[dhcwg] Warren Kumari's Discuss on draft-ietf-dhc-mac-assign-06: (with DISCUSS and COMMENT)

Warren Kumari via Datatracker <noreply@ietf.org> Wed, 27 May 2020 20:26 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: dhcwg@ietf.org
Delivered-To: dhcwg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D46163A0B40; Wed, 27 May 2020 13:26:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Warren Kumari via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-dhc-mac-assign@ietf.org, dhc-chairs@ietf.org, dhcwg@ietf.org, Tomek Mrugalski <tomasz.mrugalski@gmail.com>, Ian Farrer <ianfarrer@gmx.com>, ianfarrer@gmx.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.1.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Warren Kumari <warren@kumari.net>
Message-ID: <159061117184.12588.3496366666468663429@ietfa.amsl.com>
Date: Wed, 27 May 2020 13:26:11 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/Yt5eLAz230gExndvmJJ7ucNYEW0>
Subject: [dhcwg] Warren Kumari's Discuss on draft-ietf-dhc-mac-assign-06: (with DISCUSS and COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 20:26:12 -0000

Warren Kumari has entered the following ballot position for
draft-ietf-dhc-mac-assign-06: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Be ye not afraid -- these should be easy to address.

I have some concerns about this document -- much of my unease isn't
specifically about the document itself, but rather the impact that deploying
this on a wide scale may create. Much of my concerns can probably be addressed
by sprinkling on some weasel-words / "you could shoot yourself in the foot if
not careful" language.

Unless I've horribly misunderstood, in the direct client mode, a device comes
up, connects to a switch and then changes its MAC address to the DHCP assigned
one. This may interact poorly with: a: switches with small CAM tables
(sometimes deployed in DCs) b: devices with configured maximum MACs per port,
common in enterprises (e.g:
) c: 802.1X (which is often configured to only allow a single MAC per interface
/ VLAN) d: switches which do things like DHCP snooping. Again, I do realize
that most of these issues are not directly the result of this technique, but
implementing / deploying this makes it more likely that devices will come up
with a temp address and then pivot to an assigned one, and I'd like to see some
operational warnings...


Thank you for writing this -- I *do* like this document, and agree that it
solves a real problem (e.g:
http://grouper.ieee.org/groups/802/PrivRecsg/email/msg00164.html ), but would
like to make sure that it is deployable without causing sadness...

I think it would be useful to also add some text around policy limits / DoS.
As examples, would you expect that this would be enabled on "regular" user
interfaces (e.g at my local coffee shop), or is it more designed for
datacenters and IoT VLANs? Either way, should a device be able to ask for
00:00:00:00:00:01 and 2^48-2 addresses? The document does say things like: "In
particular, the server may send a different starting address than requested, or
grant a smaller number of addresses than requested.", but it might be nice to
also include something like "implementations should allow configuration of the
maximum number of addresses to allocate" or something similar (yes, an attacker
could keep coming back and looking like a new device, but...)