[dhcwg] Re: Intdir telechat review of draft-ietf-dhc-addr-notification-11

Jen Linkova <furry13@gmail.com> Tue, 14 May 2024 06:48 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E5C20C169400; Mon, 13 May 2024 23:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.848
X-Spam-Status: No, score=-6.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id S8hzDAyvRvHe; Mon, 13 May 2024 23:48:56 -0700 (PDT)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 669B1C1654EC; Mon, 13 May 2024 23:48:56 -0700 (PDT)
Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2e1fa824504so68927761fa.0; Mon, 13 May 2024 23:48:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715669334; x=1716274134; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=D5lC5hnkmlcpXMaRlSD/TB+S2qAn8JpJBSJFUiUKVW0=; b=QaGBjHwgYCSmODmfO+HpUPqoDmeE6KWp8vtOk4BueRgpc0dEj2xCbqRp26gN1FHwWQ ererc6XdEE33nAOunXQsjwNnNo+Amku6NOPWqCdlm8VR1Sgnf8fZj5uzYcmKIzXNUiUT qnynDGGKdK93PW6xIhdihHLaUDyDepp11GmEalvBPhwY1MHIp4zKCfRtEW/q2aejpfzR UtxaRWRIhQrAGLqu/6S5LWfibZ2mgmC8ycxeH5zBSUSSVGTT2y7ISUgc0m7VZ1MGi+l2 VF1bTpPTawCjvnqhqPyBzyJr3FvZ6+kugn1UxFwgm/kz4S7ufcxrh22fZOHh5yvBeulC 4ESw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715669334; x=1716274134; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D5lC5hnkmlcpXMaRlSD/TB+S2qAn8JpJBSJFUiUKVW0=; b=tBMOq7RraV333UNULExKY1Szfomzk5bxefZtxFRNfJytKczLrRGBNFNBbwOVOG59Sq txVFg1qs4/GLiRH/kpxl6Dcd+ti2kgHP7T6d6WQDOmOEv68SLHS5GoeON5rntyJiLWSU zWzA+go2ATuk5rGB2B0OkbKbmQEqOaKEZ00KG56T6bQASWWFbwvn4ZSjf1BGs+F0y1Y5 kY0kF+eGdF/VsokEjCJ+fpW9I36LcyqUM7mpUJOyQNms6kph0SV849QnWIlTvGseob9Y 67sgiYBXJnXRTzEO258OJEqIcoI/XELGHF49FfD43iw8K8cBWKf0DUoMlgHKwq6RAXmC 9JVg==
X-Forwarded-Encrypted: i=1; AJvYcCVNBb1J06CInNsL/OVhr8wLz20tT7CysrjmIpricg/pjmogRbzCnqa4clpvUHGyo4+A8oTfMC2H4D98687NUAzqqGCPTdtZsVsqcA9eCTtQ2EZftORpmzpCuRg2bmXBqBi8rarHvpYVC6HzPruOJxtiCEbGQ2sr1k3D50yWed6mXME=
X-Gm-Message-State: AOJu0YxK7Zv+62MD8dSwLDkXCj1X0q0dpygX7x5o+BmSWWQ/h3HiASz9 LN+64exTmxWpF3WrlCUy4ICnCgBLeSTVdVhRsjnRMXakTK8o3cuL0zWl5MKvTj1FeL0tNGSIUFl cL0+4PLvtvoPOAiBJABm3PeA0Opw=
X-Google-Smtp-Source: AGHT+IHKE/JkXDzAf83W8jgR5AcYtA23pVU4ftynRhGyWpsNKSnPTST6UXGrjuABg0sY2WvcielnU7kOiSES7Biw4jQ=
X-Received: by 2002:a2e:9045:0:b0:2e3:38e0:54c7 with SMTP id 38308e7fff4ca-2e5204b2f26mr74814921fa.38.1715669334017; Mon, 13 May 2024 23:48:54 -0700 (PDT)
MIME-Version: 1.0
References: <171529147607.11804.16114886878600792078@ietfa.amsl.com>
In-Reply-To: <171529147607.11804.16114886878600792078@ietfa.amsl.com>
From: Jen Linkova <furry13@gmail.com>
Date: Tue, 14 May 2024 16:48:42 +1000
Message-ID: <CAFU7BAQRBTbWH3CwoadxTw=zuN65bGDDc-YNNiSNMfbVFAJO7w@mail.gmail.com>
To: Carlos Jesús Bernardos <cjbc@it.uc3m.es>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-MailFrom: furry13@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dhcwg.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: int-dir@ietf.org, dhcwg@ietf.org, draft-ietf-dhc-addr-notification.all@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [dhcwg] Re: Intdir telechat review of draft-ietf-dhc-addr-notification-11
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/wK2ZSZHed5kdIyUicKoL-fLi9e4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Owner: <mailto:dhcwg-owner@ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Subscribe: <mailto:dhcwg-join@ietf.org>
List-Unsubscribe: <mailto:dhcwg-leave@ietf.org>

Hi Carlos,

On Fri, May 10, 2024 at 7:51 AM Carlos Jesús Bernardos via Datatracker
<noreply@ietf.org> wrote:
> Based on my review, if I was on the IESG I would ballot this document as YES.

Thank you! ;)

> - At the end of section 1, it is mentioned that the mechanism described in the
> document provides parity with IPv4, by allowing a device to inform the DHCPv6
> server about a self-configured or statically configured address. Apologies for
> my ignorance on this in advance, but, is there a mechanism in IPv4 to do so for
> statically configured addresses? If so, I think adding a reference would be
> useful. If not, maybe the text can be rewritten a bit, as I would find it a bit
> unclear.

We've just submitted -12 which now says:
"This operational practice relies on the DHCP server knowing the IP
address assignments. This works quite well for IPv4 addresses, as most
addresses are either assigned by DHCP [RFC2131] or statically
configured by the network operator. For IPv6, however, this practice
is much harder to implement, as devices often self-configure IPv6
addresses via SLAAC [RFC4862].

This document provides a mechanism for a device to inform the DHCPv6
server that the device has a self-configured IPv6 address (or has a
statically configured address), and thus provides parity with IPv4, by
making DHCPv6 infrastructure aware of self-assigned IPv6 addresses."

I hope it's more clear now, pls let us know if you think further
improvements are needed.

> - It is mentioned that the client MUST include the Client Identifier option in
> the ADDRESS-REG-INFORM messages. I think this might deserve some text regarding
> how this might imply (or not) a potential privacy issue for hosts implementing
> some kind of MAC address randomization and rotation of IPv6 self-assigned
> addresses, as an observer could easily track the addresses being used and match
> those to the same device.

We don’t think this is a concern, because on-link attackers do not
need to use the client identifier to match self-assigned addresses to
devices, they can use the MAC address for that purpose.
Privacy-sensitive clients that randomize their MAC addresses should
obviously randomize their DHCPv6 Client Identifiers too. We’re not
sure this document is the right place to say so, though?

> - It is not completely clear to me if the spec requires a client to use the
> mechanism on ALL interfaces. I mean, can a client use it just on some
> interfaces, but not all, by having configuration policies indicating on which
> ones to use it? As I read the document, it seems to imply that if it is used on
> one interface, it MUST be used on all of them.

Oh very good point, I didn't realize we are not making that part
clear. No, as the registration messame must be sent from the address
being registered (section 4.2 does say that), and the registration
support is network-specific, the client should (must) enable this on
per-interface basis.
We have added the following text to Section 4.4:
"A client with multiple interfaces MUST discover address registration
support for each interface independently. The client MUST NOT send
address registration messages on a given interface unless the client
has discovered that the interface is connected to a network which
supports address registration."

> - Minor nit (or maybe just nothing at it is just that I’m not a native English
> speaker): “to specify the address to being registered” -> I guess the “to”
> should be removed.

Yeah, a typo, fixed!

Cheers, Jen Linkova