Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17

"Bernie Volz (volz)" <volz@cisco.com> Wed, 16 November 2016 21:37 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A97421295B3 for <dhcwg@ietfa.amsl.com>; Wed, 16 Nov 2016 13:37:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.018
X-Spam-Level:
X-Spam-Status: No, score=-16.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gO4Ti1yMTsb6 for <dhcwg@ietfa.amsl.com>; Wed, 16 Nov 2016 13:37:26 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9476129567 for <dhcwg@ietf.org>; Wed, 16 Nov 2016 13:37:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2212; q=dns/txt; s=iport; t=1479332245; x=1480541845; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7YEfe/i9pqAbmB6z88uHZJEYG5gxeZV5wLhEa1cLFn0=; b=lX6fTA0PLziWPwkXsuMSnCUtIIoXsrWRwoo250ZOTzA32PXYy7sZVRdj IsXRfTFScaIG+x4yV2jDsuFh4bvY9RHOOGnd6u42hHPTMDpGVlFmCSD4r vcssTVRZwAYAeEcvBqiOfm72n4+lwdYyVTijBcxSJg32uPKvtnnMVMNtn 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AUAQCf0CxY/5JdJa1eGQEBAQEBAQEBAQEBBwEBAQEBgzcBAQEBAR9YgQCNPpcOgxmEVIx1ggcdC4V5AoISPxQBAgEBAQEBAQFiKIRoAQEBAwEBAQEeAUwLBQsCAQgYAQMLGgMCIQYLJQIEDgWIUgMPCA6VH51AAYIth0YNhBABAQEBAQEBAQEBAQEBAQEBAQEBAQEXBYEGhzOCXYJIgWsWgwEwgjAFmg01AY0dg0oKkBmJI4QqhAkBHjeBBxyFHXKIJgEBAQ
X-IronPort-AV: E=Sophos;i="5.31,650,1473120000"; d="scan'208";a="349202187"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Nov 2016 21:37:25 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id uAGLbPjY002122 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 16 Nov 2016 21:37:25 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 16 Nov 2016 15:37:24 -0600
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Wed, 16 Nov 2016 15:37:23 -0600
From: "Bernie Volz (volz)" <volz@cisco.com>
To: 神明達哉 <jinmei@wide.ad.jp>
Thread-Topic: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17
Thread-Index: AQHSQDG/LDuigbFGKEeCZlU07i6vtaDcItjc
Date: Wed, 16 Nov 2016 21:37:23 +0000
Message-ID: <EE901089-B46D-499A-895B-CAD248033FC6@cisco.com>
References: <CAJE_bqebwr2WUUgaNgiYS4_8L77Gxj4Os+oPRG407B6ELMEhCQ@mail.gmail.com> <CAJ3w4Ndi5Gq63n5kZnanRhLM8nWE2wsWGh0kJJLJnq=VoXLuCg@mail.gmail.com> <CAJE_bqegh1DfWjfK2BxeC_fWa0cEk-KJNP0AT-TQuEa39w_wVQ@mail.gmail.com> <CAJ3w4NdM99nv4C19Xj=aosNme+_Ymyys=xQ3UWUfeZReZC4ckA@mail.gmail.com> <CAJE_bqdhGZnK16MooiyujDgthDNnR74EiwW0OevrN6uq4b4ANw@mail.gmail.com> <CAJE_bqfKUZe2yaW1sAq7rrib0M7wz28HHtPLqCHK=vXcN6amgg@mail.gmail.com> <CAJ3w4Nd3s+ZojjiotLkKwys6truhUgK6F-90UYjcpB9iw=fKKQ@mail.gmail.com> <m2r36nuqvn.wl%jinmei.tatuya@gmail.com> <CAJ3w4NeuNYTrX4p5rtZ6UceD5ydQ-B-vY6aqQzxWnXsrDOEFEA@mail.gmail.com> <CAJE_bqdh-bgk7BHZJnaFFBr3PDj4ZnSSGeGNdQ70F7dv91iQrA@mail.gmail.com> <CAJ3w4NfU9PrC9a+MGnJ=Es1yir_asHB3p1=9GfxZZ0iSe+At+Q@mail.gmail.com> <CAJE_bqfRBYkrniWQ+vtPULTURnvyV792QNGvr8JhhZpGQ0MSdA@mail.gmail.com> <CAJ3w4NerRzHYsRqcUAkAjHX23PYVF4Jv0wKcd33vXRRg+-0EAQ@mail.gmail.com> <CAJ3w4NekPk0TuAZW_jmTDYQHd8JP3GsrA0qrKYrnyqSSk3qwxw@mail.gmail.com> <CAJE_bqc8hkrc3dYefTPWi-mUCtZD+oYsrobCK1KjmVGRnNfMCw@mail.gmail.com> <CAJ3w4NejrFAT3RK7i0W46HkQNJjhPxbhzQiL=3fcrceidTzHNQ@mail.gmail.com> <CAJE_bqcCwZWPHuZ0UR8_jyCUsaTrYKzLD8zUKwChYaCL06yT9A@mail.gmail.com> <CAJ3w4NfS8PKOMHcP5s_Nsp5K5eWJfXWRF-vNEau_ekqTRwE=wA@mail.gmail.com>, <CAJE_bqfqSXFR9R5wf1USg-zs+nvdohQFq99kQL2DiapXvUdEqA@mail.gmail.com>
In-Reply-To: <CAJE_bqfqSXFR9R5wf1USg-zs+nvdohQFq99kQL2DiapXvUdEqA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="iso-2022-jp"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/pmmXhC2aGW_4YWKCgVBwNHdBjec>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 21:37:28 -0000

FYI - I don't recall recommending that transaction-id stay consistent. I agree with Jinmei that this isn't unique (multiple clients may be using the same).

If you need a number, it may be better to have an explicit one.

- Bernie (from iPhone)

> On Nov 17, 2016, at 2:49 AM, 神明達哉 <jinmei@wide.ad.jp> wrote:
> 
> At Wed, 16 Nov 2016 20:17:40 +0800,
> Lishan Li <lilishan48@gmail.com> wrote:
> 
>> In the before, Bernie proposed the same question. And we made the following
>> consensus: The Encrypted-Query and Encrypted-Response message use the same
>> transaction-id with the before Information-request and Reply message.
> 
> I'm not sure if I fully understand it, but if I understand it I
> suspect it doesn't really solve this issue.  Two different clients can
> happen to use the same transaction-id for the initial
> Information-request and Reply (almost at the same time).  And yet it's
> possible that the preference and/or support level of algorithms for
> these clients are different and the server uses different algorithms
> and different key pairs for these clients.
> 
> Now, these clients will then set the same transaction-id in the
> subsequent Encrypted-Query message.  So the server can't determine
> which previous client (and therefore, algorithm and key) it should
> assume sent the message.
> 
> Besides, (if I understand it correctly) it's not really a
> transaction-id at all anymore - the client will have to keep using the
> same transaction-id for all subsequent encrypted-query messages.  In
> effect, this now works as a "key ID" (but it's incomplete even in that
> sense due to the possible conflicts with other clients as noted
> above).  Then why not introduce that concept more explicitly?  Since
> we are designing a new protocol we don't have to rely on a hack such
> as overloading the existing field (such a trick might be necessary if
> we need to provide, e.g., backward compatibility, but that's not the
> case here).
> 
> --
> JINMEI, Tatuya
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg