Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt
Paul Duffy <paduffy@cisco.com> Wed, 23 April 2003 20:02 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA04725 for <dhcwg-archive@odin.ietf.org>; Wed, 23 Apr 2003 16:02:50 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h3NK57H26270 for dhcwg-archive@odin.ietf.org; Wed, 23 Apr 2003 16:05:07 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3NK57826267 for <dhcwg-web-archive@optimus.ietf.org>; Wed, 23 Apr 2003 16:05:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA04691 for <dhcwg-web-archive@ietf.org>; Wed, 23 Apr 2003 16:02:19 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 198QTv-00073S-00 for dhcwg-web-archive@ietf.org; Wed, 23 Apr 2003 16:04:39 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 198QTv-00073P-00 for dhcwg-web-archive@ietf.org; Wed, 23 Apr 2003 16:04:39 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3NK2w826120; Wed, 23 Apr 2003 16:02:58 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h3NK0T825933 for <dhcwg@optimus.ietf.org>; Wed, 23 Apr 2003 16:00:29 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA04429 for <dhcwg@ietf.org>; Wed, 23 Apr 2003 15:57:42 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 198QPS-00070O-00 for dhcwg@ietf.org; Wed, 23 Apr 2003 16:00:02 -0400
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by ietf-mx with esmtp (Exim 4.12) id 198QPR-00070D-00 for dhcwg@ietf.org; Wed, 23 Apr 2003 16:00:01 -0400
Received: from funnel.cisco.com (funnel.cisco.com [161.44.168.79]) by rtp-core-1.cisco.com (8.12.6/8.12.6) with ESMTP id h3NJxtlY029283; Wed, 23 Apr 2003 15:59:56 -0400 (EDT)
Received: from paduffy-w2k.cisco.com (ch2-dhcp150-106.cisco.com [161.44.150.106]) by funnel.cisco.com (8.8.5-Cisco.1/8.6.5) with ESMTP id PAA12360; Wed, 23 Apr 2003 15:59:55 -0400 (EDT)
Message-Id: <4.3.2.7.2.20030423155349.01769d40@funnel.cisco.com>
X-Sender: paduffy@funnel.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 23 Apr 2003 15:59:54 -0400
To: Thomas Narten <narten@us.ibm.com>
From: Paul Duffy <paduffy@cisco.com>
Subject: Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt
Cc: dhcwg@ietf.org
In-Reply-To: <200304231936.h3NJaeDN014292@rotala.raleigh.ibm.com>
References: <Message from paduffy@cisco.com of "Wed, 23 Apr 2003 15:26:20 EDT." <4.3.2.7.2.20030423151100.026384e8@funnel.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
...inline... At 03:36 PM 4/23/2003 -0400, Thomas Narten wrote: >Hi Paul. > > > > > Code Len TCM > > > > +-----+-----+-----+-----+ > > > > | TBD | 2 | m1 | m2 | > > > > +-----+-----+-----+-----+ > > > > > >It might be better to not have m1/m2, since the text talks about a > > >single 16-bit field rather than two smaller fields. > > > The format is consistent with the formats presented in RFC 3495 (sections > > 8.3, 8.4, etc.). > >I guess we need to revise them and republish. :-) > > > I'm not sure what you are driving at. Suggestions? > >THis is relatively minor thing, but since the field is 16-byte field, >it seems better to show it that way then to divide it up into >individual bytes. > >Just change the picture to something like: > > Code Len TCM > +-----+-----+-----+-----+ > | TBD | 2 | TC Mask | > +-----+-----+-----+-----+ I'd much prefer leaving this as it is...its perfectly consistent with its parent RFC (3495). IP addresses are also multi octet quantities...they are handled in a similar manner (not lumped into a single field). OK ? > > > > 5. IANA Considerations > > > > > >what about future assignments of bit values? > > > Yes, needs to be added. How about... > > > "IANA is requested to maintain a new number space of "CableLabs Client > > Configuration Option Ticket Control Mask Bit Definitions", located in the > > BOOTP-DHCP Parameters Registry. The initial bit definitions are described > > in section 4 of this document. IANA is requested to register future bit > > mask definitions via an "IETF Consensus" approval policy as described in > > RFC 2434 [add ref}." > >works for me. OK > > > > However, the scenario described above is unlikely to occur. > > > > Within the cable delivery architecture required by the various > > > > CableLabs projects, the DHCP client is connected to a network > > > > through a cable modem and the CMTS (head-end). The CMTS is > > > > explicitly configured with a set of DHCP servers to which DHCP > > > > requests are forwarded. Further, a correctly configured CMTS > > > > will only allow downstream traffic from specific IP > > > > addresses/ranges. > > > > > >Could be more clear. I don't follow the last sentence, for example. > > > Last sentence change to... > > > "Further, the CMTS is explicitly configured to allow downstream traffic > > only from specific IP addresses/ranges." > >I don't follow the overall discussion to be honest. When clients are >using DHC, they don't have addresses yet. So what addresses are being >filtered? ANd how does this filtering prevent spoofing of DHC >responses? > >Are you saying that the CMTS verifies that all traffic supposedly >coming from a DHC server comes from a proper IP address (i.e., one >assigned ot a server?). That offers some protection. Yes >But what about >packets from spoofed addresses that correspond to DHC server >addresses? AFAIK, we are vulnerable. > > P.S. Should I hold the next draft until after IESG LC ? > >Sounds reasonable. OK >Thomas -- Paul Duffy Cisco Systems, Inc. paduffy@cisco.com _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Thomas Narten
- Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Paul Duffy
- Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Thomas Narten
- Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Paul Duffy
- Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Bud Millwood
- Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Paul Duffy
- Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Bud Millwood
- Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Ralph Droms
- Re: [dhcwg] draft-ietf-dhc-pktc-kerb-tckt-01.txt Christopher Zydel