IETF Logo Mail Archive

Re: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-tunnel-01.txt

Ted Lemon <Ted.Lemon@nominum.com> Wed, 26 September 2012 14:29 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A85421F8815 for <dhcwg@ietfa.amsl.com>; Wed, 26 Sep 2012 07:29:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.342
X-Spam-Level:
X-Spam-Status: No, score=-106.342 tagged_above=-999 required=5 tests=[AWL=-0.043, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lW86Cj0Cn2bt for <dhcwg@ietfa.amsl.com>; Wed, 26 Sep 2012 07:29:51 -0700 (PDT)
Received: from exprod7og102.obsmtp.com (exprod7og102.obsmtp.com [64.18.2.157]) by ietfa.amsl.com (Postfix) with ESMTP id 7F7AD21F86E5 for <dhcwg@ietf.org>; Wed, 26 Sep 2012 07:29:51 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob102.postini.com ([64.18.6.12]) with SMTP ID DSNKUGMRXzsFU+yxBbEovm4VjxwR8ThRYsUV@postini.com; Wed, 26 Sep 2012 07:29:51 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id A1B021B829F for <dhcwg@ietf.org>; Wed, 26 Sep 2012 07:29:50 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 98E3E19005C; Wed, 26 Sep 2012 07:29:50 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-02.WIN.NOMINUM.COM ([64.89.228.132]) with mapi id 14.02.0247.003; Wed, 26 Sep 2012 07:29:50 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Ole Trøan <otroan@employees.org>
Thread-Topic: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-tunnel-01.txt
Thread-Index: AQHNeWDyHUsxdHhkUUml/eENyUzBb5dt5P4AgCx5BwCAASw+gIAASXKAgAE2VICAAEWWgIAAA/2AgAAVvQA=
Date: Wed, 26 Sep 2012 14:29:50 +0000
Message-ID: <7329B869-8093-4EDA-8490-1491D97D22D8@nominum.com>
References: <4D779082-B182-4728-9534-39456573682E@nominum.com> <489D13FBFA9B3E41812EA89F188F018E0F4EA3B4@xmb-rcd-x04.cisco.com> <E1CE3E6E6D4E1C438B0ADC9FFFA345EA3C4668ED@SZXEML510-MBS.china.huawei.com> <8AC1BB64-BA6D-4395-ABA7-1F317C3550D0@nominum.com> <D4AB11DA-0815-4E79-A097-F9B408210D81@employees.org> <C53F80F0-F243-4A0D-B03D-BDEE4B4246BC@nominum.com> <39714EDD-C5DA-4DDF-AD10-E06A934EEDAE@employees.org> <8275EA44-3606-4C82-A656-653B56009D09@nominum.com> <2144A493-A8A0-46C3-9281-1F2D58867685@employees.org>
In-Reply-To: <2144A493-A8A0-46C3-9281-1F2D58867685@employees.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <2DFF8810A5E78445A1C2DD4E45468E60@nominum.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: dhc WG <dhcwg@ietf.org>
Subject: Re: [dhcwg] WGLC: draft-ietf-dhc-dhcpv6-tunnel-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2012 14:29:52 -0000

On Sep 26, 2012, at 9:11 AM, Ole Trøan <otroan@employees.org>
 wrote:
> - allow a unicast address as destination address to reach the DHCPv6 server

Huh.   How does the client know that address?   Why aren't you advertising a route to the All_DHCP_Servers multicast address down the tunnel?

> there are a few MUSTs that must be changed. equally there might be security implications, and new text for how the server should deal with on or offlink clients.

Wouldn't the security implications be the same in both cases?   You realize that RFC3315 does allow unicast to the server if it's been negotiated with the server, right?   How are the security implications different in that case than in this one?   How does putting in a fake relay agent change things?   Can't any client put in a fake relay agent, whether they are at a tunnel endpoint or not?   I can help you to work through the security considerations section if that's your only concern.

> this isn't completely different. the draft describes how this can be achieved with existing DHCPv6 servers and within current RFC3315.
> what is complicated and what is not compatible?

You have to hack the client to pretend it's a relay agent.   If this happens, you're going to wind up with clients like that all over the place, and your DHCP deployment is going to have to handle them correctly.   And then if we change RFC3315 to solve the problem the right way, then your DHCP deployment is going to have to handle both mechanisms, one of which delivers a packet with an extra relay package.

v2.23.0 | Report a Bug | By Email