IETF Logo Mail Archive

Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 24 March 2017 17:25 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52BDD129548; Fri, 24 Mar 2017 10:25:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uLXHR2fyjsXN; Fri, 24 Mar 2017 10:25:05 -0700 (PDT)
Received: from phx-mbsout-01.mbs.boeing.net (phx-mbsout-01.mbs.boeing.net [130.76.184.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F25712949A; Fri, 24 Mar 2017 10:25:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id v2OHP4jS043768; Fri, 24 Mar 2017 10:25:04 -0700
Received: from XCH15-06-09.nw.nos.boeing.com (xch15-06-09.nw.nos.boeing.com [137.136.239.172]) by phx-mbsout-01.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id v2OHOvGW043562 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=OK); Fri, 24 Mar 2017 10:24:58 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-09.nw.nos.boeing.com (2002:8988:efac::8988:efac) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 24 Mar 2017 10:24:57 -0700
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1263.000; Fri, 24 Mar 2017 10:24:56 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>, dhcwg <dhcwg@ietf.org>
CC: draft-ietf-dhc-sedhcpv6 authors <draft-ietf-dhc-sedhcpv6@ietf.org>
Thread-Topic: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th
Thread-Index: AQHSmBEZNN0XaqjWoEec2cWUphDKn6GkVjeg
Date: Fri, 24 Mar 2017 17:24:56 +0000
Message-ID: <ddd19ddb52084e9cbdbc035d07888c28@XCH15-06-08.nw.nos.boeing.com>
References: <e08be0f6-f1b4-4f57-6cdf-ddd546f8b793@gmail.com>
In-Reply-To: <e08be0f6-f1b4-4f57-6cdf-ddd546f8b793@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/hENeIsZH6ySR7qMrxIeR2M_XS2g>
Subject: Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 17:25:08 -0000

Hi Tomek,

With apologies for the delayed response, see below:

> -----Original Message-----
> From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Tomek Mrugalski
> Sent: Wednesday, March 08, 2017 5:37 AM
> To: dhcwg <dhcwg@ietf.org>
> Cc: draft-ietf-dhc-sedhcpv6 authors <draft-ietf-dhc-sedhcpv6@ietf.org>
> Subject: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th
> 
> Hi,
> draft-ietf-dhc-sedhcpv6-21 describes a mechanism for using public key
> cryptography to provide end-to-end security between DHCPv6 clients and
> servers. The mechanism provides encryption in all cases, and can be used
> for authentication based on pre-sharing of authorized certificates. This
> draft has started in 2013, but the whole DHCPv6 security saga is much
> longer and begins in 2008. This draft was submitted to IESG in mid-2015.
> The guidance received was clear that  substantial changes are needed. As
> a result, "encrypt everywhere, authenticate if you can" approach was used.
> 
> Authors believe this draft to be ready for working group last call.
> 
> Please send your substantial comments to the mailing list and express
> your opinion whether this draft is ready for publication. Feel free to
> send nitpicks and minor corrections to the authors directly. This is a
> complex draft, so the chairs believe 3 weeks WGLC is in order. Please
> send your comments no later than March 29th. Bernie and I will determine
> consensus and will discuss during Chicago meeting as needed.
> 
> To initiate the discussion, I have two related questions. The chairs
> would love to hear your opinions on those.
> 
> 1. The "encrypt everywhere" paradigm means that in deployments that do
> snooping on relay will break down. To solve this problem, we need a
> assignment notification mechanism, similar to the one described in
> draft-ietf-dhc-dhcpv6-agentopt-delegate-04. That draft expired many
> years ago. This matter was discussed in Seoul and the minutes describe
> the conclusion as:
> 
>   The discussion gravitated towards not resurrecting until the sedhcpv6
>   I-D progresses further. We will reevaluate this once sedhcpv6 is done.
> 
> Do you want the WG to resurrect agentopt-delegate a) now, b) when
> sedhcpv6 is sent to IESG or c) when sedhcpv6 is published as RFC? d) we
> need a completely new draft and I'm volunteering to work on it.

a) now. What would be the reason for any delay?

If there is any assistance I could give to the effort I would be willing
to help.

Thanks - Fred
fred.l.templin@boeing.com

> 2. One of the authors suggested that this protocol is quite complex and
> having a feedback from an implementation (or ideally two interoperating)
> would be very important and would likely result in some changes to the
> draft. It's probably too late for Chicago, but we can organize a
> sedhcpv6 hackathon in Prague. Two likely implementations would be WIDE
> and Kea, as those two are open source and have an old version of the
> draft partially implemented. Do you think such a hackathon would be
> useful? Are you willing to participate?
> 
> Title: Secure DHCPv6
> Authors: L. Li, S. Jiang, Y.Cui, T.Jinmei, T.Lemon, D.Zhang
> Filename: draft-ietf-dhc-sedhcpv6-21
> Pages: 31
> Date: 2017-02-21
> Link: https://datatracker.ietf.org/doc/draft-ietf-dhc-sedhcpv6/
> 
> Responses by March 29th are appreciated.
> 
> Thanks,
> Bernie and Tomek
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email