IETF Logo Mail Archive

Re: [dhcwg] seDHCPv6 update and next steps ...

"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 12 July 2017 20:48 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B7F51317C0 for <dhcwg@ietfa.amsl.com>; Wed, 12 Jul 2017 13:48:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yjVgZRYLueAN for <dhcwg@ietfa.amsl.com>; Wed, 12 Jul 2017 13:48:45 -0700 (PDT)
Received: from phx-mbsout-01.mbs.boeing.net (phx-mbsout-01.mbs.boeing.net [130.76.184.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABBD81317B7 for <dhcwg@ietf.org>; Wed, 12 Jul 2017 13:48:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v6CKmjS5018217; Wed, 12 Jul 2017 13:48:45 -0700
Received: from XCH15-06-11.nw.nos.boeing.com (xch15-06-11.nw.nos.boeing.com [137.136.239.220]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v6CKmZp9017754 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Wed, 12 Jul 2017 13:48:35 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-11.nw.nos.boeing.com (2002:8988:efdc::8988:efdc) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 12 Jul 2017 13:48:34 -0700
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1263.000; Wed, 12 Jul 2017 13:48:34 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Bernie Volz (volz)" <volz@cisco.com>, "draft-ietf-dhc-sedhcpv6@tools.ietf.org" <draft-ietf-dhc-sedhcpv6@tools.ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: seDHCPv6 update and next steps ...
Thread-Index: AdL7TPjzgLDuRsMjTzK32MYQ2IpqqAAAv6lw
Date: Wed, 12 Jul 2017 20:48:34 +0000
Message-ID: <a3d7522c763947a2916edfc461bf92af@XCH15-06-08.nw.nos.boeing.com>
References: <4775705423554cc39360724881251abe@XCH-ALN-003.cisco.com>
In-Reply-To: <4775705423554cc39360724881251abe@XCH-ALN-003.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: multipart/alternative; boundary="_000_a3d7522c763947a2916edfc461bf92afXCH150608nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/XW86peuLSlalowJ1UWgZh5kL4Fc>
Subject: Re: [dhcwg] seDHCPv6 update and next steps ...
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jul 2017 20:48:47 -0000

Hi Bernie,

Unfortunately, my plane does not arrive until ~16:00 CEST on Sunday. But, if
this work is going back to first principles I would like to express an interest in
an authentication-only mode of operation (i.e., no encryption). It would
avoid a "double-encryption" when encryption is already provided by the
link layer between the client and server (or first-hop relay) and there are
already other securing mechanisms in place between relays and servers.

Thanks - Fred


From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Bernie Volz (volz)
Sent: Wednesday, July 12, 2017 1:30 PM
To: draft-ietf-dhc-sedhcpv6@tools.ietf.org; dhcwg@ietf.org
Subject: [dhcwg] seDHCPv6 update and next steps ...

Hi:

There has been some discussion (most recently off the dhcwg mailing list) about the sedhcpv6 draft.

Previously, as discussed on the dhcwg mailing list a while back, there are some issues with the current draft (including the encryption issue; the key can't be used to encrypt more data than the size of the key). And, while some of the co-authors have communicated recently, others have been quiet and it is not clear what the level of interest for each is in continuing. This work has sadly had a long road with several turns already.

The discussion raised the question as to what the goals of this work should be. Some feel that we need to step back and first develop a "requirements document" to clearly detail what the goals of a securing DHCPv6 should be (for example, was the fairly recent push to add encryption appropriate?).

Thus, Tomek and I feel that it would be worth having an interested group meet before the IETF-99 DHC WG session (which is on Wednesday, 7/19 afternoon) to discuss this so that we could formulate a strategy. If you have interest, let us know. We propose to meet on Sunday at 14:00 (CEST) in Chez Louis (Hackathon) room - we can find a table there, or look for another place. (If there is remote participation interest, let us know and we'll see what we might be able to accommodate.)

We may also have extra time in the DHC WG session to discuss in detail there, but it could be helpful to have one or more proposals and, if we get the slides out quickly, give people some time to think about it before the WG session.


-          Bernie and Tomek

v2.23.0 | Report a Bug | By Email