Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-dhcpv4-active-leasequery-06: (with DISCUSS and COMMENT)
Kim Kinnear <kkinnear@cisco.com> Tue, 06 October 2015 17:58 UTC
Return-Path: <kkinnear@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAF6D1AD0D3; Tue, 6 Oct 2015 10:58:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o8IeUNMeP7f6; Tue, 6 Oct 2015 10:58:01 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E23B1A6F30; Tue, 6 Oct 2015 10:53:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7661; q=dns/txt; s=iport; t=1444153982; x=1445363582; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=3Qqh3N29b4BhdFeTRqCMiq9f18QkIu5oQA1pkVOlmIs=; b=CoOpbRKgGv3XQzi1NDVoiQVwl+dNLAarlekI+LtuV4Ts5iJCCJg9WrQy QvTkieF9XIHohg4/ijq/qKPeX/YSCMMSySFme5K/L6vl1i3gk847J3H5e tGknQ8J4ktwfjvNRuxwclaxFIv+WlCBmR50LB6Gp+A6kzz4nMEcPu+huv Y=;
X-IronPort-AV: E=Sophos;i="5.17,644,1437436800"; d="scan'208";a="605565632"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Oct 2015 17:53:00 +0000
Received: from dhcp-10-131-65-129.cisco.com (dhcp-10-131-65-129.cisco.com [10.131.65.129]) (authenticated bits=0) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t96Hqv06028167 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 6 Oct 2015 17:52:59 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Kim Kinnear <kkinnear@cisco.com>
In-Reply-To: <6AE185BE-DC68-434E-B17E-0AFB8FE46B70@cisco.com>
Date: Tue, 06 Oct 2015 13:52:55 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <D05F2BAE-49DC-4E6D-B7A3-A37052D15253@cisco.com>
References: <20150930035228.20755.429.idtracker@ietfa.amsl.com> <19846C62-DF4F-402B-A7A6-9D2CE69BD9B3@cisco.com> <2BA9B2AC-116A-4FE5-BA17-AC8758B5C212@nostrum.com> <0F3826E4-13C7-4348-9271-5439A3304572@cisco.com> <C847544D-A1AE-4732-9BC6-1C5983A12527@nostrum.com> <6AE185BE-DC68-434E-B17E-0AFB8FE46B70@cisco.com>
To: Ben Campbell <ben@nostrum.com>, Brian Haberman <brian@innovationslab.net>
X-Mailer: Apple Mail (2.1878.6)
X-Authenticated-User: kkinnear
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/irScFii195_PNqbXyhAg94kxZ9g>
Cc: dhcwg@ietf.org, The IESG <iesg@ietf.org>, Kim Kinnear <kkinnear@cisco.com>
Subject: Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-dhcpv4-active-leasequery-06: (with DISCUSS and COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2015 17:58:04 -0000
Ben, et. al. I've submitted a new version of draft-ietf-dhc-dhcpv4-active-leasequery, with all of the changes to which I agreed during the review process. I've replied to Ben's email since he had the most comments, but I believe that I've covered all of the changes that we all discussed. Below you will find a list of the changes that I have made along with whose review prompted that change. Thank you all for your reviews. Regards -- Kim ------------------------- 1. Changed "recommendations in [RFC7525] SHOULD be followed" to "recommendation in [RFC7525] apply". Alissa Cooper 2. Added "Retries SHOULD NOT be more frequent than one every ACTIVE_LQ_IDLE_TIMEOUT. See Section 5.3." to the two places where we say "... the Requestor MAY retry." Ben Campbell, Spencer Dawkins 3. Added to Section 8.1: "If a connection is to be rejected because of a limitation of the number of open connections, the TCP connection itself should be rejected, or the subsequent ACTIVELEASEQUERY message should be rejected. Capacity related rejections SHOULD NOT affect the response to the DHCPTLS message." Spencer Dawkins 4. Moved the following paragraph to appear after a paragraph explaining how the server needs to ensure that a constant (albeit light) stream of messages flows from server to requestor: "If the stream of replies becomes blocked with no messages being received, the Requestor SHOULD terminate the connection after ACTIVE_LQ_RCV_TIMEOUT, and MAY begin retry processing if configured to do so." Spencer Dawkins 5. Added the following paragraph to section 7.1, General Processing: "Only one DHCPACTIVELEASEQUERY is allowed on any one TCP connection at a time. Parallel DHCPACTIVELEASEQUERY requests on the same TCP are no allowed." Spencer Dawkins 6. Added the following paragraph to section 9, Security Considerations: "Operating in insecure mode (see Section 8.1) does not provide any way to validate the authorization of requestors of a DHCPV4 Active Leasequery request." Ben Campbell 7. In section 7.2, Initiating a Connection, changed: "When operating in insecure mode, the requestor SHOULD proceed to send a DHCPACTIVELEASEQUERY request after the establishment of a TCP connection." to "When operating in insecure mode, the requestor sends a DHCPACTIVELEASEQUERY request after the establishment of a TCP connection." Ben Campbell 8. In section 7.2, Initiating a Connection, changed: "... the requestor SHOULD initiate the exchange ..." to "... the requestor initiates the exchange ..." Ben Campbell 9. In section 7.3, Forming an Active Leasequery, changed: "... the requestor SHOULD place this highest base-time value into a query-start-time option in the ..." to "... the requestor should place this highest base-time value into a query-start-time option in the ..." Ben Campbell 10. In section 7.3, Forming an Active Leasequery, changed: "Note that a DHCPACTIVELEASEQUERY request specifically requests the DHCPv4 server to create a long-lived connection which may not have data transferring continuously during its lifetime." to "Note that the connection resulting from accepting a DHCPACTIVELEASEQUERY request may be long-lived, and may not have data transferring continuously during its lifetime." Ben Campbell 11. In section 7.4, Processing Active Replies, changed: "This SHOULD be the last message on that connection, and once the message has been transmitted, the server SHOULD close the connection." to "This MUST be the last message on that connection, and once the message has been transmitted, the server MUST close the connection." Ben Campbell 12. In section 8.1, Accepting Connections, added the following: After: "Any options appearing in a DHCPTLS message received by a DHCPv4 server SHOULD be ignored." added: "Any options appearing in a DHCPTLS message received by a DHCPv4 server SHOULD be ignored. This is a SHOULD instead of a MUST in order to allow use of the DHCPTLS message in later documents, possibly with the use of options, without requiring those documents to update this document." Ben Campbell 13. In section 8.1, changed the following: "If for some reason the DHCPv4 server cannot or has been configured to not support a TLS connection, then it SHOULD send a DHCPTLS message with a dhcp-status-code of TLSConnectionRefused back to the requestor." to "If for some reason the DHCPv4 server cannot or has been configured to not support a TLS connection, then it sends a DHCPTLS message with a dhcp-status-code of TLSConnectionRefused back to the requestor." Ben Campbell 14. In section 8.1.1, changed the following: "In an update to the DHCPv4 Bulk Leasequery protocol <xref target="RFC6926"/> (which didn't discuss this situation explicitly), if the DHCPv4 server receives a DHCPv4 message containing a dhcp-message-type option with a value that is not supported over a TCP connection, it SHOULD close the TCP connection." to "In an update to the DHCPv4 Bulk Leasequery protocol <xref target="RFC6926"/> (which didn't discuss this situation explicitly), if the DHCPv4 server receives a DHCPv4 message containing a dhcp-message-type option with a value that is not supported over a TCP connection, it MUST close the TCP connection." Ben Campbell 15. In section 8.4, changed the following: "The sever MAY close its end of the TCP connection after sending its last message, a DHCPLEASEQUERYSTATUS message in response to a query." to "The sever MAY may end communication by sending a DHCPLEASEQUERYSTATUS message and then immediately closing the TCP connection." Ben Campbell 16. In section 7.3, moved the paragraph starting with: "Note that until all of the recent data (catch-up data) has been ..." after the subsquent paragraph. Ben Campbell 17. In section 8.2, replaced the paragraph beginning as follows: "Note that until all of the recent data (catch-up data) has been ..." with "The DHCPv4 server SHOULD keep track of previous binding activity. It SHOULD limit the amount of previous binding activity it keeps track of." Ben Campbell 18. Addd this explanation to section 9, Security Considerations: "Two modes of operation exist for this protocol, insecure mode and secure mode. These two modes exists because there are essentially two models of use for this protocol. In one model, the requestor of an Active Leasequery is connected to the internet in an arbitrary location, and the information transmitted needs to be protected during transmission. In addition, the identity of both requestor and server need to be verified. For this model of use, the secure mode is appropriate. The other model of use is where the requestor of the Active Leasequery resides in a network element that is essentially "next to" the element containing the DHCP server, and both of these elements are inside a protected environment. For this model, the insecure mode is sufficient since there are other, more global, protections in place to protect this information." and placed references to it in section 7.2, Initiating a Connection and section 8.1, Accepting Connections. Alissa Cooper 19. Three situations where statements with normative language were used which echoed other similar statements also using normative language were changed to not use normative language. References to the section of the document where the normative language remains were added. These changes were made in sections 3, 7.1, and 7.4.1. Ben Campbell
- [dhcwg] Ben Campbell's Discuss on draft-ietf-dhc-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kim Kinnear
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kim Kinnear
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kim Kinnear
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kathleen Moriarty
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kim Kinnear
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [dhcwg] Ben Campbell's Discuss on draft-ietf-… Kathleen Moriarty