IETF Logo Mail Archive

Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)

"Gaurav Halwasia (ghalwasi)" <ghalwasi@cisco.com> Wed, 12 September 2012 01:45 UTC

Return-Path: <ghalwasi@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F76421F855A for <dhcwg@ietfa.amsl.com>; Tue, 11 Sep 2012 18:45:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.744
X-Spam-Level:
X-Spam-Status: No, score=-9.744 tagged_above=-999 required=5 tests=[AWL=0.255, BAYES_00=-2.599, J_CHICKENPOX_72=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pdtmw-qLUywf for <dhcwg@ietfa.amsl.com>; Tue, 11 Sep 2012 18:45:33 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 14A6521F8555 for <dhcwg@ietf.org>; Tue, 11 Sep 2012 18:45:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1826; q=dns/txt; s=iport; t=1347414333; x=1348623933; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=BpLq49PiMnOickpxWp40FgR217m8PuVaXrBZnOH4pvU=; b=IxtxKy1Fq4I+TGc018XWfpsJYhdz6SWzPq+EXwSuLsEeuj9AOqXD7HT+ RSZVHnUvG5DwtWb6+P9/jeiRvOJfjW8h85YVYI1oLN1cHjyov9jJ26LEr V5dqVIBEhfiO8aNzLvieA4IgUtQ/+84aJcv2QZ3cJxnoAuW3mgWWDwIJM w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAJjoT1CtJXHA/2dsb2JhbABFu1WBB4IgAQEBBBIBJz8MBAIBCBEEAQELFAkHMhQJCAIEAQ0FCBqHa5tMoF2LEIViYAOkFYFpgmaCFw
X-IronPort-AV: E=Sophos;i="4.80,407,1344211200"; d="scan'208";a="120404292"
Received: from rcdn-core2-5.cisco.com ([173.37.113.192]) by rcdn-iport-1.cisco.com with ESMTP; 12 Sep 2012 01:45:32 +0000
Received: from xhc-rcd-x06.cisco.com (xhc-rcd-x06.cisco.com [173.37.183.80]) by rcdn-core2-5.cisco.com (8.14.5/8.14.5) with ESMTP id q8C1jWCO030816 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 12 Sep 2012 01:45:32 GMT
Received: from xmb-rcd-x06.cisco.com ([169.254.6.230]) by xhc-rcd-x06.cisco.com ([173.37.183.80]) with mapi id 14.02.0298.004; Tue, 11 Sep 2012 20:45:32 -0500
From: "Gaurav Halwasia (ghalwasi)" <ghalwasi@cisco.com>
To: Ted Lemon <Ted.Lemon@nominum.com>, "<curtis@occnc.com>" <curtis@occnc.com>
Thread-Topic: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
Thread-Index: AQHNkE8ckuiEXtYUDkaNnWZTSjI1wpeF7kOA////THA=
Date: Wed, 12 Sep 2012 01:45:30 +0000
Message-ID: <90903C21C73202418A48BFBE80AEE5EB19241E49@xmb-rcd-x06.cisco.com>
References: <201209111856.q8BIuCJS024680@gateway1.orleans.occnc.com> <5F1BEB17-0FC5-4C84-A189-90BFBE868D7B@nominum.com>
In-Reply-To: <5F1BEB17-0FC5-4C84-A189-90BFBE868D7B@nominum.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.81.193]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19178.000
x-tm-as-result: No--32.345600-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2012 01:45:33 -0000

Hi Ted,

Thanks for your comments.

I am talking about a deployment where we do create *session* database for hosts either based upon DHCP packet (Discover) or the normal IP packet in case few of the hosts has not done DHCP but instead has just DONE DHCP INFORM to get the config parameters. So in this kind of deployment we do anyways maintain the session(or binding in terms of DHCP) database on the box. Having said that I don't think storing client information is a problem (at least in this deployment). The only extra thing which we would need to store is a 'nonce'. 
So I think it will be really useful to have nonce in INFORM-ACK callflow as it will also help in the usability of Forcerenew as per 6704.

Thanks,
Gaurav 

-----Original Message-----
From: Ted Lemon [mailto:Ted.Lemon@nominum.com] 
Sent: Wednesday, September 12, 2012 2:09 AM
To: <curtis@occnc.com>
Cc: Gaurav Halwasia (ghalwasi); dhcwg@ietf.org
Subject: Re: [dhcwg] Reg RFC6704 (Forcerenew Nonce Authentication)

I didn't say that FORCERENEW for DHCPINFORM clients was hard.   I said it would impact performance.   We would go from DHCPINFORM being a lightweight read-only operation to a heavyweight read/write operation.   I guess we could forgo the sync-before-ack logic of stateful DHCP, but this would add a lot of complexity to a performance-critical code section.

So yeah, from an implementation point of view, I don't really like this idea.   It seems trivial until you think about the impact it has either on performance or on implementation complexity.   If there's strong demand for it with a clear use case, then I think that's fine.    I wasn't able to tease one out of your rather dense message-could you try to state your use case in a short paragraph or two?

v2.23.0 | Report a Bug | By Email