[dhcwg] Comments on draft-jinmei-dhc-dhcpv6-clarify-auth-00
Christian Strauf <strauf@rz.tu-clausthal.de> Tue, 20 July 2004 14:43 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA24912; Tue, 20 Jul 2004 10:43:20 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Bmvh3-0003vN-JY; Tue, 20 Jul 2004 10:34:09 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1BmvX3-0000zC-4J for dhcwg@megatron.ietf.org; Tue, 20 Jul 2004 10:23:49 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA23286 for <dhcwg@ietf.org>; Tue, 20 Jul 2004 10:23:46 -0400 (EDT)
Received: from sinfonix.rz.tu-clausthal.de ([139.174.2.33]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1BmvX8-0000nY-85 for dhcwg@ietf.org; Tue, 20 Jul 2004 10:23:58 -0400
Received: from [139.174.2.206] (balrog.rz.tu-clausthal.de [139.174.2.206]) by sinfonix.rz.tu-clausthal.de (8.9.3/8.9.3) with ESMTP id QAA24940 for <dhcwg@ietf.org>; Tue, 20 Jul 2004 16:23:41 +0200 (MET DST)
From: Christian Strauf <strauf@rz.tu-clausthal.de>
To: dhcwg@ietf.org
Content-Type: text/plain
Organization: Rechenzentrum TU Clausthal
Message-Id: <1090333421.11056.266.camel@localhost>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6
Date: Tue, 20 Jul 2004 16:23:41 +0200
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
Content-Transfer-Encoding: 7bit
Subject: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-clarify-auth-00
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
Content-Transfer-Encoding: 7bit
Jinmei-san, here are my first comments on the I-D. My overall impression of the I-D is very good, it seems to include all the issues raised on the DHC-ML. All comments I have are mostly minor things like language and typos, not essential problems with the contents. I like the comment that you make in para 2.1 about not having a real "session" in stateless which is essentially a contradiction to "stateless" on one hand but on the other hand one obviously needs to strictly separate sessions that concern content transmitted via DHCP and sessions that concern the transmission itself. I think that your proposed rephrasing of Section 21.4.4.4 incorporates that nicely. I paragraph 4. you write: "A reasonable interpretation of the phrase is probably as follows: a DHCPv6 message is called unauthenticated when it fails the validation test described in Section 21.4.2, it does not contain an authentication option, or when it includes an authentication option but does not have authentication information when necessary." I would propose a minor rephrasing to clear the language up a little (if I understand the above paragraph correctly, the following rewording should work): "A reasonable interpretation of the phrase is as follows: a DHCPv6 message is called unauthenticated if it fails the validation test described in Section 21.4.2, if it does not contain an authentication option, or if it includes an authentication option without the necessary authentication information." I also like para 5.1. very much, especially the choice of highlighted keywords is very good. I second the idea of proposing a default policy of discarding non-authenticated messages. Minor typos: para 2.: -It should also be noted that [RFC3315] does not define how the server should do when it receives +It should also be noted that [RFC3315] does not define what the server should do when it receives para 3.: -3. What If Reply Is Detected +3. What If Replay Is Detected para 5.: -Apparently this contradicts with the requirement in Section 21.4.2. +Apparently this contradicts the requirement in Section 21.4.2. para 5.1.: -Accepting an non-authenticated +Accepting a non-authenticated Thank you for writing this I-D up, it summarises important DHCP authentication issues raised on the ML very well and gives the reader a good idea where there're gaps in the standard and where clarifications should be made. Additionally I think that this I-D is a good basis for any future BCP document regarding DHCPv6 deployments where authentication mechanisms are used. Cheers, Christian _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-clari… Christian Strauf
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… Stig Venaas
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… JINMEI Tatuya / 神明達哉
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… JINMEI Tatuya / 神明達哉
- RE: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… Bernie Volz
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… JINMEI Tatuya / 神明達哉
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… JINMEI Tatuya / 神明達哉