Re: [dhcwg] AD Evaluation: draft-ietf-dhc-dhcpv6-unknown-msg

Ralph Droms <rdroms.ietf@gmail.com> Mon, 03 February 2014 15:35 UTC

Return-Path: <rdroms.ietf@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7010D1A0137 for <dhcwg@ietfa.amsl.com>; Mon, 3 Feb 2014 07:35:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gz4MylP45tXP for <dhcwg@ietfa.amsl.com>; Mon, 3 Feb 2014 07:35:29 -0800 (PST)
Received: from mail-qc0-x22c.google.com (mail-qc0-x22c.google.com [IPv6:2607:f8b0:400d:c01::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 332001A013B for <dhcwg@ietf.org>; Mon, 3 Feb 2014 07:35:29 -0800 (PST)
Received: by mail-qc0-f172.google.com with SMTP id c9so11497248qcz.31 for <dhcwg@ietf.org>; Mon, 03 Feb 2014 07:35:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/4fZ7jW6mi/d9I9tJOoMRcIYAiinT6cXLKuKQQkh+bs=; b=c0k/4bn2Zw/89YyJntPX6vQvAOPBm/GKweZyp4fcpatcm7U8HlHMm8A6G4F7KXvkW6 X/+VlgHWh+VTe7e2kYq28c8BmOlAkT7//sWmwAi7EV3u4JAGZ2OzZb0J6PYht+3up0fu EmbvxOGwNDB0UWyowS08tZY593AbdijXLSeT8PGmlvEdjVj5/m3xC7GcAHI9+jHu81Qi 9b3tvdzPE/FGxe1HGpX3KoiTSlj+hILSHU0aGcZUNpvodKRSulfwzePE7M1Dt5SSRDQi /8xjmm5CxZjw3oJ2VVBjb1RcpXf2c2MTPoMfXgzxp948sidhTDVkQPK/PAZJjVGJQLKd jcQA==
X-Received: by 10.224.65.135 with SMTP id j7mr58061528qai.10.1391441728698; Mon, 03 Feb 2014 07:35:28 -0800 (PST)
Received: from ?IPv6:2001:420:2c52:1316:a12a:883:79cf:6178? ([2001:420:2c52:1316:a12a:883:79cf:6178]) by mx.google.com with ESMTPSA id b14sm25429619qac.17.2014.02.03.07.35.26 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 03 Feb 2014 07:35:27 -0800 (PST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Ralph Droms <rdroms.ietf@gmail.com>
In-Reply-To: <52EFAD21.6040901@innovationslab.net>
Date: Mon, 3 Feb 2014 10:35:24 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA3A730C-A2A9-42F2-A94C-E44747E0C87B@gmail.com>
References: <52EBC3EA.1020104@innovationslab.net> <CFA19E62-0F9A-4358-AB7C-E4A910BF4874@nominum.com> <52EFA4E8.2040404@innovationslab.net> <D4ECE269-E79C-41A7-9AD1-82E04AB02432@nominum.com> <52EFAD21.6040901@innovationslab.net>
To: Haberman Brian <brian@innovationslab.net>, Lemon Ted <ted.lemon@nominum.com>
X-Mailer: Apple Mail (2.1510)
Cc: "dhcwg@ietf.org WG" <dhcwg@ietf.org>, draft-ietf-dhc-dhcpv6-unknown-msg@tools.ietf.org
Subject: Re: [dhcwg] AD Evaluation: draft-ietf-dhc-dhcpv6-unknown-msg
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2014 15:35:31 -0000

On Feb 3, 2014, at 9:52 AM 2/3/14, Brian Haberman <brian@innovationslab.net> wrote:

> 
> 
> On 2/3/14 9:48 AM, Ted Lemon wrote:
>> On Feb 3, 2014, at 9:17 AM, Brian Haberman <brian@innovationslab.net>
>> wrote:
>>> Hmm... The text above talks about messages from servers to relays. 
>>> Would these messages be coming from servers *not* identified in
>>> the relay's configuration?  That is, do you envision relays seeing
>>> messages from servers that the relay is not configured to use for
>>> received client messages?  If not, shouldn't the guidance be that
>>> relays should silently drop them?  If they can receive messages
>>> from servers they don't know about, the relays will forward these
>>> messages to *other* servers and they should drop them.
>> 
>> Yes, I had a bit of a think about that when replying to your review
>> yesterday, and thought about it some more just now.   I don't think
>> we can address that here—we don't know what these messages will look
>> like, or even if they will be defined, so trying to anticipate their
>> security implications is a bit futile.   I think the language I
>> proposed is adequate for the time being, and does the right thing in
>> the case of unknown messages.   E.g., a server implemented according
>> to the existing spec would not do a bad thing with such a message,
>> because it wouldn't recognize it, and the document defining that
>> message ought to specify how the server should handle it in the case
>> you've described.
> 
> Ok.
> 
>> 
>>> Almost sounds like DHCP needs a capabilities negotiation between
>>> servers and relays. :)
>> 
>> Perish the thought.  :)
> 
> Duly noted.
> 
>> 
>>> If the pairing of a client and relay agent is not expected, this
>>> may not be an issue.
>> 
>> It's certainly a plausible configuration—I've even proposed something
>> like this in homenet.   But I think that the way this would work
>> would again be something that could be documented in the spec
>> describing how it works.   And homenet doesn't seem very interested
>> in solving the problem this way anyway.

I have a less laissez-faire view, here, which is that we ought to disallow explicitly the deployment of a client and relay agent on the same device, with a recommendation that a specification for such a deployment needs to be written if the use case is realized.

- Ralph

>> 
> 
> Ok. Just wanted to check.
> 
> When a new version pops out, I will review it and start IETF LC.
> 
> Regards,
> Brian
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg