Re: [dhcwg] Adoption Call for draft-wkumari-dhc-addr-notification-07- Respond by April, 20 2023
Sheng Jiang <shengjiang@bupt.edu.cn> Mon, 10 April 2023 01:08 UTC
Return-Path: <shengjiang@bupt.edu.cn>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64833C151B26 for <dhcwg@ietfa.amsl.com>; Sun, 9 Apr 2023 18:08:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eASs38KgVAcL for <dhcwg@ietfa.amsl.com>; Sun, 9 Apr 2023 18:08:09 -0700 (PDT)
Received: from smtpbgsg1.qq.com (smtpbgsg1.qq.com [54.254.200.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC3CBC14CE4A for <dhcwg@ietf.org>; Sun, 9 Apr 2023 18:08:07 -0700 (PDT)
X-QQ-mid: bizesmtp81t1681088840tkbpi80z
Received: from SJ-Uni ( [221.223.101.20]) by bizesmtp.qq.com (ESMTP) with id ; Mon, 10 Apr 2023 09:07:19 +0800 (CST)
X-QQ-SSF: 01400000000000H0Z000000A0000000
X-QQ-FEAT: DQ0OCu3gog1clxCeURmTEAS4HARU4/5v54REwvNNKcTsLAYZW6iU3dVKZrOW0 9ncgjleO2GCijRLXRhfev4p96un49Kq970TMc0bTOhXMJEssgGNnxXI5L4J5ayld5GnVDmw PVJIxJL8127t9fSHgoo/LqLohFIksSAXJQDPtB0I4FKGpmk2dKmj+gvQXA9LjOi3kRc38eC IUt+LAJZx9xgFQa4ZFNxbs9xmkA7dW8InYN2O9X+66Fl+5oUgWJr2i8/zSpQsEoo6+B6oHJ HZc0CicB2QsgxaPBKywt5X9lqF6+unhghOoRphII0835sgggtGh9xKL1ckaI3B9Ow6IV3BN c5y55gdE/0TctHjiiOvfPBGXvy/vWRH5ul500U98m0ugogTFg2IF9+7jCGOtgdEukk4rpgA
X-QQ-GoodBg: 2
X-BIZMAIL-ID: 15730870441246796474
Date: Mon, 10 Apr 2023 09:07:21 +0800
From: Sheng Jiang <shengjiang@bupt.edu.cn>
To: Bernie Volz <bevolz@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>
Cc: dhcwg <dhcwg@ietf.org>
References: <5948.1680883536@localhost>, <2AFCC458-F921-4188-A9A0-89BA367A8719@gmail.com>
X-Priority: 3
X-GUID: 3F59C01D-2BED-41D1-BACA-B58D42EAF8F1
X-Has-Attach: no
X-Mailer: Foxmail 7.2.25.213[cn]
Mime-Version: 1.0
Message-ID: <D4FDCF357A90EDCF+2023041009072045123412@bupt.edu.cn>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
X-QQ-SENDSIZE: 520
Feedback-ID: bizesmtp:bupt.edu.cn:qybglogicsvr:qybglogicsvr2
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/mIzYoJ3ksZULsHfs74kUlPe33Hw>
Subject: Re: [dhcwg] Adoption Call for draft-wkumari-dhc-addr-notification-07- Respond by April, 20 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2023 01:08:14 -0000
>Bernie>But that reopens the can of worms the earlier attempt at this work raised: >> This document borrows heavily from a previous document, draft-ietf- >> dhc-addr-registration, which defined "a mechanism to register self- >> generated and statically configured addresses in DNS through a DHCPv6 >> server". That document was written Sheng Jiang, Gang Chen, Suresh >> Krishnan, and Rajiv Asati. The current notification draft only keep the part that the clients notify their own-generated addresses to DHCPv6 server from my original registration draft, and leave it out that the DHCPv6 server registers FQDNs on behalf of clients. So it does not open the issue. The latter part may have more security and privacy considerations, even there are motivations. Therefore, the current draft fairly leave it out of scope. The sentence in current draft, "Clients MAY include other options, such as the Client FQDN Option", only means the client MAY notify more information rather than addresses. Anyway, even the other more information also a minor point to discuss. Regards, Sheng Jiang >This is with WG co-chair hat off. > >Good find regarding: > >> The Security Considerations relating to the AUTH option are... insufficient. >> I wish we'd removed it from 8415. > > > An attacker may attempt to register a large number of addresses in > quick succession in order to overwhelm the address registration > server and / or fill up log files. These attacks may be mitigated by > using generic DHCPv6 protection such as the AUTH option [RFC8415]. > The similar attack vector exist today, e.g. an attacker can DoS the > server with messages contained spoofed DUIDs. > >WE DID remove AUTH effectively in 8415 as it is only used for reconfiguring!! So this text needs to be corrected. Just remove the sentence about AUTH. > >Regarding: > >> There is some subtle (emotional?) connection to RFC8505, which I'll try to >> resolve in my mind. > > >8505 is at the link layer. DHCPv6 is designed to be able to operate at higher layer as “registration” at link level is already possible. > >Regarding: > >> Can a host include RFC4704 (Client FQDN) in the same packet to have the >> reverse DNS updated? > > >Document does say: > > Clients MAY include other options, such as the Client FQDN Option > [RFC4704]. > >But that reopens the can of worms the earlier attempt at this work raised: > > This document borrows heavily from a previous document, draft-ietf- > dhc-addr-registration, which defined "a mechanism to register self- > generated and statically configured addresses in DNS through a DHCPv6 > server". That document was written Sheng Jiang, Gang Chen, Suresh > Krishnan, and Rajiv Asati. > >Personally I am not in favor of this new work either (and will comment more later). > >- Bernie Volz > >> On Apr 7, 2023, at 12:06 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: >> >> >> Timothy Winters <tim@qacafe.com> wrote: >>> As discussed during IETF-116, I would like initiating a WG call for >>> adoption on >>> https://datatracker.ietf.org/doc/draft-wkumari-dhc-addr-notification/. >> >>> This starts the call for adoption of this document. Please respond by >>> April 20, 2023. >> >> I read the document a few weeks ago, and I like it. >> Please adopt it. >> >> } The host MUST only send the ADDR-REG-INFORM message for valid ([RFC4862]) >> } addresses of global scope ([RFC4007]). >> >> Is this intended to exclude ULA? >> >> } address being registered is "appropriate to the link" as defined by >> >> It seems that this will be in conflict with draft-collink-v6ops-ent64pd, >> should it be adopted. >> The Security Considerations relating to the AUTH option are... insufficient. >> I wish we'd removed it from 8415. >> >> Does the packet need to originate from the IP address which is being >> registered? >> It would be nice if there was a return reachability challenge (3-way handshake). >> >> Can a host include RFC4704 (Client FQDN) in the same packet to have the >> reverse DNS updated? >> >> There is some subtle (emotional?) connection to RFC8505, which I'll try to >> resolve in my mind. >> >> >> >> >> >> >> >> -- >> Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) >> Sandelman Software Works Inc, Ottawa and Worldwide >> >> >> >> >> _______________________________________________ >> dhcwg mailing list >> dhcwg@ietf.org >> https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Adoption Call for draft-wkumari-dhc-addr-… Timothy Winters
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Sheng Jiang
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Michael Richardson
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Ted Lemon
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Bernie Volz
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Jen Linkova
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Jen Linkova
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Lorenzo Colitti
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Michael Richardson
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Jen Linkova
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Michael Richardson
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Jen Linkova
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Sheng Jiang
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Michael Richardson
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Lorenzo Colitti
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Michael Richardson
- Re: [dhcwg] Adoption Call for draft-wkumari-dhc-a… Timothy Winters