IETF Logo Mail Archive

Re: [dhcwg] WGLC comments on draft-ietf-dhc-mac-assign-01

"Bernie Volz (volz)" <volz@cisco.com> Tue, 03 December 2019 17:06 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 300A012004C for <dhcwg@ietfa.amsl.com>; Tue, 3 Dec 2019 09:06:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=irjxsKg/; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=OOyfiwMg
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oTW7VKmNrmaC for <dhcwg@ietfa.amsl.com>; Tue, 3 Dec 2019 09:06:37 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FA4E12000F for <dhcwg@ietf.org>; Tue, 3 Dec 2019 09:06:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6290; q=dns/txt; s=iport; t=1575392797; x=1576602397; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=QP22yEr+FfSr3F/5QUCVOLXwTEo1H+lUWdH01drt4xY=; b=irjxsKg/3erpeVfxisOO7nWwRO5VoGADFcZj+eYy7EpMQ8QCPLgwqI+W UQN3F+QMvIdpgoqtgpXHfCM0bIZ6WNQcr7vU/Ot6h651gX7blGTZXUrGe YsN1bq224A0T2IMcj2dZtHUeQKeHLon9LauPysm15nvPA0YyUiq+h25o0 A=;
IronPort-PHdr: 9a23:6K/pXBBjo/aK2Xi4cGCuUyQJPHJ1sqjoPgMT9pssgq5PdaLm5Zn5IUjD/qgw3kTRU9Dd7PRJw6rNvqbsVHZIwK7JsWtKMdRXUgMdz8AfngguGsmAXFP8KOzCZC0hF8MEX1hgrDm2
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BHAQDalOZd/4ENJK1lHAEBAQEBBwEBEQEEBAEBgWsGAQELAYFKJCwFbFggBAsqCodnA4p4ToIRmASBLhSBEANUCQEBAQwBARgLCgIBAYRAAoINJDUIDgIDDQEBBAEBAQIBBQRthTcMhVIBAQEBAwEBECgGAQEsBgYLBAIBCA4DBAEBHxAnCx0IAgQBEggagwGCRgMuAQIMpiACgTiIYIIngn4BAQWFAxiCFwMGgTYBineBHhqCAIEQAUeBTn4+gmQBAYEwARECAQYCGCSDHIIsjWSIKpg5CoIujEWJL5okjkqaHQIEAgQFAg4BAQWBVAE2Z3FwFTuCbFARFIxmDBeDUIUUhT90gSiPQQGBDwEB
X-IronPort-AV: E=Sophos;i="5.69,273,1571702400"; d="scan'208";a="669755519"
Received: from alln-core-9.cisco.com ([173.36.13.129]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 03 Dec 2019 17:06:36 +0000
Received: from XCH-ALN-013.cisco.com (xch-aln-013.cisco.com [173.36.7.23]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id xB3H6ZbF019932 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 3 Dec 2019 17:06:35 GMT
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by XCH-ALN-013.cisco.com (173.36.7.23) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 3 Dec 2019 11:06:35 -0600
Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 3 Dec 2019 12:06:32 -0500
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 3 Dec 2019 12:06:32 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nTcGevRntwgkdtWlArGqaqXTPLXl/Z9It7t4hB6wcQt0AUwZZpxfrIN7GXKSa7ihkIIWNRnT5G9FAYQG/ijaWI9ttuvck3oOX6z+JEqA85PS1k+JQJeeBYaEmS6/W+KZH1lD5+4TicMsmoOiZd4fKmw2K9scKUgUfizOF2BR+T3GDzlMD/0yCW8QmwQRWUmmnSMnVelqBTZ6ArrRV7TTTR1ZQJ0bJODz2HZdN0xwUGYvp9xtexsZqJT8K8RWdXXMMhjkKPciCFST/cBUgwQGwu2jm76IlqWeftVTEO1i8VJlO+p5HPUKX2mlZk0rZjObAfIDsywsSvJtMDB3HWtSXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m/V1ekfeoSkMifKMR1CAPERSCMRFmeFkOOb244ghE5c=; b=XX6J6N2pDSSmyRfWCYxDlKnAG1fJMjsvZ5xItnOBU/NCH8o3fXakXtBQkZay+GpDKZG3VsAGSa1MUplh5Z4Q328jofDcuqVBWdSc2kFrj/yLqQ91Bx9QHTwLX1T0ORkqSzookOV9snmMx7tZKEf1kOA+XCdN0ZzPMt1+go4Y6BaRvrM6p/0VcdgG8exZ4cjqTSmJejpDRC2iEVlSzYTulGu1oDOGeTozdM5hm7iWa1VbJN7unqKg64YmWAUZjNogN7D+KiwffBsfrb4qLGLbtMfeYgrcVOjQfRbsfr1Hxp6sCDiuMOIhfbG7eQg5CYYkkNmdtj9orjFHLkECVJbDng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m/V1ekfeoSkMifKMR1CAPERSCMRFmeFkOOb244ghE5c=; b=OOyfiwMgDx1s0vIuAn1e6aa6WQv1G5C+FXlKVZFcF2I6Z8lybAdk0CkSihK4D4xiBPJ/n66YqZqZa3kUo4NpYOkbF42bRLne6zyCZEt+hMUBz9Uwq3tqZiGkHbsJJzAGVVSs6g7zl0KGnWRKPkF00E0KOGB5xEnxh34yY9yRAE0=
Received: from DM6PR11MB4137.namprd11.prod.outlook.com (20.176.126.158) by DM6PR11MB2635.namprd11.prod.outlook.com (20.176.98.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2495.20; Tue, 3 Dec 2019 17:06:31 +0000
Received: from DM6PR11MB4137.namprd11.prod.outlook.com ([fe80::4194:dade:1d47:2678]) by DM6PR11MB4137.namprd11.prod.outlook.com ([fe80::4194:dade:1d47:2678%6]) with mapi id 15.20.2495.014; Tue, 3 Dec 2019 17:06:31 +0000
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] WGLC comments on draft-ietf-dhc-mac-assign-01
Thread-Index: AQHVnYAPqrqhpleUMUyZ73OvuBSkt6eor6TQ
Date: Tue, 03 Dec 2019 17:06:31 +0000
Message-ID: <DM6PR11MB4137231E4746D4E633B43B32CF420@DM6PR11MB4137.namprd11.prod.outlook.com>
References: <c9976d83-7243-cf44-a9c6-ff858afb5247@gmail.com> <460043b2-bb13-7d40-bd16-26dd3695077d@gmail.com>
In-Reply-To: <460043b2-bb13-7d40-bd16-26dd3695077d@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=volz@cisco.com;
x-originating-ip: [173.38.117.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cdf8a907-b8fc-4951-6c66-08d778132501
x-ms-traffictypediagnostic: DM6PR11MB2635:
x-microsoft-antispam-prvs: <DM6PR11MB263513F65122E899BF6F2B60CF420@DM6PR11MB2635.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02408926C4
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(396003)(136003)(39860400002)(346002)(13464003)(199004)(189003)(86362001)(7736002)(305945005)(7696005)(74316002)(186003)(33656002)(53546011)(6506007)(66946007)(102836004)(76176011)(26005)(446003)(66476007)(8676002)(66446008)(64756008)(2906002)(76116006)(14454004)(66556008)(2501003)(8936002)(110136005)(81166006)(316002)(14444005)(256004)(5660300002)(71200400001)(25786009)(99286004)(52536014)(11346002)(81156014)(966005)(478600001)(6436002)(6306002)(55016002)(9686003)(6116002)(3846002)(6246003)(71190400001)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM6PR11MB2635; H:DM6PR11MB4137.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FOE//ZacaaZpjR4ux439seYDhlKbq6027f51i/QpW+ASmGyYDQJxrEOICC5ABOALadymiFh+/DVvLYQ9V94fXJqZvfl3b4ppNzoBTJhn9jLMFYwv9jJqBk604IXFOuOEAFGCVGxR4V2+8lPgJn3hKCPIJuhrVe4Ytva/jlb7tjUM/emfQTdKdFXCY53WUiXLDr8Ks7/qIWNeVV9ceaUEn4pgbZyGYIGWtbJ5YhrfMETHweg7MMimamwJAYf79KgKM4IzMa5fXWZeCGtQYrHDdnt+hX81XcT1ZXgZh7ZR91wXjqJMmRNyiQSAFxV8TP1pNG1fOth5xScN4BiGf+z//jQDNZEpvkXH3PywVH0fHGCwhGmMA3QZWG3kIgzt4Kvh0yA4rg8+id8UVDDcKqlDig2ZBMYS5ppjU0NsKpItOiZMAZPI6MEBVUczgByU3mtyYliFMvmtj/rYzWKBU1aWTMF6X4KekJh2wRRQ+fCE/5c=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: cdf8a907-b8fc-4951-6c66-08d778132501
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Dec 2019 17:06:31.5877 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lp3Ps2lg42+jIByNVKXnpAoK1c70KT+z7BX0Ob3gMgStpymCBF4llkEQLrle39nN
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB2635
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.23, xch-aln-013.cisco.com
X-Outbound-Node: alln-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/zZxK_LBXIvJAqyPygA6Rm7OZeLM>
Subject: Re: [dhcwg] WGLC comments on draft-ietf-dhc-mac-assign-01
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 17:06:39 -0000

Hi Tomek:

Some comments on your comments inline below (prefixed by BV>).

I have updated the github repository, but not published an 02 just yet. So, the fixed comments refer to the coming 02 (see the github repository version).

I'll wait a bit to see if you (or anyone else) have any comments regarding this email before publishing the 02 revision.

- Bernie

-----Original Message-----
From: dhcwg <dhcwg-bounces@ietf.org> On Behalf Of Tomek Mrugalski
Sent: Sunday, November 17, 2019 2:48 PM
To: dhcwg@ietf.org
Subject: [dhcwg] WGLC comments on draft-ietf-dhc-mac-assign-01

Disclaimer: I used to be involved in the draft-ietf-dhc-mac-assign a year ago. I asked the other authors to remove my name from it, but they feel my contributions were significant enough to keep it on.

So it's with my co-chair and co-author hats off, I support this work moving forward. However, I have some comments that should be addressed.

Nitpicks:
Section 6, bullet numbering is wrong (no item 2) Section 6, bullet 3: block of address => block of addresses

BV> Fixed. An earlier version had added ability to request multicast addresses, but that was removed and the bullet numbers were not adjusted (as with XML2RFC V2, we must manually maintain numbered lists).

Section 6 properly explains that the client is supposed to set the valid lifetime field to 0. I'd like to see a text for the other side: the server MUST ignore the valid lifetime value.

BV> OK, the text there said that the server should ignore but I adjusted it to use MUST. Later text also documented that the server MUST ignore:

   In a message sent by a client to a server, the valid lifetime field
   SHOULD be set to 0.  The server MUST ignore any received value.

Nitpick: "a IA_LL" => "an IA_LL". RFC8415 uses an for all IA options.

BV> Fixed.

"The server MAY alter the allocation at this time." This is technically incorrect. Server doesn't have any allocation yet, it's about to make one. Better text would be: "The server allocates block of addresses according to its configured policy. The server MAY assign a different block than requested in the Request message."

BV> Fixed.

Text in section 10.2: "This value can be only sent by a client that requests a new block.". There are two issues with this text. First, I would rephrase this text. The sentence as written now suggests that the only entity allowed to set this field is a client and only under certain circumstances. Maybe something like this: "A client is only allowed to set this value when requesting a new block?". The second problem with this text is that it's not really true, is it? What about renewals?
Client is expected to send the block it already has for renewal.

BV> Fixed. Used " link-layer address that is being requested or renewed, or  a special value to request any address."

"extra-addresses - A four octets long field". Would be useful to clarify that it's an unsigned field encoded in network byte order.

BV> Fixed - add RFC8415 text in all of the placed where integers are used in options.

End of section 10.2: "More than one LLADDR option can appear in an IA_LL option." This seems to be in contradiction with earlier text that says "Therefore, if a client wants more addresses at a later stage, it SHOULD send an IA_LL option with a different IAID to create another "container"
for more addresses.". So what are the circumstances when more than one LLADDR is present in IA_LL? If there are none, perhaps best would be to remove this sentence?

BV> I'm not sure why a "can" contradicts a SHOULD. Just because the usual case would be a single LLADDR (i.e., SHOULD), I don't see why we would need to prohibit having more than one LLADDR (i.e., can). And, we don't really know the use cases someone may have in the future, so I would prefer not to restrict this.  I can see two ways forward - leave as is (perhaps use "MAY" instead of "can") or remove both statements.

BV> Note that SHOULD is:
3. SHOULD   This word, or the adjective "RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.

BV> And MAY is:
5. MAY   This word, or the adjective "OPTIONAL", mean that an item is
   truly optional.  One vendor may choose to include the item because a
   particular marketplace requires it or because the vendor feels that
   it enhances the product while another vendor may omit the same item.
   An implementation which does not include a particular option MUST be
   prepared to interoperate with another implementation which does
   include the option, though perhaps with reduced functionality. In the
   same vein an implementation which does include a particular option
   MUST be prepared to interoperate with another implementation which
   does not include the option (except, of course, for the feature the
   option provides.)

BV> I think the bottom line (just as with IAPREFIX/IAADDR options in IA_PD/IA_NA), a server MUST be able to support multiple instances of these options within a single IA.

Section 13 should probably mentioned that there is no duplicate detection mechanism such as DAD for IPv6. It's not really a problem, though. A malicious node can start using any MAC address and doesn't have to go through the hassles of implementing this protocol.

BV> Hum ... doesn't the paragraph that is there already explain this?

   There is a possibility of the same link-layer address being used by
   more than one device if not all parties on a link use this mechanism
   to obtain a link-layer address from the space assigned to the DHCP
   server.  It is also possible that a bad actor purposely uses a
   device's link-layer address.

I hope to review the second draft in the coming days. Will send a separate mail.

BV> Any comments on the slap-quadrant draft would be appreciated.

Thanks,
Tomek

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email