Re: [Gen-art] review of draft-ietf-dhc-dhcpv6-active-leasequery-03.txt
Kim Kinnear <kkinnear@cisco.com> Thu, 09 July 2015 20:40 UTC
Return-Path: <kkinnear@cisco.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAA2C1A0178 for <gen-art@ietfa.amsl.com>; Thu, 9 Jul 2015 13:40:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dpfw2f2haFAd for <gen-art@ietfa.amsl.com>; Thu, 9 Jul 2015 13:40:38 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C1FC1A016B for <gen-art@ietf.org>; Thu, 9 Jul 2015 13:40:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5092; q=dns/txt; s=iport; t=1436474439; x=1437684039; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=3/KlJHeUWIh1chzVKlx+dciNuDsWF1i7Cl1apvROXGs=; b=XKGyZbxVwuRuSonXIIqGUjZPTizTQPK4wwfwIfr9rL8IPW5oBR0PdG2Z 6Uqw1YxVUjToj5MlKPpRNIY53AzixzAjRoU6kb3CvAwgTzpffxtKeXARY 0iE+Idr+D/tnDzab01pZryUry/xXJ16IIBAxWUCuoZ3E+58C+OLS2EKzw Q=;
X-IronPort-AV: E=Sophos;i="5.15,442,1432598400"; d="scan'208";a="578675152"
Received: from aer-iport-nat.cisco.com (HELO aer-core-2.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP; 09 Jul 2015 20:40:37 +0000
Received: from dhcp-10-131-65-201.cisco.com (dhcp-10-131-65-201.cisco.com [10.131.65.201]) (authenticated bits=0) by aer-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t69KeSQF008708 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 9 Jul 2015 20:40:32 GMT
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Kim Kinnear <kkinnear@cisco.com>
In-Reply-To: <6BFA7707-36EC-4D73-8EF8-9E7194327C70@piuha.net>
Date: Thu, 09 Jul 2015 16:40:28 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <5E8B1490-38D5-41D1-A336-2B43B37CCEA2@cisco.com>
References: <201507061346.t66DkLaY070724@givry.fdupont.fr> <6BFA7707-36EC-4D73-8EF8-9E7194327C70@piuha.net>
To: Jari Arkko <jari.arkko@piuha.net>, Francis Dupont <Francis.Dupont@fdupont.fr>
X-Mailer: Apple Mail (2.1878.6)
X-Authenticated-User: kkinnear
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/wKMeAjw2hN5aXTIOVZKncqDFf3A>
Cc: gen-art@ietf.org, draft-ietf-dhc-dhcpv6-active-leasequery.all@tools.ietf.org, Kim Kinnear <kkinnear@cisco.com>
Subject: Re: [Gen-art] review of draft-ietf-dhc-dhcpv6-active-leasequery-03.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Jul 2015 20:40:42 -0000
Jari, Francis, Thanks for the information regarding the TLS transport. As Dusyhant said, we will incorporate both of your TLS suggestions into the document: > 1- the message framing for TLS uses the same format than for TCP > (so RFC 5460 5.1). > 2- one DHCP message SHOULD be carried in one TLS record. > IMHO it is easy, simple and works well with tunneling. In addition, we will incorporate your other editorial comments as well, though I've never before been told that I can't use "may" in a draft. The comment about sending STARTTLS without any options: Generally we expect that any options not explicitly documented to have meaning in a message on the receiving end will be ignored when receiving a DHCP message. If we say in this document that you SHOULD send no options in a STARTTLS message, if we reuse that message later (as I expect we will) and that re-use involves options (as it might), then the later draft has to update this document just to re-use the message, even though it doesn't have anything to do with leasequery (but just wants to do a TLS connection to the DHCP server). Which seems a bit confusing for someone who is implementing this draft in the years to come. On the other hand, we have no current plans for options on the STARTTLS message, so we will say that you SHOULD send it with no options and let the future be as it will be. Thanks for your review, Kim On Jul 8, 2015, at 5:59 PM, Jari Arkko <jari.arkko@piuha.net> wrote: > Thanks for the review. Authors, shepherd/AD, do you have any comments on Francis’ TLS issue below? > > Jari > > On 06 Jul 2015, at 15:46, Francis Dupont <Francis.Dupont@fdupont.fr> wrote: > >> I am the assigned Gen-ART reviewer for this draft. For background on >> Gen-ART, please see the FAQ at >> >> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >> >> Please resolve these comments along with any other Last Call comments >> you may receive. >> >> Document: draft-ietf-dhc-dhcpv6-active-leasequery-03.txt >> Reviewer: Francis Dupont >> Review Date: 20150701 >> IETF LC End Date: 20150629 >> IESG Telechat date: 20150709 >> >> Summary: Almost Ready >> >> Major issues: None >> >> Minor issues: the TLS part is a bit underspecified (nothing critical >> as the missing text should get a quick and easy consensus) >> >> Nits/editorial comments: >> - ToC page 2 and 12 page 27: Acknowledgements -> Acknowledgments >> (you chose US spelling by using behavior :-) >> >> - 6.1 page 8: you assume TLS offers the same transport facility than TCP. >> In fact it is not true: TCP is a pure octet stream when TLS is a >> sequenced packet. This has an impact in the framing: you have to say >> something about the message framing for TLS. I strongly suggest to say: >> 1- the message framing for TLS uses the same format than for TCP >> (so RFC 5460 5.1). >> 2- one DHCP message SHOULD be carried in one TLS record. >> IMHO it is easy, simple and works well with tunneling. >> >> - 6.2.1 page 8: MUST BE -> MUST be >> >> - 6.2.2 page 9: it is one of the places you should give more details >> about STARTTLS. I suggest to add the STARTTLS message SHOULD be sent >> without any option, and any valid option in received STARTTLS messages >> should be ignored (I put the word valid to catch the bad server ID >> case which BTW seems to be one of the few possible errors). >> >> - 6.3.1 page 9, 8.4 page 16, 8.6.1 page 20: i.e. -> i.e., >> >> - 8.2 page 13: requestor should proceed -> requestor SHOULD proceed ? >> >> - 8.2 page 14 (3 times): drop -> close >> >> - 8.2 page 14: verify -> validate >> (my concern about verify is this term is more about the signature, >> so I recommend to use RFC 5280 term, i.e., validate). >> >> - 8.2 page 14 and 8.3 page 14: Active Leasequery -> ACTIVELEASEQUERY ? >> >> - 8.4 page 17: server should close -> server SHOULD close >> >> - 8.4.1 page 17: may run -> MAY run or can run or... >> (i.e., please avoid lower case keywords) >> >> - 8.4.1 page 17: can't parse: "If this should occur," >> >> - 8.4.1 (very end of) page 18: there may be -> there can be >> >> - 8.4.1 page 19: This Bulk Leasequery request should include -> SHOULD >> >> - 8.5 page 20: first sentence, twice: may -> can >> >> - 10 page 26: there is a new security mechanism proposed for DHCPv6, >> secure DHCPv6. As it is clearly designed for UDP transport I don't >> believe it interferes with the document so IMHO you can safely ignore it. >> >> - Authors' Addresses page 28: according to ITU TS E.123 international >> phone numbers have no optional prefixes so there should be nothing >> included in (), for instance: >> +91 (080) 4365-7476 -> +91 080 4365-7476 >> >> Regards >> >> Francis.Dupont@fdupont.fr >> >> _______________________________________________ >> Gen-art mailing list >> Gen-art@ietf.org >> https://www.ietf.org/mailman/listinfo/gen-art >
- [Gen-art] review of draft-ietf-dhc-dhcpv6-active-… Francis Dupont
- Re: [Gen-art] review of draft-ietf-dhc-dhcpv6-act… Jari Arkko
- Re: [Gen-art] review of draft-ietf-dhc-dhcpv6-act… Dushyant Raghuvanshi (draghuva)
- Re: [Gen-art] review of draft-ietf-dhc-dhcpv6-act… Kim Kinnear
- Re: [Gen-art] review of draft-ietf-dhc-dhcpv6-act… Brian Haberman