Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by September 13, 2023
Ole Trøan <otroan@employees.org> Tue, 12 September 2023 06:09 UTC
Return-Path: <otroan@employees.org>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0928DC151983 for <dhcwg@ietfa.amsl.com>; Mon, 11 Sep 2023 23:09:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.214
X-Spam-Level:
X-Spam-Status: No, score=-1.214 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=employees.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 60O-dXGURy6a for <dhcwg@ietfa.amsl.com>; Mon, 11 Sep 2023 23:09:45 -0700 (PDT)
Received: from proxmox01.kjsl.com (proxmox01.kjsl.com [204.87.183.6]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FDBFC151995 for <dhcwg@ietf.org>; Mon, 11 Sep 2023 23:09:45 -0700 (PDT)
Received: from proxmox01.kjsl.com (localhost.localdomain [127.0.0.1]) by proxmox01.kjsl.com (Proxmox) with ESMTP id 88980E1CC9; Tue, 12 Sep 2023 06:09:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=employees.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:from:from:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=prox2023; bh=iUptTt9DSpG/Cgk+ Igk6uFywVuFM/9k5ScEgokaSKU0=; b=J7qJfaLjfv561PxxUPRY03SANSJXdmCA I2j6YBYGg6JgKE2XSkB+80NdrxmpUAnxbYpOs2bsNV9G53laDxxjWUxZiPm3qm8B tKwC+CuUt1Gs7g4fTPpZP+8G5RYZF3/ZBTaWRDvIzYoXSQqU++gXMiZ34QfkpdLj /V6urKdXznnaQLGf0hK3QY5eGF72JpifKeUgBuyCmm45vlDTM4HtqyHXdhsPbOUq MsTvaIyXNa9cwtC1TPczzFxBaJsJQljGVWxxNXZVY7z9Sb9zVJyE9DcI/IYA2X1x kCJzHHLy76BrqgwoovH/I0kDWqYxMmIGor+Fev29NlpGLXB32vDdkw==
Received: from clarinet.employees.org (clarinet.employees.org [IPv6:2607:7c80:54:3::74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by proxmox01.kjsl.com (Proxmox) with ESMTPS id 678E9E1AF3; Tue, 12 Sep 2023 06:09:44 +0000 (UTC)
Received: from smtpclient.apple (ti0389q160-4360.bb.online.no [82.164.52.60]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by clarinet.employees.org (Postfix) with ESMTPSA id 1A35F4E11A51; Tue, 12 Sep 2023 06:09:44 +0000 (UTC)
Content-Type: multipart/alternative; boundary="Apple-Mail-92F2E8DA-F47D-4DD2-8709-1DA28046A75B"
Content-Transfer-Encoding: 7bit
From: Ole Trøan <otroan@employees.org>
Mime-Version: 1.0 (1.0)
Date: Tue, 12 Sep 2023 08:09:30 +0200
Message-Id: <9B1FB9BF-6371-481E-865C-E0E39B2F8E65@employees.org>
References: <CAKD1Yr3vswX-+aPeNxFGjDLNh6tUxE507wC380UdMe4RdZzbEQ@mail.gmail.com>
Cc: Ole Trøan <otroan=40employees.org@dmarc.ietf.org>, dhcwg <dhcwg@ietf.org>
In-Reply-To: <CAKD1Yr3vswX-+aPeNxFGjDLNh6tUxE507wC380UdMe4RdZzbEQ@mail.gmail.com>
To: Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>
X-Mailer: iPhone Mail (20G81)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/W0zPf0D4MCNlc1jpjrMD_spR-xU>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by September 13, 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Sep 2023 06:09:49 -0000
On 12 Sep 2023, at 02:57, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org> wrote:
IPv6 host configuration behavior is already complicated. This proposal adds yet another dimension. With any new mechanism, there’s the issue of how to deal with legacy hosts. The document appears silent on this.There is nothing we can do about legacy hosts obviously. The security considerations section says this message is optional and that networks cannot rely on it because the device might not send it or the message might be lost. But it will work well in an environment where the operator controls the devices. How about tweaking the existing text in section 6 to clarify?====On its own, it is not intended to be a strong security access mechanism and networks cannot rely on its use unless they control the devices that connect to the network.====The proposal seems to suggest that hosts should always try to register their addresses. With hand wavy text suggesting it should be possible to disable. Are we now going to see yet another flag in RA’s asking hosts to be quiet? Should it really be enabled by default?There is already a control mechanism: hosts will not send these packets if the M and O bits are set to 0. So if there is no DHCPv6 server on link, the hosts will be quiet.
If the server supports the new packet type, then the additional traffic caused by hosts implementing this proposal is similar to the additional traffic that hosts would cause if they implemented stateful DHCPv6. If hosts only register one address this proposal causes less traffic, because refreshes are recommended at 80% lifetime instead of the 50% lifetime recommended by RFC 8415. (If the DHCPv6 server doesn't support rapid commit, then this proposal is much cheaper because stateful DHCPv6 is a four-packet exchange but this is just two.) If the client registers two addresses (one stable and one privacy), and the server does support rapid commit, it's a bit more.There will be more traffic if there are clients that implement this proposal but servers have not been updated to send the required reply message. Once this specification is published, we expect servers to implement this message because it is extremely simple for a server to do so (basically, just look at the packet, and log the contents). It's possible toThe draft seems to be silent about the elephant in the room. The problem the draft seems to solve is already perfectly solved by normal DHCPv6 address assignment. Which is already widely implemented and deployed.It's true that DHCPv6 is widely implemented, but on the other hand, this proposal is more suited to many networks than stateful DHCPv6. Many networks (pretty much all networks serving clients, actually) don't really need stateful address allocation, they just need the ability to do forensics and know which devices were using which addresses. This proposal is much simpler than stateful DHCPv6 - RFC 8415 is 154 pages long and this is just a handful. Also, DHCPv6 is very hard to use correctly in networks that can be renumbered such as home networks or mobile hotspots, because updates require the client to ask again and reconfigure is very difficult to deploy.Finally- we need a way to provide forensic abilities for SLAAC addresses. The IETF does not recommend running DHCPv6-only networks for general purpose devices (RFC 7934 section 8.2), so SLAAC will be in use even on networks that support stateful DHCPv6 (e.g., because implementations will use privacy addresses in preference to DHCPv6 addresses). Network operators that want to track usage of SLAAC addresses don't have a tool to do so, and that is a gap in the IPv6 deployment story that we are trying to fill.
- [dhcwg] WGLC for draft-ietf-dhc-addr-notification… Timothy Winters
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Erik Kline
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Michael Richardson
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… David Farmer
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Li HUANG
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Lorenzo Colitti
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Jen Linkova
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… David Farmer
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Bernie Volz
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Nick Buraglio
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Timothy Winters
- [dhcwg] Fwd: WGLC for draft-ietf-dhc-addr-notific… Li HUANG
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Trøan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Li HUANG
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Timothy Winters
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Mark Smith
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… David Farmer
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Ole Troan
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Alan DeKok
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… rob@deepdivenetworklng.com
- Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notifica… Nick Buraglio