[dhcwg] status of draft-ietf-dhc-agent-subnet-selection

Thomas Narten <narten@us.ibm.com> Tue, 08 October 2002 18:01 UTC

Received: from www1.ietf.org (ietf.org [] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24201 for <dhcwg-archive@odin.ietf.org>; Tue, 8 Oct 2002 14:01:48 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g98I3R319938 for dhcwg-archive@odin.ietf.org; Tue, 8 Oct 2002 14:03:27 -0400
Received: from ietf.org (odin.ietf.org []) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98I3Rv19935 for <dhcwg-web-archive@optimus.ietf.org>; Tue, 8 Oct 2002 14:03:27 -0400
Received: from www1.ietf.org (ietf-mx.ietf.org []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA24190 for <dhcwg-web-archive@ietf.org>; Tue, 8 Oct 2002 14:01:17 -0400 (EDT)
Received: from www1.ietf.org (localhost.localdomain []) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98I0lv19801; Tue, 8 Oct 2002 14:00:48 -0400
Received: from ietf.org (odin.ietf.org []) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g98Hq0v19357 for <dhcwg@optimus.ietf.org>; Tue, 8 Oct 2002 13:52:00 -0400
Received: from e35.co.us.ibm.com (ietf-mx.ietf.org []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA23692 for <dhcwg@ietf.org>; Tue, 8 Oct 2002 13:49:50 -0400 (EDT)
Received: from westrelay03.boulder.ibm.com (westrelay03.boulder.ibm.com []) by e35.co.us.ibm.com (8.12.2/8.12.2) with ESMTP id g98Hphxf074112; Tue, 8 Oct 2002 13:51:43 -0400
Received: from rotala.raleigh.ibm.com (rotala.raleigh.ibm.com []) by westrelay03.boulder.ibm.com (8.12.3/NCO/VER6.4) with ESMTP id g98Hpgtr019142; Tue, 8 Oct 2002 11:51:42 -0600
Received: from rotala.raleigh.ibm.com (narten@localhost) by rotala.raleigh.ibm.com (8.11.6/8.11.6) with ESMTP id g98Ho1b27921; Tue, 8 Oct 2002 13:50:01 -0400
Message-Id: <200210081750.g98Ho1b27921@rotala.raleigh.ibm.com>
To: Kim Kinnear <kkinnear@cisco.com>
cc: rdroms@cisco.com, dhcwg@ietf.org
In-Reply-To: Message from Kim Kinnear <kkinnear@cisco.com> of "Mon, 07 Oct 2002 10:59:40 EDT." <>
Date: Tue, 08 Oct 2002 13:50:01 -0400
From: Thomas Narten <narten@us.ibm.com>
Subject: [dhcwg] status of draft-ietf-dhc-agent-subnet-selection
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>

Hi Kim.

> I was trying to recover some lost ground and figure out where the
> drafts which I am editing are in the process.  The following mail
> is the last on the subject of the subnet-selection sub-option
> that I can find in my mail archives.

This document is tied up in IESG unhappiness with the WGs dealing with
security issues. Basically, the IESG thinks that the overall security
model of relay agent option is rather inadequate (it assumes that the
entire network from the relay agent to the DHC servers is
trustable/secure). This is not a new issue; it was a concern back when
the original relay agent option document was approved. However, the WG
keeps sending new relay agent options to the IESG without also working
on the security model.

One thing that was pointed out was that other WGs have been told flat
out "no approval until you get a realistic security story". So, the
issue that was raised was why should the DHC WG be held to a lesser

What the IESG wants to see is a credible story for the WG will get
deployable/useable DHC security. In the case of the relay agent
option, the technical issues seem fairly straightforward. Because
relay-agents need to be configured, and because relay agents only need
to talk (securely) with DHC servers, the key distribution problem can
be handled via static keys/configuration.

Bottom line: the IESG wants an updated charter that has a reasonable
story for getting better security, together with an indication that
there is meat behind the wording (e.g., a draft, and/or a design team
that includes security clueful folk, etc.)

dhcwg mailing list