Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6

Tomek Mrugalski <> Wed, 07 June 2017 18:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3862A12EC36 for <>; Wed, 7 Jun 2017 11:43:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5ekJjif8Q8S0 for <>; Wed, 7 Jun 2017 11:43:41 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1AC1B13145E for <>; Wed, 7 Jun 2017 11:43:10 -0700 (PDT)
Received: by with SMTP id p189so9315865lfe.2 for <>; Wed, 07 Jun 2017 11:43:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=+sPM9y32pwbtX5gWsOkJ8aZPL9kz+p7oIToYYUlUuKQ=; b=c8Mo/2keWNqJitZ7VWYGckjVPk0gYj+CF/92ughl2rUxoxRzTDenuPv0c2e06+YTwU FfgvVsY2xmW91CYqs/MxpjJrZlLmPH+JLdvgvES1TnVGX6/6/vRRxd8yFBLAZy2klmpU IAuvWRXAK0ud6Xq/b1I2lMIEAPZbn928ctLG/ujeBgmv+4YKYhS6+F6mV7CH4oR1a4EM Oq6nPeplO4rEeXTyk6rrvfn0MzlmiGvlcOVALTgC1lKsgE7Y2k6x1nRu/D2KSwjtgJrs tJskBzD4pBHFA3CD16r7qwV4j8Cud2xNjUpRnDTXvXvFHs2g4CmAttwPB7GWOxBYvWLN 9jUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=+sPM9y32pwbtX5gWsOkJ8aZPL9kz+p7oIToYYUlUuKQ=; b=fiJUlIK+owtM5/Yei9DIAQjKECN6kv29THXLrKW5CyCHl4DcQ/gb761k3xEyGVisd/ sAyh5be8WAnA0qWUsXzbTDPsoPGKo2TDiDCFlR6BIydioOr6HGhPC3YBQouDmlWN/wG4 j4SZUyrp8+aFCRaYXlipKYa3f2ZTHXSat+pRg8t7moAOXwM7rC9t0N38vjBpSQo76ib0 LUyW6pT/GlkC7FNFMl7TC3k9BXLefV1MN6xlfdXJaU5Nvr0ASf6HKKQ3Fx+GZcojn+8A 1Ty/apjNL+Wd42jzqdAi8imXW7vrpPysOA++4w9LwXa618gYvqvEo+DYu1LrOcTqIRtk hGjg==
X-Gm-Message-State: AODbwcAtt+krNtvp9r0VItl1G7aF75fSD9LOo4W3cACjqxLXeHmAu8au FDFOOh8Dz7DH1mqx
X-Received: by with SMTP id q74mr3963121lfg.50.1496860987807; Wed, 07 Jun 2017 11:43:07 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id u11sm513412lfi.36.2017. for <> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 07 Jun 2017 11:43:06 -0700 (PDT)
References: <> <> <>
From: Tomek Mrugalski <>
Message-ID: <>
Date: Wed, 7 Jun 2017 20:43:05 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 07 Jun 2017 18:43:52 -0000

W dniu 07.06.2017 o 20:10, 神明達哉 pisze:
> At Tue, 06 Jun 2017 00:10:46 +0200,
> Francis Dupont <> wrote:
>> Perhaps we should drop it and restart from the beginning about
>> address assignment security, for instance using opportunistic DNSSEC
>> with a client embedded first relay? At least it does not need to
>> develop a new protocol...
> I don't know what "opportunistic DNSSEC with a client embedded
> first relay" means, but as we're sort of getting stuck I see even a
> drop-and-restart might be an option.
This work has been in development for almost a decade. This particular
approach started in 2013. Let's not restart the work until we exhaust
all other possible alternatives.

How about the proposal Bernie made here?

Another possible approach to the problem mentioned in off-line
discussion was DTLS 1.2 (RFC6347), but Francis pointed out that it's
quite exchange heavy, compared to DHCP, which takes 1 or 2 exchanges.
Going to 3 or perhaps 4 exchanges is ok in my opinion, but if the
proposal requires more than that, we would see a lot of raised eyebrows.