Re: [dhcwg] Mirja Kühlewind's No Objection on draft-ietf-dhc-relay-port-07: (with COMMENT)

"Bernie Volz (volz)" <volz@cisco.com> Mon, 13 November 2017 03:57 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF5EF1276AF; Sun, 12 Nov 2017 19:57:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.519
X-Spam-Level:
X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yIrNevbMVqLA; Sun, 12 Nov 2017 19:57:54 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08E46126DCA; Sun, 12 Nov 2017 19:57:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7189; q=dns/txt; s=iport; t=1510545473; x=1511755073; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=PtahED8crLLWNmMrS47YpWzhAPLiee7FdDfB70KHKVY=; b=AvUhv4kvoz0EDRch0/G0K9xmnT/NXGMpGiVTkrXi3a3LfIxHvCNZwU4U 4jSrgpitJgipQrCYnMNKYGevV3OMnqs9+lc401zGB5wfdMA275oSoounF lUFHLsM7XlX2gW+c3zjrw1rQcp/tGpsknCkZ8DL+qIBHIMbyoykUh+NLN I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CeAADiFgla/4MNJK1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBAQcBAQEBAYM1ZG4ng36KH48pkwWFSBCCAQoYAQqFGAIahCw/GAEBAQEBAQE?= =?us-ascii?q?BAWsohR8CAQMBASFLCxACAQgEMQoDAgICJQsUBgsCBA4FiT5kEKsYgieLBgEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBARgFgzSCB4NngwGEZAESAQmDKzGCMgWKLYc7kEI?= =?us-ascii?q?Ch2mNGYIVhgiLJYJQh2GCN4kPAhEZAYE4AR84gQNWGXoVSS0BgjaDEYFOdwGGI?= =?us-ascii?q?YI1AQEB?=
X-IronPort-AV: E=Sophos;i="5.44,387,1505779200"; d="scan'208,217";a="313629108"
Received: from alln-core-1.cisco.com ([173.36.13.131]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Nov 2017 03:57:52 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id vAD3vrX5005249 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 13 Nov 2017 03:57:53 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Sun, 12 Nov 2017 21:57:52 -0600
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1320.000; Sun, 12 Nov 2017 21:57:52 -0600
From: "Bernie Volz (volz)" <volz@cisco.com>
To: =?utf-8?B?TWlyamEgS8O8aGxld2luZA==?= <ietf@kuehlewind.net>
CC: The IESG <iesg@ietf.org>, "draft-ietf-dhc-relay-port@ietf.org" <draft-ietf-dhc-relay-port@ietf.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "dhc-chairs@ietf.org" <dhc-chairs@ietf.org>
Thread-Topic: =?utf-8?B?W2RoY3dnXSBNaXJqYSBLw7xobGV3aW5kJ3MgTm8gT2JqZWN0aW9uIG9uIGRy?= =?utf-8?Q?aft-ietf-dhc-relay-port-07:_(with_COMMENT)?=
Thread-Index: AQHTXDIYTFsLYU3RykyMaUJ6YMsrW6MRrsTC
Date: Mon, 13 Nov 2017 03:57:52 +0000
Message-ID: <013E8E09-72FF-4EB5-85B7-4EC62F58F8F2@cisco.com>
References: <151054482655.21370.2657580358462340178.idtracker@ietfa.amsl.com>
In-Reply-To: <151054482655.21370.2657580358462340178.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_013E8E0972FF4EB585B74EC62F58F8F2ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/si1DpB06MNBuseTIKjVGurKmu6A>
Subject: Re: [dhcwg] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draft?= =?utf-8?q?-ietf-dhc-relay-port-07=3A_=28with_COMMENT=29?=
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 03:57:56 -0000

Hi:

A DHCP Server does not need to listen on other ports. Only the relay that wants to use an alternative port for responses needs to listen on alternate port(s).

Regarding the updates issue, this is always a complex question - does a new DHCP option update these documents? I believe that updates should be used for required changes to a protocol (or corrections), not for extensions. It is too bad there is no “extends” tag to indicate extensions.

- Bernie

On Nov 13, 2017, at 11:47 AM, Mirja Kühlewind <ietf@kuehlewind.net<mailto:ietf@kuehlewind.net>> wrote:

Mirja Kühlewind has entered the following ballot position for
draft-ietf-dhc-relay-port-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-port/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I really think this document should update RFC2131 and RFC3315 as it proposed
concrete changes to both RFCs. The point is that, while the use of the
described mechanism and options is optional, I think the updates of the texts
apply more generally.

Further, I would think that if a DHCP server now has to listen on all ports for
incoming traffic, that this would raise additional security considerations.
However, didn’t think enough about it to name a specific threat.


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org<mailto:dhcwg@ietf.org>
https://www.ietf.org/mailman/listinfo/dhcwg