Re: [dhcwg] Fwd: New Version Notification for draft-li-dhc-secure-dhcpv6-deployment-01.txt
神明達哉 <jinmei@wide.ad.jp> Wed, 28 October 2015 18:20 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D4EC1ACD46 for <dhcwg@ietfa.amsl.com>; Wed, 28 Oct 2015 11:20:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uvdSEHa8Mn2V for <dhcwg@ietfa.amsl.com>; Wed, 28 Oct 2015 11:20:33 -0700 (PDT)
Received: from mail-ig0-x22e.google.com (mail-ig0-x22e.google.com [IPv6:2607:f8b0:4001:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B3851ACD43 for <dhcwg@ietf.org>; Wed, 28 Oct 2015 11:20:33 -0700 (PDT)
Received: by igdg1 with SMTP id g1so113737132igd.1 for <dhcwg@ietf.org>; Wed, 28 Oct 2015 11:20:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=2KsQaa4fXFXPSLbsP3dzCccgrIiNz8RGSPbguUV5H4Y=; b=KPj6nHqatPOnacHh8VIMczm2tY1DlaV2i9hTAM3x/J6jPpLZyKx6J88Qhll6u8hpfq +iG4AmY6FgbLGpzFMON64Gq5s+75x0GEwRujnZO+6NbG4iMQk+uF4aYrHkJI6XjEQyxf x62G1nnTBa0KAWAImk1AaA0JFkChAb+wAszsSVVy0aZ0mOBMqFU7sui411YRDJq7tFKt scJ7g/xo2GEkweMY/XXbPGEylpIKl5fvEtzEw6KtePPy9wCJTEAtrvTtDfAPdgNO3TlB PtLTHArx1FaiiTsxh8PvdWGltvYeG9guPwEcofruU9s+ZYKC6zYpMNeDm9u6PletaNg+ 3saw==
MIME-Version: 1.0
X-Received: by 10.50.43.161 with SMTP id x1mr4576895igl.64.1446056432529; Wed, 28 Oct 2015 11:20:32 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.140.71 with HTTP; Wed, 28 Oct 2015 11:20:32 -0700 (PDT)
In-Reply-To: <CAJ3w4NdLcEBrAePZxHereELEW9+BkoVo1Z=FKJJmFubQZ-7EAQ@mail.gmail.com>
References: <CAJ3w4NdLcEBrAePZxHereELEW9+BkoVo1Z=FKJJmFubQZ-7EAQ@mail.gmail.com>
Date: Wed, 28 Oct 2015 11:20:32 -0700
X-Google-Sender-Auth: BxqnZ0jNbi4x2hRe2ITJXDTJ8DU
Message-ID: <CAJE_bqdjnoBnLwghPLW95tyU+VOH+PcvA1rEjj3uoNPGfYJmkA@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Lishan Li <lilishan48@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/gwDaVNHJYVRGHGKB2hPLX2EFalQ>
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] Fwd: New Version Notification for draft-li-dhc-secure-dhcpv6-deployment-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2015 18:20:38 -0000
At Sat, 24 Oct 2015 22:39:09 +0800, Lishan Li <lilishan48@gmail.com> wrote: > We have submitted a new version of the > draft-li-dhc-secure-dhcpv6-deployment-01. Thanks very > much for the constructive comments from Sheng Jiang and Jinmei. > In this version, we have mainly made the following change: > 1. restructure the document to clearly describe the mechanism; > 2. emphasize the secure DHCPv6 mechanisms deployment difficulties; > 3. correct some grammar mistakes and improper expressions. Just from a very quick scan, it has the same issue I raised for the previous version: TOFU plays a role in the scenario where the DHCPv6 client is mobile and connects to random networks. Referring to "random networks" in the case for TOFU (for authentication) will be controversial at best, and IMHO even problematic; not using the term "coffee shop" doesn't address the main point. There might be a minor niche where this combination makes sense, but that will require more detailed discussions on the underlying assumptions. Perhaps your primary focus is to use TOFU mainly for encryption rather than authentication? If so, it would be better to clarify the intent and discuss it accordingly. -- JINMEI, Tatuya