeing.com> <CAPt1N1=pD7TBrU_NnuyGz61+CiUVp0JiyLLfMUKTz_dgnO59QQ@mail.gmail.com> <AF387F3E-1B64-4E5D-BAF7-EB5BF3ED1EB4@cisco.com>, <55dcbc0cd1484fffa264b18b2fc3322c@XCH15-05-05.nw.nos.boeing.com> <122453F6-3987-46D4-89EB-84AF99402BC3@cisco.com> <dd827ec92b874ad8a188b17f44392c54@XCH15-05-05.nw.nos.boeing.com>, <438d610f19da4f7aa39fb70a7dc11513@XCH15-05-05.nw.nos.boeing.com>
In-Reply-To: <438d610f19da4f7aa39fb70a7dc11513@XCH15-05-05.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_2279C5E30D514631AFC9DAF05339D21Dciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/UzMCZZ27GdUyd00tDNUumuBaStQ>
Cc: dhcwg <dhcwg@ietf.org>, Ted Lemon <mellon@fugue.com>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Aug 2016 16:40:40 -0000

Please explain what else the relay needs to know.

- Bernie (from iPhone)

On Aug 25, 2016, at 9:34 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:

Hi, on further consideration RAAN options alone are not sufficient for my
needs. For my needs, the relay has to be able to inspect the contents of
both the client's messages to the server and the server's messages to
the client. And, it is about more than just IA_NA and IA_PD.

The use case is VPN clients connecting in to a secured home network then
using DHCPv6 to obtain prefixes and/or addresses. So, the client comes in
across a secured link where there is no concern for eavesdropping, but
the client still needs to prove to the server that it is authorized to receive
the requested addresses/prefixes.

In that case, when we can say that the link is secured against eavesdropping,
then there is a use case for authentication-only DHCPv6 security.

Thanks - Fred
fred.l.templin@boeing.com<mailto:fred.l.templin@boeing.com>

From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Templin, Fred L
Sent: Wednesday, August 24, 2016 12:51 PM
To: Bernie Volz (volz) <volz@cisco.com<mailto:volz@cisco.com>>
Cc: dhcwg <dhcwg@ietf.org<mailto:dhcwg@ietf.org>>; Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)

Can we dust this off and insert it back into the process?

Thanks - Fred

From: Bernie Volz (volz) [mailto:volz@cisco.com]
Sent: Wednesday, August 24, 2016 12:46 PM
To: Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>>
Cc: Ralph Droms (rdroms) <rdroms@cisco.com<mailto:rdroms@cisco.com>>; Ted Lemon <mellon@fugue.com<mailto:mellon@fugue.com>>; dhcwg <dhcwg@ietf.org<mailto:dhcwg@ietf.org>>
Subject: Re: [dhcwg] Citing 'draft-ietf-dhc-secdhcpv6' (rfc3315bis)

Note that latest version of that draft is https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-agentopt-delegate-04.

Also, 03 used the https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-srsn-option-02 draft to address out of order issues. Don't recall why 04 removed this and whether there were other issues still unresolved - though I think there were.

Sadly there is no change log to indicate changes made in each rev, so we will need to review the email dialog and meeting minutes around the time of these drafts to determine open issues & how to move forward. I think interest died because cable (cmts) just started to snoop the client packets. This actually doesn't resolve out of order issues, though I think those have not caused any known problems. So while in theory they could be, in practice they are not.
- Bernie (from iPhone)

On Aug 24, 2016, at 11:26 AM, Templin, Fred L <Fred.L.Templin@boeing.com<mailto:Fred.L.Templin@boeing.com>> wrote:
draft-draft-droms-dhc-dhcpv6-agentopt-delegate-00.txt