RE: [dhcwg] DHC WG charter
Ralph Droms <rdroms@cisco.com> Tue, 22 October 2002 15:09 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA21105 for <dhcwg-archive@odin.ietf.org>; Tue, 22 Oct 2002 11:09:30 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g9MFBJh19642 for dhcwg-archive@odin.ietf.org; Tue, 22 Oct 2002 11:11:19 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9MFBJv19639 for <dhcwg-web-archive@optimus.ietf.org>; Tue, 22 Oct 2002 11:11:19 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA21094 for <dhcwg-web-archive@ietf.org>; Tue, 22 Oct 2002 11:08:59 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9MF98v19534; Tue, 22 Oct 2002 11:09:08 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9MF8Zv19505 for <dhcwg@optimus.ietf.org>; Tue, 22 Oct 2002 11:08:35 -0400
Received: from funnel.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA20940 for <dhcwg@ietf.org>; Tue, 22 Oct 2002 11:06:15 -0400 (EDT)
Received: from rdroms-w2k.cisco.com (dhcp-128-107-133-128.cisco.com [128.107.133.128]) by funnel.cisco.com (8.8.5-Cisco.1/8.6.5) with ESMTP id LAA18449 for <dhcwg@ietf.org>; Tue, 22 Oct 2002 11:08:30 -0400 (EDT)
Message-Id: <4.3.2.7.2.20021022110632.00b8d320@funnel.cisco.com>
X-Sender: rdroms@funnel.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 22 Oct 2002 11:08:26 -0400
To: dhcwg@ietf.org
From: Ralph Droms <rdroms@cisco.com>
Subject: RE: [dhcwg] DHC WG charter
In-Reply-To: <A1DDC8E21094D511821C00805F6F706B0499F8D2@eamrcnt715.exu.er icsson.se>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
WG members - while I appreciate Bernie's encouragement, we *need* more diversity of opinion to form a healthy, effective charter. *Please* speak up. Bernie - I hadn't updated the charter, waiting (hoping) for additional WG input to minimize editing thrash. I will upload your text into the web site when I get a chance (some time today). - Ralph At 09:48 AM 10/22/2002 -0500, Bernie Volz (EUD) wrote: >Ralph: > >You guys appear to be doing rather well on your own! > >The current revised charter at the web site doesn't include any >recent changes. Using the discussion between Thomas and you, the >charter now looks more like the following? > >o Complete the specification of DHCP for IPv6 (DHCPv6): > - Gain acceptance and publication of the specification as a > Proposed Standard by [12/31/2002?] > - Encourage independent implementations and report on > interoperability testing > - Revise the specification and publish for acceptance as Draft > Standard by [9/30/2003?] >o RFC 3118 defines current security mechanisms for DHCP[v4?]. > Unfortunately, RFC 3118 has neither been implemented nor deployed > to date. There is widespread feeling that its current restriction > to manual keying of clients limits its deployability. It is the > goal of this WG to rectify this situation by defining extensions > that have better deployability properties. In order to achive this > goal, the WG will perform the following security-related tasks: > - Develop a threat model and analysis of the authentication > protection provided by RFC 3118 > - Improve key management and scalability > - Develop a means to secure messages passed between relay agents > and servers > - Develop a means to reduce the threats of DoS attacks through > FORCERENEW messages >o This WG also is responsible for reviewing (and sometimes > developing) DHC options (for both IPv4 and IPv6). The WG is > expected to review all proposed DHC options to ensure that they are > consistent with the DHC protocol, other option formats, that they > do not duplicate existing options, etc. The WG cannot (generally) > be responsible for evaluating the semantic content of proposed > options. Only subject matter experts for the technology the option > relates to can do so. The DHC WG will not adopt new DHC option > proposals as WG documents without first coordinating with other > relevant WGs and determining who has the responsibility for > reviewing the semantic content of an option. >o Complete the specification and publish the following work in progress > as standards: > (We need to include a list of the specific drafts, such as > - Failover protocol (draft-ietf-dhc-failover-*.txt) > - DHCP/DDNS interaction (draft-ietf-dhc-ddns-resolution-*.txt) > - Client FQDN option (draft-ietf-dhc-fqdn-option-*.txt) > ... > Do we want to include all of those at > <http://www.dhcp.org/dhcp-ids.html>http://www.dhcp.org/dhcp-ids.html > or just a subset? Should we perhaps not even add this item into > the list of tasks as the previous item (reviewing DHC options) > covers much of this work. We could instead include some of the > documents in the Milestones section with planned completion > dates. We may need to address non-option related documents > separately - such as Failover, SNMP MIB.) >o Write an analysis of the DHCP specification, including RFC213, > RFC2132 and other RFCs defining additional options, which > identifies ambiguities, contradictory specifications and other > obstacles to development of interoperable implementations. > Develop a process for resolving identified problems and > incorporating the resolutions into the DHCP specification, > perhaps by publishing an updated DHCP specification or a > clarifying document. > >- Bernie > >-----Original Message----- >From: Ralph Droms [<mailto:rdroms@cisco.com>mailto:rdroms@cisco.com] >Sent: Tuesday, October 22, 2002 9:19 AM >To: dhcwg@ietf.org >Subject: Re: [dhcwg] DHC WG charter > >WG members: > >We *require* input from WG members regarding the revision of the WG >charter. This is *not* a task for just the WG chair and the AD. > >Please review the current revised charter at ><http://www.dhcp.org/charter-update.html>http://www.dhcp.org/charter-update.html >and contribute to the discussion >thread. > >- Ralph > >At 04:02 PM 10/21/2002 -0400, Thomas Narten wrote: > >Hi Ralph. > > > > > > > * Develop a threat model and analysis of the authentication > > > > > protection provided by RFC3118; specific issues to be addressed > > > > > include: > > > > > - Improved key management and scalability > > > > > > > >Sounds here like your already jumping ahead to the requirements for > > > >new protocols. I.e., shouldn't this phase be focused on undertstanding > > > >limiations of the current mechanisms? Is this just a wording issue? > > > > > Perhaps it is a wording issue? s/include/might include/ ?? The > intended > > > purpose for the bullet list is to capture current "common knowledge" > about > > > the threat model and RFC3118. > > > >The word "improved" implies to me not analyzing/understanding the > >current systems, but jumping to the next steps of what is > >needed. Seems like the threat model/analysis should be focused on > >understanding the limitations and threats of what we have specified > >today. > > > >Having said that, I don't doubt that improvements are needed. :-) So > >this is a wording issue I think. > > > > > > > - Security for messages passed between relay agents and servers > > > > > - Threats of DoS attacks through FORCERENEW > > > > > > > > > * Develop requirements for any new protocols to address threats or > > > > > other enhancement identified by the threat model and analysis of > > > > > 3118 > > > > > > > >What's missing above is a clear statement that this WG will develop > > > >new authentication mechanisms that address the deployability problems > > > >with the current schemes (whether through an extension to 3118 or > > > >something else). Or that it will address the relay-agent to DHC server > > > >path. > > > > > Can you explain this comment in a different way, as it seems to be at > > > cross-purposes with your previous comment about "jumping ahead to the > > > requirements". I think we're in having a violent agreement that we > > want to > > > (a) get some DHCP authentication out to the client deployed and common > > > wisdom is that the best path is through new mechanisms in the RFC3118 > > > framework; and (b) secure communication between the DHCP relay agents > and > > > servers. > > > >Maybe what is needed is a context paragraph before the specific > >tasks. It could say something like: > > > > RFC 3118 defines current security mechanisms for DHCP. > > Unfortunately, RFC 3118 has neither been implemented nor deployed > > to date. There is widespread feeling that its current restriction > > to manual keying of clients limits its deployability. It is the > > goal of this WG to rectify this situation by defining extensions > > that have better deployability properties. In order to achive this > > goal, the WG will perform the following security-related tasks: > > > > [and then list specific items] > > > > > > > > > * Complete the specification of DHCP for IPv6 (DHCPv6): > > > > > - Gain acceptance and publication of current Internet Draft as > > > > > Proposed Standard > > > > > - Develop and publish specifications for options and other > > > > > extensions to DHCPv6, including those already published as > > > > > Internet Drafts > > > > > > > >General comment on options (both IPv4 and IPv6). I'd like the charter > > > >to clearly indicate that the DHC WG will be reviewing options to make > > > >sure they are consistent with the protocol, other option usages, etc. > > > > > The charter has a separate bullet item for review of options. Are you > > > suggesting that the bullet item be extended to include "consistent with > > the > > > protocol, other option usages, etc." as specific types of review? > > > >I think it would be useful to have more specific text that describes > >how (and when) options will be reviewed by the WG, and when they will > >be taken on by the WG. I.e, something like: > > > > This WG also is responsible for reviewing (and sometimes > > developing) DHC options (for both IPv4 and IPv6). The WG is > > expected to review all proposed DHC options to ensure that they are > > consistent with the DHC protocol, other option formats, that they > > do not duplicate existing options, etc. The WG cannot (generally) > > be responsible for evaluating the semantic content of proposed > > options. Only subject matter experts for the technology the option > > relates to can do so. The DHC WG will not adopt new DHC option > > proposals as WG documents without first coordinating with other > > relevant WGs and determining who has the responsibility for > > reviewing the semantic content of an option. > > > >I don't have a strong feeling about which WG owns a DHC option > >document (when the option is needed by another WG). So long as the two > >WGs coordinate, things should work out. But in anycase, the WG should > >sign off on all DHC options no later than (and hopefully much sooner > >than) IETF LC. But this level of detail can probably be left out of > >the charter and dealt with on a case-by-case basis. > > > > > >Also, I don't like the "other client and relay agent options" as it is > > > >too open ended. I think the WG needs a way of vetting potential > > > >options before the WG takes them on officially. > > > > > There are other options currently in the pipeline; this "other ... > > options" > > > bullet is intended to refer to those options that are "work in > > > progress". New work is intended to fall under the following bullet > > > item. > > > >The problem is that once the charter is out, there is no context for > >recalling which options were "in the pipeline" when the charter was > >written and which are new. Thus, it would probably be better to just > >list the IDs that the WG thinks it still has responsbility for. > > > >Thomas > >_______________________________________________ >dhcwg mailing list >dhcwg@ietf.org ><https://www1.ietf.org/mailman/listinfo/dhcwg>https://www1.ietf.org/mailman/listinfo/dhcwg > _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] DHC WG charter Ralph Droms
- RE: [dhcwg] DHC WG charter Bound, Jim
- RE: [dhcwg] DHC WG charter Bernie Volz (EUD)
- RE: [dhcwg] DHC WG charter Bound, Jim
- RE: [dhcwg] DHC WG charter Bernie Volz (EUD)
- Re: [dhcwg] DHC WG charter Thomas Narten
- RE: [dhcwg] DHC WG charter Richard Barr Hibbs
- Re: [dhcwg] DHC WG charter Ted Lemon
- RE: [dhcwg] DHC WG charter Richard Barr Hibbs
- Re: [dhcwg] DHC WG charter Ted Lemon
- RE: [dhcwg] DHC WG charter Bound, Jim
- Re: [dhcwg] DHC WG charter Ralph Droms
- RE: [dhcwg] DHC WG charter Bound, Jim
- RE: [dhcwg] DHC WG charter Bernie Volz (EUD)
- RE: [dhcwg] DHC WG charter Bound, Jim
- Re: [dhcwg] DHC WG charter Thomas Narten
- RE: [dhcwg] DHC WG charter Bound, Jim
- RE: [dhcwg] DHC WG charter Ralph Droms
- Re: [dhcwg] DHC WG charter Ralph Droms
- Re: [dhcwg] DHC WG charter Ralph Droms
- RE: [dhcwg] DHC WG charter Bernie Volz (EUD)
- RE: [dhcwg] DHC WG charter Ralph Droms
- RE: [dhcwg] DHC WG charter Bound, Jim
- Re: [dhcwg] DHC WG charter Thomas Narten
- RE: [dhcwg] DHC WG charter Bound, Jim
- Re: [dhcwg] DHC WG charter Ted Lemon
- Re: [dhcwg] DHC WG charter Ralph Droms
- RE: [dhcwg] DHC WG charter Bernie Volz (EUD)
- RE: [dhcwg] DHC WG charter Ralph Droms
- RE: [dhcwg] DHC WG charter Bound, Jim
- RE: [dhcwg] DHC WG charter Bernie Volz (EUD)