Re: [dhcwg] light review of draft-ietf-dhc-sedhcpv6 and helpful suggestion

Michael Richardson <mcr+ietf@sandelman.ca> Tue, 18 April 2017 15:19 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91D52128CDB for <dhcwg@ietfa.amsl.com>; Tue, 18 Apr 2017 08:19:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOcP7GXizn7R for <dhcwg@ietfa.amsl.com>; Tue, 18 Apr 2017 08:19:20 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03409128B91 for <dhcwg@ietf.org>; Tue, 18 Apr 2017 08:19:20 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id CF080203CA; Tue, 18 Apr 2017 11:44:22 -0400 (EDT)
Received: from obiwan.sandelman.ca (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id DB30D636BB; Tue, 18 Apr 2017 11:19:18 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
cc: "\<dhcwg\@ietf.org\>" <dhcwg@ietf.org>
In-Reply-To: <CAHbuEH7ymFOtU7HBz3FgsrBQmwaxFwm8gU=b3xye1-T0SiOGxw@mail.gmail.com>
References: <CAHbuEH7ymFOtU7HBz3FgsrBQmwaxFwm8gU=b3xye1-T0SiOGxw@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature"
Date: Tue, 18 Apr 2017 11:19:18 -0400
Message-ID: <5298.1492528758@obiwan.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/aULV7stxkKpOmSsskxtI_SgdFs4>
Subject: Re: [dhcwg] light review of draft-ietf-dhc-sedhcpv6 and helpful suggestion
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Apr 2017 15:19:22 -0000

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote:
    > Michael Richardson is an author on the draft:
    > https://tools.ietf.org/html/draft-richardson-ipsec-opportunistic-17

    > documenting the OS IPsec implementation for the Linux FreeS/WAN
    > project.

it is RFC4322 actually.

We also tried to use DHCP(v4) to bootstrap IPsec for the last mile.
We didn't try to use IPsec to secure DHCP, but the mechanism that we
used would have permitted some interesting post-IP-address assignment
to work.

I haven't read dhc-sedhcpv6, but I might find time to do that so that
I understand the problem.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-