RE: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection

"Bernie Volz (EUD)" <> Tue, 08 October 2002 18:17 UTC

Received: from ( [] (may be forged)) by (8.9.1a/8.9.1a) with ESMTP id OAA24931 for <>; Tue, 8 Oct 2002 14:17:38 -0400 (EDT)
Received: (from mailnull@localhost) by (8.11.6/8.11.6) id g98IJHm21309 for; Tue, 8 Oct 2002 14:19:17 -0400
Received: from ( []) by (8.11.6/8.11.6) with ESMTP id g98IJHv21306 for <>; Tue, 8 Oct 2002 14:19:17 -0400
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id OAA24920 for <>; Tue, 8 Oct 2002 14:17:07 -0400 (EDT)
Received: from (localhost.localdomain []) by (8.11.6/8.11.6) with ESMTP id g98IH8v21240; Tue, 8 Oct 2002 14:17:08 -0400
Received: from ( []) by (8.11.6/8.11.6) with ESMTP id g98IGwv21217 for <>; Tue, 8 Oct 2002 14:16:58 -0400
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id OAA24836 for <>; Tue, 8 Oct 2002 14:14:47 -0400 (EDT)
Received: from ( []) by (8.11.3/8.11.3) with ESMTP id g98IGqj08419; Tue, 8 Oct 2002 13:16:52 -0500 (CDT)
Received: from ( []) by (8.11.3/8.11.3) with ESMTP id g98IGqC21413; Tue, 8 Oct 2002 13:16:52 -0500 (CDT)
Received: by with Internet Mail Service (5.5.2656.59) id <41PANK63>; Tue, 8 Oct 2002 13:16:52 -0500
Message-ID: <>
From: "Bernie Volz (EUD)" <>
To: 'Thomas Narten' <>, Kim Kinnear <>
Subject: RE: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection
Date: Tue, 08 Oct 2002 13:16:51 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C26EF6.DF8CAC86"
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <>, <>
List-Id: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>


Perhaps I shouldn't raise this, but it seems like we should be worrying much
more about security on the first hop (client <-> server/relay) than the
relay <-> server hop. The latter is much easier to secure as IPsec, tunneling,
and other fairly standard techniques could be used.

Also, is the DHCPv6 draft strong enough in this area to satisfy the IESG (at
least around the relay <-> server security)?

- Bernie

-----Original Message-----
From: Thomas Narten []
Sent: Tuesday, October 08, 2002 1:50 PM
To: Kim Kinnear
Subject: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection

Hi Kim.

> I was trying to recover some lost ground and figure out where the
> drafts which I am editing are in the process.  The following mail
> is the last on the subject of the subnet-selection sub-option
> that I can find in my mail archives.

This document is tied up in IESG unhappiness with the WGs dealing with
security issues. Basically, the IESG thinks that the overall security
model of relay agent option is rather inadequate (it assumes that the
entire network from the relay agent to the DHC servers is
trustable/secure). This is not a new issue; it was a concern back when
the original relay agent option document was approved. However, the WG
keeps sending new relay agent options to the IESG without also working
on the security model.

One thing that was pointed out was that other WGs have been told flat
out "no approval until you get a realistic security story". So, the
issue that was raised was why should the DHC WG be held to a lesser

What the IESG wants to see is a credible story for the WG will get
deployable/useable DHC security. In the case of the relay agent
option, the technical issues seem fairly straightforward. Because
relay-agents need to be configured, and because relay agents only need
to talk (securely) with DHC servers, the key distribution problem can
be handled via static keys/configuration.

Bottom line: the IESG wants an updated charter that has a reasonable
story for getting better security, together with an indication that
there is meat behind the wording (e.g., a draft, and/or a design team
that includes security clueful folk, etc.)

dhcwg mailing list