IETF Logo Mail Archive

Re: [dna] AD review of draft-ietf-dna-simple

Bernard Aboba <bernard_aboba@hotmail.com> Tue, 25 August 2009 04:25 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: dna@core3.amsl.com
Delivered-To: dna@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EA35C3A6942 for <dna@core3.amsl.com>; Mon, 24 Aug 2009 21:25:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.132
X-Spam-Level:
X-Spam-Status: No, score=-0.132 tagged_above=-999 required=5 tests=[AWL=0.607, BAYES_20=-0.74, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WV4QlwtdHo+9 for <dna@core3.amsl.com>; Mon, 24 Aug 2009 21:25:09 -0700 (PDT)
Received: from blu0-omc2-s1.blu0.hotmail.com (blu0-omc2-s1.blu0.hotmail.com [65.55.111.76]) by core3.amsl.com (Postfix) with ESMTP id 063963A69BB for <dna@ietf.org>; Mon, 24 Aug 2009 21:25:08 -0700 (PDT)
Received: from BLU137-W25 ([65.55.111.73]) by blu0-omc2-s1.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 24 Aug 2009 21:25:15 -0700
Message-ID: <BLU137-W2507CF23AEFFE3A9F9198393F80@phx.gbl>
Content-Type: multipart/alternative; boundary="_77397056-a112-457d-a6dd-96c90cbb6154_"
X-Originating-IP: [12.42.66.130]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Jari Arkko <jari.arkko@piuha.net>, Suresh Krishnan <suresh.krishnan@ericsson.com>
Date: Mon, 24 Aug 2009 21:25:15 -0700
Importance: Normal
In-Reply-To: <4A9246D2.60704@piuha.net>
References: <4A55E27D.80200@piuha.net> <BLU137-W109A872CE0057E72AD0EF93260@phx.gbl> <BLU137-W28F2FFB5232BC48619BF5E93210@phx.gbl> <4A5FABFE.2030209@ericsson.com> <BLU137-W82FF05D79447A0BD55C93931E0@phx.gbl> <6983BF97BFC24D4EA551F140712329180119373E@melmail.netstarnetworks.com> <BLU137-W204AB7AE431FAEED407352931E0@phx.gbl> <4A9246D2.60704@piuha.net>
MIME-Version: 1.0
X-OriginalArrivalTime: 25 Aug 2009 04:25:15.0681 (UTC) FILETIME=[0BA07110:01CA253C]
Cc: dna@ietf.org, draft-ietf-dna-simple@tools.ietf.org, gdaley@netstarnetworks.com
Subject: Re: [dna] AD review of draft-ietf-dna-simple
X-BeenThere: dna@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNA working group mailing list <dna.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dna>
List-Post: <mailto:dna@ietf.org>
List-Help: <mailto:dna-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dna>, <mailto:dna-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2009 04:25:10 -0000

Jari said: 

> There is no text associated with DHCPv6 security or interaction 
> of ND/DHCPv6 security. Perhaps something is needed there as well.

The basic question is how the host should behave in situations where security is available. For example, where SEND is available, but not DHCPv6 security, is it always appropriate to prefer the DHCPv6-assigned address?  One one hand, the address determined from SEND is "more secure";  on the other hand, it is also possible that the DHCPv6-assigned address, albeit without security, is correct (e.g. DHCPv6 server might have lost state and assigned the address to someone else, now suggests another one).  

Where DHCPv6 security is available, but not SEND, it would probably make sense to prefer the DHCPv6-assigned address.  Since the document already says that, much more may not be needed, except to point out that the host could end up with an "insecure" address for a short period of time.

v2.23.0 | Report a Bug | By Email