Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-10.txt
神明達哉 <jinmei@wide.ad.jp> Fri, 26 February 2016 17:40 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F4261B2BE4; Fri, 26 Feb 2016 09:40:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6jVyXIlTO8O; Fri, 26 Feb 2016 09:40:42 -0800 (PST)
Received: from mail-io0-x230.google.com (mail-io0-x230.google.com [IPv6:2607:f8b0:4001:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 498E21B2BE0; Fri, 26 Feb 2016 09:40:42 -0800 (PST)
Received: by mail-io0-x230.google.com with SMTP id l127so129093225iof.3; Fri, 26 Feb 2016 09:40:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=/0GifQYaTzqfBTmDqMkUCnAvRC6E3w4cpdQZjG2z3+0=; b=OkIYZ+CS2EvPimS14TXsXOksh8njXj3kQgYDBPRR2zMi5rharmLjBrGDwtMICwHwgl 9Be2XOgQ+RCBB5FMWVJRVVv54VQu0m0F9oHWBQKrGbDbxzds0r4t9YqkfSVkTsvMlECo wQdNr2FUK5LnfcrrPOvVCht5RHcmbtuMq2CX90Qaj/BCL/gHYWguIDuk57+TyyZ/DhbY EfrbPtfDaxLwmh4a5kuk5WXUYClyNcsYlJsKDywCVBGelYtmB9MChqb43ZLoXX8KF1MK DKFvAcrY90FSb54ZYulYVjfEMU9R69882gx6p2kWpZAjMjIi6WJhFuicEnpSuZKq6+Zc hREQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=/0GifQYaTzqfBTmDqMkUCnAvRC6E3w4cpdQZjG2z3+0=; b=ILFnMaGO3uCT2iTEURn9+DBq6CYX3GzMirp7HJRaIqZQ2RUQ1191K4aZk6pFaZRwDf kpf9oEbVylOPIA5TlpMk1IbaXMQWvZxEBUjN3liLpO2zEZyogQf/iJ2PVWPYtbl3VFHO N3Lkil90/Ks07OIvCKYvAIbaL3vqcrkrc1YwYpQSyi5GzLVUA9Lkmv+UQTuJ4pCnPSkB mwQbEr0DK4mZFyUwEV4cYca08lzQR/e0Otr5aRDFNns8WHH140EiEkq8hUESgFSQKltJ rQOzY9RSPYPvk8/9c+JHi7Z8RhJoGs4dkyBphWWVS5UFcKT5f+rIG3SRjVugWmwGR3+U BsQQ==
X-Gm-Message-State: AG10YOTnr2E+dTghrfjXonlq/0kFOFWDP6VjbRZjoeuRNFv5EGn6qCWBj9JhjHzDIGiOiBGthWhjRWtG5CBIbA==
MIME-Version: 1.0
X-Received: by 10.107.137.142 with SMTP id t14mr10462898ioi.172.1456508441664; Fri, 26 Feb 2016 09:40:41 -0800 (PST)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.169.35 with HTTP; Fri, 26 Feb 2016 09:40:41 -0800 (PST)
In-Reply-To: <CAJ3w4NfU+aBMyvDMF8kxHV6TdWgFz3uNL61YpdsLWBGoXHQ1aQ@mail.gmail.com>
References: <CAJE_bqdZTc57BGzVq8-EaOa7kT2ME9_3bXNKFr0WGk_MzLNOBQ@mail.gmail.com> <CAJ3w4NermaJtDzf3V4+WQcpJ5kEdWX6RQ9CyWiFmOmKw8+QZSQ@mail.gmail.com> <CAJE_bqc+1=CT66f88tB_DbavBmvnnYcK3a+LR_OwUWu_O-WnVw@mail.gmail.com> <CAJ3w4Ne8rU-cnvNqeM0x0PFw+mAD-TEmyegOJDgQuCiccFY2hg@mail.gmail.com> <CAJE_bqdBqjSG0UnGuKfjtQMB-Rp81pU7n_+Eq_Fb=yar+673hA@mail.gmail.com> <CAJ3w4NcmG18puJpzPFFvn4U8P7eQwh2WeMvcvH+UJHNPQd_BRw@mail.gmail.com> <CAJE_bqc9JHcUGCGW9VSPrHTBUe4tKowh9OHVbUA1qWwanWyYBg@mail.gmail.com> <CAJ3w4Nd+PbmQ3+fXGgMZHrh3NNejZmBaV0ytECjRc5KJ57HzPw@mail.gmail.com> <CAJE_bqdH_0G+2RWz8H4k8qsgK3iSHrzKnMG+jP-Kjp7Ka5rtjw@mail.gmail.com> <CAJ3w4NfU+aBMyvDMF8kxHV6TdWgFz3uNL61YpdsLWBGoXHQ1aQ@mail.gmail.com>
Date: Fri, 26 Feb 2016 09:40:41 -0800
X-Google-Sender-Auth: XjnVI66S9Vc8EmmsH2o9keQsy_4
Message-ID: <CAJE_bqdkkHtNr3khkPmsxoUuJgC49J7nmsLE8UOH49o4-Eedog@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Lishan Li <lilishan48@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/fdzw1rnHOtaMgR-mL5wIcAgXp60>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, draft-ietf-dhc-sedhcpv6@ietf.org
Subject: Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-10.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2016 17:40:43 -0000
At Fri, 26 Feb 2016 15:30:05 +0800, Lishan Li <lilishan48@gmail.com> wrote: > > > > [LS]: The self-signed certificate is the argument of the remove of the > > > public > > > key option. And we also need to supply some text to illustrate that it > > can > > > outweigh its cons. For the drawback of the method, the size of the DHCPv6 > > > message is increased when we actually only need the public key, not the > > > certificate. However, the size of the X.509 certificate is not very > > large, > > > such as 1KB, which will not cause IPv6 fragment and other problem. > > > > Repeating my previous point just to make it sure that we are on the > > same page: the argument that a self-signed certificate should make a > > public key option redundant isn't new in our recent changes. So I'd > > wonder why we are now bothering it. If this is a completely new > > attempt of cleanup, I suggest making it very clear (i.e., it has > > nothing to do with mandated encryption etc) and discussing it > > accordingly. > > > > [LS]: The self-signed certificate make the DHCPv6 option redundant, which > is not a new problem caused by our defined mechanism. So we don't need to > bother it. Could you please check whether my understanding is correct? I didn't mean we "don't need to bother". My major point is that this change was confusing: - We did a very substantial change since 08: merging encryption and mandating it (as well as removing TOFU) - public key option was also removed as well without any explanation of why - so I asked why, and your first response (it's because of the removal of TOFU) didn't make sense to me: the argument with self-signed certificate can apply with or without TOFU. That's why we have this conversation. Now, on clarifying these, I don't yet have a particular opinion on whether to remove the public key option. But my suggestion is: if you want to make this change, raise this issue separately on this list with your rationale, get consensus, and apply it to a subsequent version of the draft. -- JINMEI, Tatuya
- [dhcwg] comments on draft-ietf-dhc-sedhcpv6-10.txt 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Bernie Volz (volz)
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… Lishan Li
- Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-1… 神明達哉