Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - summary

Lishan Li <> Wed, 19 April 2017 13:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4B7211296B3; Wed, 19 Apr 2017 06:46:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id La0q-6qGXxoI; Wed, 19 Apr 2017 06:45:58 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EEF4112954C; Wed, 19 Apr 2017 06:45:57 -0700 (PDT)
Received: by with SMTP id p68so20162748qke.1; Wed, 19 Apr 2017 06:45:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yzbNwQDWtjUDE77F6QiBuFmEZf6HsmcAOFCG0sHCKkY=; b=HPzfl7G8tYaJYCUO3ZOOuDfbViKhJ6fhGK5SG/r2eabKQoTZPImqXzSzfYSC8/sCBc ldEZDo7Qs89hjZAdNkGT0Aza6dcBRGb4TbkpjhOkVYD6DfpYQOMMm+m/7u9HZUyZ4AmS 8MNHw+/wOQ413VFL72OxmVlRl8JpYxDJ43D74vMqrNz/SRuHe9b2vQnD3gIoEz+UMDuf oQUqSDjDwbdIiP6ZPEE/gR9o5lpPweUTpMA+AYmZTUhQx9JYMRaHYgtNTgNlb1lSTk1S btL5LwXRK5gkOv9kBPvUAThwGmzDjxWZaQMXpn/tzvyWhgpywEOGOfcvDf479DFEqBZz dhMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yzbNwQDWtjUDE77F6QiBuFmEZf6HsmcAOFCG0sHCKkY=; b=i/lWdg9ECWEkXUPTwOHoO7hBurHv+cJpG/wFjXVxAE+Bf2Vpd0jwjQedcLRUjBSDas j+8tPFRZE1u75m2bsX7OjCiMqpHNNc9ls1xoPDE5EvGqY3LxABsdWyjOV/hJwSYwa3OL iMqK/0QeRnHFBmy5RGBeKqVCtr0nUkZA94QAVOKJlzJsxGyXANTDRWDZZOp8oa3apaGU 30GGapESFdT1jgpKrO9PP4hA8HSYt+/z+F5Ga5Z+bmSzyGToYDWSj6HyQ5euXJE35X8p iIqHKyBhPPbaafjhJ1zXLUBgQU6hSTAl6at22TIXnqVsOqMAtYaM4V5mRZGys7je2Zl2 mw0g==
X-Gm-Message-State: AN3rC/60Hlr8d2PYhZ75AXoTi3t9R3mfAqNgyo1l1/wYtUR0uhTy7Ao2 b1os1NKdD5qvDWwfffnwVjLnmShL+w==
X-Received: by with SMTP id a187mr2932795qkc.28.1492609557098; Wed, 19 Apr 2017 06:45:57 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 19 Apr 2017 06:45:56 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
From: Lishan Li <>
Date: Wed, 19 Apr 2017 21:45:56 +0800
Message-ID: <>
To: "Templin, Fred L" <>
Cc: Tomek Mrugalski <>, dhcwg <>, draft-ietf-dhc-sedhcpv6 authors <>
Content-Type: multipart/alternative; boundary=94eb2c055938707880054d853e49
Archived-At: <>
Subject: Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - summary
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Apr 2017 13:46:00 -0000


I have considered this problem. Yes, secure DHCPv6 is incompatible with
If secure DHCPv6 is implemented, SAVI cannot work well and have to be

Best Regards,

在 2017年4月19日,下午9:41,Templin, Fred L <> 写道:


RFC7513 seems to suggest DHCP snooping, i.e., some L2 device on the link
the DHCP server or relay to the client examines the contents of DHCP
Unfortunately, sedhcpv6 mandates encryption making snooping impossible.

Does it mean that Secure DHCPv6 will be incompatible with SAVI?

Thanks - Fred

-----Original Message-----
From: dhcwg [] On Behalf Of Tomek Mrugalski
Sent: Wednesday, April 05, 2017 12:07 PM
To: dhcwg <>
Cc: draft-ietf-dhc-sedhcpv6 authors <>
Subject: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - summary

It took a little bit more than planned, but the extra time gave us a
couple more comments.

We did receive a number of in depth reviews with technical comments. In
general, several people praised the significantly improved quality and
clarity of the document. Nobody said that is opposed to this work. So
from that perspective this last call is a success.

However, both chair and at least one co-author feel that an important
concern has not been addressed yet. There currently are no known
implementations or prototypes of this draft. For a typical DHCP draft
that adds an option or two that would probably be fine, but for this
particular draft it is not. For two reasons: First, we feel that this is
an essential piece of the whole DHCPv6 ecosystem and as such require
much more scrutiny then an average draft. Second, security is a complex
matter and any unclear aspects would gravely damage the
interoperability. Jinmei had put it well: "I suspect the current spec
still has some points that are critically unclear, which you would
immediately notice once you tried to implement it."

Given that, we declare that more effort is needed before this work is
deemed ready for IESG. At the same time, chairs would like to strongly
applaud authors' efforts to improve this work. This version is
significantly better than its predecessors. Thank you for your hard
work. You are doing excellent work. Please continue.

Also, to address the concern of missing implementations, chairs would
like to announce a DHCP hackathon in Prague. Details are TBD, but the
primary goal will be to have at least two independent implementations of
that draft. The hackathon will take place the weekend before IETF
meeting (that's July 15-16). A separate announcement will be sent soon.

That is well over 3 months away. Authors and supporters of this work,
please seriously consider dedicating some of your time implementing
prototypes and attending the hackathon, if you can. If you can't we will
organize some means for participating remotely.

Thank you to the authors and to everyone who commented.

Bernie & Tomek

dhcwg mailing list