Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th
"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 24 March 2017 17:25 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52BDD129548; Fri, 24 Mar 2017 10:25:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uLXHR2fyjsXN; Fri, 24 Mar 2017 10:25:05 -0700 (PDT)
Received: from phx-mbsout-01.mbs.boeing.net (phx-mbsout-01.mbs.boeing.net [130.76.184.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F25712949A; Fri, 24 Mar 2017 10:25:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v2OHP4jS043768; Fri, 24 Mar 2017 10:25:04 -0700
Received: from XCH15-06-09.nw.nos.boeing.com (xch15-06-09.nw.nos.boeing.com [137.136.239.172]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v2OHOvGW043562 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Fri, 24 Mar 2017 10:24:58 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-09.nw.nos.boeing.com (2002:8988:efac::8988:efac) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 24 Mar 2017 10:24:57 -0700
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1263.000; Fri, 24 Mar 2017 10:24:56 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>, dhcwg <dhcwg@ietf.org>
CC: draft-ietf-dhc-sedhcpv6 authors <draft-ietf-dhc-sedhcpv6@ietf.org>
Thread-Topic: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th
Thread-Index: AQHSmBEZNN0XaqjWoEec2cWUphDKn6GkVjeg
Date: Fri, 24 Mar 2017 17:24:56 +0000
Message-ID: <ddd19ddb52084e9cbdbc035d07888c28@XCH15-06-08.nw.nos.boeing.com>
References: <e08be0f6-f1b4-4f57-6cdf-ddd546f8b793@gmail.com>
In-Reply-To: <e08be0f6-f1b4-4f57-6cdf-ddd546f8b793@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/hENeIsZH6ySR7qMrxIeR2M_XS2g>
Subject: Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 17:25:08 -0000
Hi Tomek, With apologies for the delayed response, see below: > -----Original Message----- > From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Tomek Mrugalski > Sent: Wednesday, March 08, 2017 5:37 AM > To: dhcwg <dhcwg@ietf.org> > Cc: draft-ietf-dhc-sedhcpv6 authors <draft-ietf-dhc-sedhcpv6@ietf.org> > Subject: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th > > Hi, > draft-ietf-dhc-sedhcpv6-21 describes a mechanism for using public key > cryptography to provide end-to-end security between DHCPv6 clients and > servers. The mechanism provides encryption in all cases, and can be used > for authentication based on pre-sharing of authorized certificates. This > draft has started in 2013, but the whole DHCPv6 security saga is much > longer and begins in 2008. This draft was submitted to IESG in mid-2015. > The guidance received was clear that substantial changes are needed. As > a result, "encrypt everywhere, authenticate if you can" approach was used. > > Authors believe this draft to be ready for working group last call. > > Please send your substantial comments to the mailing list and express > your opinion whether this draft is ready for publication. Feel free to > send nitpicks and minor corrections to the authors directly. This is a > complex draft, so the chairs believe 3 weeks WGLC is in order. Please > send your comments no later than March 29th. Bernie and I will determine > consensus and will discuss during Chicago meeting as needed. > > To initiate the discussion, I have two related questions. The chairs > would love to hear your opinions on those. > > 1. The "encrypt everywhere" paradigm means that in deployments that do > snooping on relay will break down. To solve this problem, we need a > assignment notification mechanism, similar to the one described in > draft-ietf-dhc-dhcpv6-agentopt-delegate-04. That draft expired many > years ago. This matter was discussed in Seoul and the minutes describe > the conclusion as: > > The discussion gravitated towards not resurrecting until the sedhcpv6 > I-D progresses further. We will reevaluate this once sedhcpv6 is done. > > Do you want the WG to resurrect agentopt-delegate a) now, b) when > sedhcpv6 is sent to IESG or c) when sedhcpv6 is published as RFC? d) we > need a completely new draft and I'm volunteering to work on it. a) now. What would be the reason for any delay? If there is any assistance I could give to the effort I would be willing to help. Thanks - Fred fred.l.templin@boeing.com > 2. One of the authors suggested that this protocol is quite complex and > having a feedback from an implementation (or ideally two interoperating) > would be very important and would likely result in some changes to the > draft. It's probably too late for Chicago, but we can organize a > sedhcpv6 hackathon in Prague. Two likely implementations would be WIDE > and Kea, as those two are open source and have an old version of the > draft partially implemented. Do you think such a hackathon would be > useful? Are you willing to participate? > > Title: Secure DHCPv6 > Authors: L. Li, S. Jiang, Y.Cui, T.Jinmei, T.Lemon, D.Zhang > Filename: draft-ietf-dhc-sedhcpv6-21 > Pages: 31 > Date: 2017-02-21 > Link: https://datatracker.ietf.org/doc/draft-ietf-dhc-sedhcpv6/ > > Responses by March 29th are appreciated. > > Thanks, > Bernie and Tomek > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Ted Lemon
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Templin, Fred L
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Lishan Li
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Templin, Fred L
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Lishan Li
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Lishan Li
- [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Resp… Tomek Mrugalski
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Templin, Fred L
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Bernie Volz (volz)
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Lishan Li
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Bernie Volz (volz)
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … 神明達哉
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Lishan Li
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Bernie Volz (volz)
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Bernie Volz (volz)
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Ted Lemon
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Sten Carlsen
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Tomek Mrugalski
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … 神明達哉
- Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - … Timothy Carlin
- [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - summ… Tomek Mrugalski