IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-04 - Respond by Nov 3, 2014

Francis Dupont <Francis.Dupont@fdupont.fr> Mon, 03 November 2014 23:04 UTC

Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F16F1A8836 for <dhcwg@ietfa.amsl.com>; Mon, 3 Nov 2014 15:04:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.146
X-Spam-Level:
X-Spam-Status: No, score=-4.146 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, HELO_EQ_FR=0.35, RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XlwMlnHZqUMV for <dhcwg@ietfa.amsl.com>; Mon, 3 Nov 2014 15:04:51 -0800 (PST)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FDA41A8829 for <dhcwg@ietf.org>; Mon, 3 Nov 2014 15:04:50 -0800 (PST)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id sA3N4j7X048092; Tue, 4 Nov 2014 00:04:45 +0100 (CET) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201411032304.sA3N4j7X048092@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: "Bernie Volz (volz)" <volz@cisco.com>
In-reply-to: Your message of Sun, 26 Oct 2014 22:11:25 GMT. <489D13FBFA9B3E41812EA89F188F018E1B6F6882@xmb-rcd-x04.cisco.com>
Date: Tue, 04 Nov 2014 00:04:45 +0100
Sender: Francis.Dupont@fdupont.fr
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/rgkT8_hZ7NdLcHvLzD3KJVZgXTI
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-04 - Respond by Nov 3, 2014
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Nov 2014 23:04:54 -0000

draft-ietf-dhc-sedhcpv6-04.txt review:
 - 4 page 5: there is no server authorization. This could be an issue
  but in fact it is something which can't be supported by a booting
  client (i.e., its requires an access to the Internet which is not
  yet available).  So I agree we can give up or postpone it.

 - 4.2 page 6: the algo agility can be inter or intra message. The
 wording "various algorithms simultaneously" is ambiguous when
 it is clearly between messages (i.e., there is one algo used in a
 particular message so the agility applied to two or more different
 messages).

 - 5.2 page 8: add "public key" before certificate (because X.509
  defines attribute certificates too).

 - 5.4 page 10: "fixed-point number" and "in seconds" is not the
  best wording: the second unit applies to the integral part.
  I don't know if we should fix this before the IETF LC.

 - 6.1 page 11: the client must have a certificate ->
  a public key certificate and its corresponding private key.

 - 6.1 page 12: the mandatory algorithms -> one of the mandatory
  algorithms (BTW as there is only one mandatory algo this is not
  a visible change).

 - 6.1 page 12: the behavior on TimestampFail error could be better
  than to go to unsecured mode: the client can use timestamp options
  in messages received from the server to synchronize with it before
  retrying. Of course this requires these messages are validated so
  it can't be specified in a few word... BTW the MAY is still valid,
  it is just not the only option.

 - 6.2 page 13: IMHO the paragraph must be break just before
  "The message that fails authentication check MUST be"

 - 6.2 page 14: I have a question about to add a SHOULD for adding
  a timestamp option in TimestampFail error messages. IHMO there is
  an implicit recommendation to use TS option in responses to queries
  carrying a TS, even there is no TS requested in the ORO...

 - 7.1 page 16: i.e. -> i.e.,

 - 9 page 19: I believe we should remove the SHA-1 from the beginning
  i.e., now. And we have the opportunity to use more state of crypto,
  for instance better RSA signing than RSASSA-PKCS1-v1_5 or to jump
  to ECDSA. Note I propose to keep the current mandatory choice for
  legacy: we should get some advice from a cryptographer...

 - Authors' Addresses pages 22 and 23: RFC 7322 asks the country
  in postal addresses is the ISO IS 3166 two letter code (I believe
  it is an error as this is not what to use in a postal address but
  it seems RFC 7322 (the new RFC style guide) will be enforced before
  it will be fixed...).

Thanks

Francis.Dupont@fdupont.fr

v2.23.0 | Report a Bug | By Email