Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
"Bernie Volz (volz)" <volz@cisco.com> Wed, 12 September 2012 02:56 UTC
Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8FE321E804A for <dhcwg@ietfa.amsl.com>; Tue, 11 Sep 2012 19:56:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Level:
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_72=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zs9RjbMkjsuv for <dhcwg@ietfa.amsl.com>; Tue, 11 Sep 2012 19:56:57 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id DD37221E8048 for <dhcwg@ietf.org>; Tue, 11 Sep 2012 19:56:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3008; q=dns/txt; s=iport; t=1347418617; x=1348628217; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=LuYH2XC2+oq+/ibjyBi2mYiOxsaIukrBWQ1MsQjm+Uk=; b=kjcIL+6QO+kQE0EfeMtfjRZeYd4DMYTLUglo5ZzckzO2BbUWh/EWhptq fgrfLWoJtjARsabfLdbWyYo1gUJF5wqJ9jxe9aHkEjJXTwIgEz5l9aiyU eHIjBGfM2VNmjeDtAPaj4AhCNh0lrMIBzCCHCdOSeknrG5Vg1bODyZtiv A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAFj5T1CtJV2c/2dsb2JhbABFu1aBB4IgAQEBBAEBAQ8BWwsMBgEIEQQBASguCxQJCAIEAQ0FIodrC5tIoFUEixCGQgOVX442gWmCZoIX
X-IronPort-AV: E=Sophos;i="4.80,407,1344211200"; d="scan'208";a="120677356"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by rcdn-iport-4.cisco.com with ESMTP; 12 Sep 2012 02:56:56 +0000
Received: from xhc-aln-x14.cisco.com (xhc-aln-x14.cisco.com [173.36.12.88]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id q8C2uth2006737 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 12 Sep 2012 02:56:55 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.159]) by xhc-aln-x14.cisco.com ([173.36.12.88]) with mapi id 14.02.0318.001; Tue, 11 Sep 2012 21:56:55 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "Gaurav Halwasia (ghalwasi)" <ghalwasi@cisco.com>, Ted Lemon <Ted.Lemon@nominum.com>, "<curtis@occnc.com>" <curtis@occnc.com>
Thread-Topic: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
Thread-Index: AQHNkE8ckuiEXtYUDkaNnWZTSjI1wpeF7kOA////THCAACcbAA==
Date: Wed, 12 Sep 2012 02:56:54 +0000
Message-ID: <CC756F01.221C%volz@cisco.com>
In-Reply-To: <90903C21C73202418A48BFBE80AEE5EB19241E49@xmb-rcd-x06.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.3.120616
x-originating-ip: [10.86.250.25]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19178.000
x-tm-as-result: No--47.792700-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <A2100480D5AF91429E9784957FCE47C1@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2012 02:56:57 -0000
Just to extend Ted's comments a bit - one issue is how long does the server keep the information for the Inform only clients. When the reconfigure-key is associated with a lease, we have a lease time; there is no such item for Inform. This could be tied to draft-halwasia-dhc-inform-refresh-time-opt (obviously it should be kept longer than the refresh time), but that work might also reduce the need for this -- at least it bounds the period where information may be stale. While in theory having Reconfigure for Inform isn't a bad concept, it just strikes me as overkill - do we really have a problem? Especially for IPv4 which we hope deprecate. I'm also not sure how many clients do just Informs Š yes, there are lots of clients that do send Informs but they've usually also done Discover/... It is interesting that RFC 3315 accommodates Information-Request; not sure why RFC 6704 didn't - I would guess because RFC 3318 didn't. - Bernie On 9/11/12 9:45 PM, "Gaurav Halwasia (ghalwasi)" <ghalwasi@cisco.com> wrote: >Hi Ted, > >Thanks for your comments. > >I am talking about a deployment where we do create *session* database for >hosts either based upon DHCP packet (Discover) or the normal IP packet in >case few of the hosts has not done DHCP but instead has just DONE DHCP >INFORM to get the config parameters. So in this kind of deployment we do >anyways maintain the session(or binding in terms of DHCP) database on the >box. Having said that I don't think storing client information is a >problem (at least in this deployment). The only extra thing which we >would need to store is a 'nonce'. >So I think it will be really useful to have nonce in INFORM-ACK callflow >as it will also help in the usability of Forcerenew as per 6704. > >Thanks, >Gaurav > >-----Original Message----- >From: Ted Lemon [mailto:Ted.Lemon@nominum.com] >Sent: Wednesday, September 12, 2012 2:09 AM >To: <curtis@occnc.com> >Cc: Gaurav Halwasia (ghalwasi); dhcwg@ietf.org >Subject: Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication) > >I didn't say that FORCERENEW for DHCPINFORM clients was hard. I said it >would impact performance. We would go from DHCPINFORM being a >lightweight read-only operation to a heavyweight read/write operation. >I guess we could forgo the sync-before-ack logic of stateful DHCP, but >this would add a lot of complexity to a performance-critical code section. > >So yeah, from an implementation point of view, I don't really like this >idea. It seems trivial until you think about the impact it has either >on performance or on implementation complexity. If there's strong >demand for it with a clear use case, then I think that's fine. I >wasn't able to tease one out of your rather dense message-could you try >to state your use case in a short paragraph or two? > >_______________________________________________ >dhcwg mailing list >dhcwg@ietf.org >https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Reg RFC6704 (Forcerenew Nonce Authenticat… Gaurav Halwasia (ghalwasi)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Ted Lemon
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Ted Lemon
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Curtis Villamizar
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Curtis Villamizar
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Gaurav Halwasia (ghalwasi)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Gaurav Halwasia (ghalwasi)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Ted Lemon
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Bernie Volz (volz)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Bernie Volz (volz)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Gaurav Halwasia (ghalwasi)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Bernie Volz (volz)
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Ted Lemon
- Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authent… Curtis Villamizar