Re: [dhcwg] Comments on draft-ietf-dhc-relay-server-security-01
Tomek Mrugalski <tomasz.mrugalski@gmail.com> Fri, 09 December 2016 16:53 UTC
Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDEC512989F for <dhcwg@ietfa.amsl.com>; Fri, 9 Dec 2016 08:53:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XhdH665axO98 for <dhcwg@ietfa.amsl.com>; Fri, 9 Dec 2016 08:53:48 -0800 (PST)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50AC112989D for <dhcwg@ietf.org>; Fri, 9 Dec 2016 08:53:48 -0800 (PST)
Received: by mail-wm0-x231.google.com with SMTP id a197so32381207wmd.0 for <dhcwg@ietf.org>; Fri, 09 Dec 2016 08:53:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=NAyVquzB3gt99V3E6c2HLUYctkw7WhUD6AEeIKOk5bI=; b=duozFlIlXFxvZedAa39Swfpfgnd/6cXGpcqkfHT+/dEZuwoGo+REfOw3/6aO1AkE/R sEDAzuQVULgOj80KuFJzgeDbN+5WCmS8Zj5qjRkabtRPJPrQzD8HqqodUARAR6AVX3nB a6kJ3Cq8M8yJk1X+EcSEAuDEBpBosp+zLXe7/JVyA58OvO7UnhXAiIJ7ucnxjuAqOGLo BW5mFY+yiISOLrlKFozApcukmEczImFBQZkR36S5om89nhX2t5/XdQXNzekdzAZtPogw /J+TWaq0R0CfQ1b4e1Xmgmn1VnD0x7mxFAVJqeVWWJCN8MMc6Hj4nu4hL4h0Rd97Tid+ 7g3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=NAyVquzB3gt99V3E6c2HLUYctkw7WhUD6AEeIKOk5bI=; b=aPH0sd3PuWbX2xM41dQA/Fg0EVOdZm649zPulGuJkQDHsF1duMPMQCc2tsGIviesYk BCzUE9FWV6TEFuLDdmC+pI2q0UNVS3blk5ejHrOhqYK462AJbrKMF0oQChCc/iwbhgn5 FMMHIMraBKsCnoDbVwJUoi6+3Rxi/iC7d5Uw/KarcrAhRgAzHXw0q91Fhp8cV/CqKPDb U0aUVjh5ENXK8Mxo38tk1kftTH/85RT+4jAbfzhCOnF7IsTnXHyG+WVBseQn1odK6rEz 6YkXi0XvvLYyV7iYpuhI4ttnfkBKsjN2UddcJYxVypTAggj49VKaQx+72g8ljbabAnYS K0xA==
X-Gm-Message-State: AKaTC02/Ngs6hCHrc06sH9h45WNGOJcMdrk6ZfMaP7KKnHzfYFjFrClCJFldXtBI/3pVow==
X-Received: by 10.28.125.136 with SMTP id y130mr7776815wmc.112.1481302426784; Fri, 09 Dec 2016 08:53:46 -0800 (PST)
Received: from [192.168.0.7] ([95.160.150.43]) by smtp.googlemail.com with ESMTPSA id wg8sm43158785wjb.42.2016.12.09.08.53.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 09 Dec 2016 08:53:46 -0800 (PST)
To: "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
References: <147671242179.4527.12337010225582460227.idtracker@ietfa.amsl.com> <7e03afc26a08461e8308d5bdf985bed9@XCH-ALN-003.cisco.com> <ccbfe561da43469e8f894e2235c4b429@XCH15-06-08.nw.nos.boeing.com> <6a8f5646aedb44b5af85d7a45039eb02@XCH-ALN-003.cisco.com> <ed09c191c9a24989b38ec3db233e04d1@XCH15-06-08.nw.nos.boeing.com> <CA+dB4X4edhyJa+FR8phiJvQqi1wPU+eqsZ4=b4WHL7mFj-Dkgw@mail.gmail.com> <6c57d13d-7f48-67b5-fdad-4f230f46553f@gmail.com> <82f50590-1a44-a19d-3cb1-8ca2ce44f5d0@gmail.com> <0fa0546d1f0e4a2f951db3f7ed9c992b@XCH-ALN-003.cisco.com>
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
Message-ID: <704a5f08-a4db-784c-cdb6-644041886832@gmail.com>
Date: Fri, 09 Dec 2016 17:53:44 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <0fa0546d1f0e4a2f951db3f7ed9c992b@XCH-ALN-003.cisco.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/r2Mc4WpsPACQZGnXDTS80j5ojLU>
Cc: "Yogendra Pal (yogpal)" <yogpal@cisco.com>
Subject: Re: [dhcwg] Comments on draft-ietf-dhc-relay-server-security-01
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2016 16:53:54 -0000
W dniu 09.12.2016 o 17:27, Bernie Volz (volz) pisze: > I discussed some of these issues with Tomek a bit. > > Regarding the non-normative language issue, we have a proposal as follows: > - We will move the existing (non-normative language) into draft-ietf-dhc-rfc3315bis as it is best we don't require (but recommend) IPsec for DHCPv6. This would also correct the open issue we have in the draft-ietf-dhc-rfc3315bis document regarding the algorithms to use. > - We will reword this draft (in the 02) to use the normative (i.e., MUST) language. That way, if a vendor claims to be in compliance with this (future) RFC, they would have to fully support IPsec for the relay to server communication. That seems fine. This change would address my concerns. >> idnits report some issues with references. The text cites RFC2409, but it was obsoleted by RFC4306. > > I think the best move might be to change " Accordingly, IKE [RFC2409] / IKE2 [RFC7296] with preshared..." to just be " Accordingly, IKE2 [RFC7296] with preshared ..." and drop RFC 2409 altogether. That's fine by me. >> The document is very specific as to what is updated in RFC3315 (section 21.1), but it's blurry regarding RFC1542 update. Is there any specific text that is being updated? If there is, please clearly state so. If there isn't, maybe this draft doesn't update RFC1542? > > For 1542, it really "extends" it since that document was silent about IPsec ... so we can remove this. Ok, that will work. > And, I wonder if we should even say it updates 3315 as that might imply it is "required" -- and we'll be updating draft-ietf-dhc-rfc3315bis already, as mentioned above. Thus I propose to just remove that (in the meta data and in the text). Ok, by "and in the text" I assume you meant the "The following text replaces the text in RFC3315 ..." at the beginning of Section 3? If that's the case, I'm fine with that. > I'll wait a few days to see if anyone has any comments to this thread before publishing the -02 revision. <With my co-chair hat on> Assuming no significant objections are raised to those changes proposed by Bernie, I plan to wrap up this WGLC next week, let's say Wednesday. If anyone has any concerns, please raise them before that day. Tomek
- [dhcwg] I-D Action: draft-ietf-dhc-relay-server-s… internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… yogendra pal
- [dhcwg] WGLC on draft-ietf-dhc-relay-server-secur… Tomek Mrugalski
- Re: [dhcwg] WGLC on draft-ietf-dhc-relay-server-s… Bernie Volz (volz)
- [dhcwg] Comments on draft-ietf-dhc-relay-server-s… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Timothy Carlin
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- [dhcwg] WGLC on draft-ietf-dhc-relay-server-secur… Tomek Mrugalski