RE: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection
"Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se> Tue, 08 October 2002 18:17 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24931 for <dhcwg-archive@odin.ietf.org>; Tue, 8 Oct 2002 14:17:38 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g98IJHm21309 for dhcwg-archive@odin.ietf.org; Tue, 8 Oct 2002 14:19:17 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98IJHv21306 for <dhcwg-web-archive@optimus.ietf.org>; Tue, 8 Oct 2002 14:19:17 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24920 for <dhcwg-web-archive@ietf.org>; Tue, 8 Oct 2002 14:17:07 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98IH8v21240; Tue, 8 Oct 2002 14:17:08 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98IGwv21217 for <dhcwg@optimus.ietf.org>; Tue, 8 Oct 2002 14:16:58 -0400
Received: from imr1.ericy.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24836 for <dhcwg@ietf.org>; Tue, 8 Oct 2002 14:14:47 -0400 (EDT)
Received: from mr5.exu.ericsson.se (mr5u3.ericy.com [208.237.135.124]) by imr1.ericy.com (8.11.3/8.11.3) with ESMTP id g98IGqj08419; Tue, 8 Oct 2002 13:16:52 -0500 (CDT)
Received: from eamrcnt761.exu.ericsson.se (eamrcnt761.exu.ericsson.se [138.85.133.39]) by mr5.exu.ericsson.se (8.11.3/8.11.3) with ESMTP id g98IGqC21413; Tue, 8 Oct 2002 13:16:52 -0500 (CDT)
Received: by eamrcnt761.exu.ericsson.se with Internet Mail Service (5.5.2656.59) id <41PANK63>; Tue, 8 Oct 2002 13:16:52 -0500
Message-ID: <F9211EC7A7FED4119FD9005004A6C8700AAD90C4@eamrcnt723.exu.ericsson.se>
From: "Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se>
To: 'Thomas Narten' <narten@us.ibm.com>, Kim Kinnear <kkinnear@cisco.com>
Cc: rdroms@cisco.com, dhcwg@ietf.org
Subject: RE: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection
Date: Tue, 08 Oct 2002 13:16:51 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C26EF6.DF8CAC86"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Thomas: Perhaps I shouldn't raise this, but it seems like we should be worrying much more about security on the first hop (client <-> server/relay) than the relay <-> server hop. The latter is much easier to secure as IPsec, tunneling, and other fairly standard techniques could be used. Also, is the DHCPv6 draft strong enough in this area to satisfy the IESG (at least around the relay <-> server security)? - Bernie -----Original Message----- From: Thomas Narten [mailto:narten@us.ibm.com] Sent: Tuesday, October 08, 2002 1:50 PM To: Kim Kinnear Cc: rdroms@cisco.com; dhcwg@ietf.org Subject: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection Hi Kim. > I was trying to recover some lost ground and figure out where the > drafts which I am editing are in the process. The following mail > is the last on the subject of the subnet-selection sub-option > that I can find in my mail archives. This document is tied up in IESG unhappiness with the WGs dealing with security issues. Basically, the IESG thinks that the overall security model of relay agent option is rather inadequate (it assumes that the entire network from the relay agent to the DHC servers is trustable/secure). This is not a new issue; it was a concern back when the original relay agent option document was approved. However, the WG keeps sending new relay agent options to the IESG without also working on the security model. One thing that was pointed out was that other WGs have been told flat out "no approval until you get a realistic security story". So, the issue that was raised was why should the DHC WG be held to a lesser standard. What the IESG wants to see is a credible story for the WG will get deployable/useable DHC security. In the case of the relay agent option, the technical issues seem fairly straightforward. Because relay-agents need to be configured, and because relay agents only need to talk (securely) with DHC servers, the key distribution problem can be handled via static keys/configuration. Bottom line: the IESG wants an updated charter that has a reasonable story for getting better security, together with an indication that there is meat behind the wording (e.g., a draft, and/or a design team that includes security clueful folk, etc.) Thomas _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- RE: [dhcwg] status of draft-ietf-dhc-agent-subnet… Bernie Volz (EUD)
- Re: [dhcwg] status of draft-ietf-dhc-agent-subnet… Ted Lemon
- Re: [dhcwg] status of draft-ietf-dhc-agent-subnet… Ralph Droms
- RE: [dhcwg] status of draft-ietf-dhc-agent-subnet… Bernie Volz (EUD)
- Re: [dhcwg] status of draft-ietf-dhc-agent-subnet… Ted Lemon
- RE: [dhcwg] status of draft-ietf-dhc-agent-subnet… Ralph Droms
- Re: [dhcwg] status of draft-ietf-dhc-agent-subnet… Ralph Droms
- Re: [dhcwg] status of draft-ietf-dhc-agent-subnet… Mark Stapp
- RE: [dhcwg] status of draft-ietf-dhc-agent-subnet… Kostur, Andre