IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023

Jen Linkova <furry13@gmail.com> Fri, 29 December 2023 12:02 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92155C14CF17 for <dhcwg@ietfa.amsl.com>; Fri, 29 Dec 2023 04:02:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.858
X-Spam-Level:
X-Spam-Status: No, score=-1.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5R-gviOxfdZN for <dhcwg@ietfa.amsl.com>; Fri, 29 Dec 2023 04:02:21 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 052ABC14CF09 for <dhcwg@ietf.org>; Fri, 29 Dec 2023 04:02:20 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id 38308e7fff4ca-2cc7d2c1ff0so73031841fa.3 for <dhcwg@ietf.org>; Fri, 29 Dec 2023 04:02:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703851339; x=1704456139; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=P1fjCUjGdHbQR8M4PfmTtg4ZCxIPgbzVCr2v4QIrdgM=; b=lw7LBt7nf0Mxd2RIe64Dsgn9xpsnw0ar/lZZ+R48ogr68Hp0NBGopOe0o7K36+ibfR Wr9NLDEaH6ND0oQHt2O6F6hlsBc8ulUux0EWXKtcq6hwZJVBHfb18PLKGVQ5Cezw1fgt FaoEOnSHojRDudsGk7h/4BJa3+XdvvNhU7nXX1/VQ4/lmoQMScNWWvzLVVtbEMCOvIWq fKNgdHPC5XhveckylBGBV3WatM0dEE+jnBjw8ad0AuURY7ySwH5CnuAj72Z6Ve2lmcxd 7utmOo0NqyDRdA6zoRYIpczN2YThjGihOWDdPQFWKX06koUIzcxSeIrFTDCuLfnm1Nur ZVgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703851339; x=1704456139; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P1fjCUjGdHbQR8M4PfmTtg4ZCxIPgbzVCr2v4QIrdgM=; b=Di6fj16B66Ge8GvFV1tFV2oK7B4vpCOu6bmo59Ou5sE4trHxcgqgTyJWseKIeA3N3D SnuK4eYudC0K/V8+LPMuZGkzQeNrNpzicG68yMPdc391C5je0XwBy7X0lkKs/RYSq7Po 96ceDTuHMlaC1f6b6Fh5QJmpIaKqdflbr4gIDTOQIHKG9v1HBz5jXGntFtTZ+XXmChwu 1ELlF6SbfTx8wTp4pb5BjfrWPXYpWeU5nftqID7jtNRrupawAls1egwE0ZeeYdGe9oub 5iVOE6PbmKTOEaMPM/ROXc8WztFHpSECOgaYoiGFlixb4Xc7ZM9/7q6A27m+fhnzKvBa NxJg==
X-Gm-Message-State: AOJu0Yxm2F5h3CSPieU9YPv5dro5Wd/ReQBXJbH5S4ylkPm06Fkiy22Y nY/J/Ze6SN1KrIT4GL/EA0J6Eyk+AmP3iZMv2Sz8qAOXNqk=
X-Google-Smtp-Source: AGHT+IHefAeawJGymY2bhEs5KE2V1oVhzKq7v7+lKBWPCtu4xXp2YPmTy9VD7HrgPKakrVJvzse5TfH1DI1YCzIPG1U=
X-Received: by 2002:a2e:84c6:0:b0:2cc:6fd6:a6c1 with SMTP id q6-20020a2e84c6000000b002cc6fd6a6c1mr5011183ljh.94.1703851338861; Fri, 29 Dec 2023 04:02:18 -0800 (PST)
MIME-Version: 1.0
References: <CACyFTPE0+aV35JgVCL62T3NKL_tFkxuvM=Wfq0xpcw5_Ra-u_A@mail.gmail.com> <15477.1703435979@localhost>
In-Reply-To: <15477.1703435979@localhost>
From: Jen Linkova <furry13@gmail.com>
Date: Fri, 29 Dec 2023 13:02:07 +0100
Message-ID: <CAFU7BATNwBjbY7k_i7ft8nf2b_HhRqV2yyd4LKc=ou1kLmjwXQ@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: dhcwg@ietf.org, Daryll Swer <contact=40daryllswer.com@dmarc.ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/yROTY1a1TN1rRThz5w6t8bWlASA>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-addr-notification - Respond by December 11, 2023
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Dec 2023 12:02:21 -0000

On Sun, Dec 24, 2023 at 5:39 PM Michael Richardson
<mcr+ietf@sandelman.ca> wrote:
> It seems to me that a DHCPv6 server, which has received it's prefix via
> DHCPv6-PD *could* turn around and forward any ADDR-REG-INFORM it received up
> one level.  I think it need to reform ("proxy", application-level) the
> messages and take responsability for them itself.  It should not blindly
> forward or rely upon the "end" client to stop and/or retransmit.

I'm not aware of any generic proxy mechanism. Defining it just for
this specific message sounds like an overkill (and it would introduce
some
privacy considerations indeed).

> While an RFC7084 fits squarely into the "gets DHCPv6-PD", and might even
> delegate DHCPv6-PD, I strongly think that it should never, in the residential
> situation, send ADDR-REG-INFORM from the home lan to the ISP.

In the current text it would not - unless it acts as a DHCPv6 relay,
not as DHCPv6 server. But in the latter case the endpoints located in
a given household would be sending DHCPv6 packets to the ISP server
anyway, right?

[skip]
> The challenge here is that we have to send one ADDR-REG-INFORM message for
> each downstream host, and we have to do that from the address of the host!
> I think we should rethink this in some way.

TBH, I'd rather say "don't do this".

> I wrote some text:
>   https://github.com/wkumari/draft-wkumari-dhc-addr-notification/pull/68
>
> and I'm sorry to open this can of worms, but I don't think that enterprises
> will be happy without this.

I have some concerns.
1. The desired result can be achieved by relaying the messages - and
it would using the standard DHCP mechanism. What you are proposing
requires developing a new mechanism for proxying (and we'd need to
either sacrifice security, or let the proxy use a spoofed source
address).
2. If I understand you correctly, you see the following use cases when
the current text doesn't work:
2.1 an enterprise remote office with a CPE acting as DHCPv6 PD client.
The enterprise administrator might want to know the registration data
for endpoints.
2.2 a SNAC router (so the home network administrator has information
about addresses used by the devices in the stub network.

For #2.1  I'd expect the enterprise to collect that data from the
router (the same way they would need to do it for DHCPv[46] assigned
addresses). That information doesn't need to be collected  in real
time, so existing monitoring/telemetry mechanisms would do.
Not sure about SNAC case, but I'm still not convinced we shall
complicate things so drastically (as to invent a proxy mechanism) to
solve it.


>In particular, our desire to enable more
> (permissionless) DHCPv6-PD downstream will get the same pushback that has
> lead to this document.

I'm not sure what you mean about "permissionless' '. As long as the
server delegates the prefix, the administrator knows which device that
prefix was delegated to.
So accountability is there.

-- 
Cheers, Jen Linkova

v2.23.0 | Report a Bug | By Email