[dhcwg] What sorts of services does DHCP configure?

[Ted Lemon <mellon@fugue.com>]

During the IESG review of the DHCP Option Guidelines document, a number of issues came up, but the most contentious had to do with the question of exactly what services it makes sense to configure with DHCP.   This is an issue because the use model for one class of such services is quite different from the use model for the other class, and prospective users of DHCP to configure services of the other class therefore disputed the option document's advice on when to use FQDNs.

The dichotomy that I would like us to discuss is between network-specific services and node-specific services.

To illustrate what I mean, consider DNS.   DNS is the same everywhere (at least in principle).   If I ask a question of a DNS server on network A, and ask the same question on network B, I should get an equivalent answer; at the very least, the answer should come from the same data, and should validate with DNSSEC.   So it doesn't matter which DNS resolver I use, and indeed this matches how we use DNS.   So DNS is a network-specific service: the DNS server you use probably should be the one closest to you.

Now, consider IMAP.   If you use IMAP, you probably have one or more IMAP servers.   These servers are fixed in location.   You do not check a different IMAP server when you are at Starbucks than you do when you are at home, or at work.   So IMAP is a node-specific service—your IMAP configuration stays with your laptop or tablet, and does not change as you move from network to network.

If you look at the list of DHCPv4 options, you can find lots of IMAP-like services, and lots of DNS-like services.   I think that the DHCPv4 options for configuring node-specific services are a mistake—they are a throwback to a time when nodes didn't move around, so we weren't aware that we had a problem with the use model for DHCPv4 in configuring things like SMTP and IMAP.

At the same time, during the discussion about the Option Guidelines draft, several people raised the idea of services that are configured via DHCP, even though they are node-specific, because in certain cases that's the only option, and it makes sense to configure them that way in those cases.   For instance, a desktop SIP phone might get its initial SIP configuration over DHCP, and then not use DHCP to get SIP configuration anymore.

I am going to make a claim, and I would like the working group to tell me whether they agree with or disagree with this claim.   My claim is that DHCP doesn't make sense for configuring node-specific services.   There may be edge cases where a node-specific service can be configured using DHCP, but DHCP isn't the right service to be used in this case—it's used in this case because there is no better alternative, not because DHCP is a good alternative.   And while there may be edge cases where configuring a particular node-specific service using DHCP makes sense, there will be many more cases where using DHCP to configure that same service would not only not work, but would probably create serious security vulnerabilities.

Thoughts?