Re: [dhcwg] [Int-dir] Review of draft-ietf-dhc-relay-server-security-02

Ted Lemon <> Fri, 27 January 2017 21:25 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3319D12996A for <>; Fri, 27 Jan 2017 13:25:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MJwx5wyBu1ia for <>; Fri, 27 Jan 2017 13:25:16 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400d:c0d::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8ABD212996F for <>; Fri, 27 Jan 2017 13:25:16 -0800 (PST)
Received: by with SMTP id x49so156289839qtc.2 for <>; Fri, 27 Jan 2017 13:25:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=G6BHAHVvBBgaoa1pQ6rzPXDBLdcdblDk0IXCj7Tf/Ag=; b=vg/WmzYdo0mBbJFZf5zyXXQAwOD6rxkz0D+ceOTJul0hFxRRKujdzhpo8kOVDC6ij/ pt+A7YJk6IgAtuNcXnpOd/92fRnex0oEwmwoIUXRUfTGthiNLS+4tT027GgyqNrzTyPN K/n3ykTQh37ok1A3i6U5oWu3jRbEIL6aJ+DVn3sZ6b1w0nZeWLEGToNJ1+T5WjM3/e5J G46JhENpu++cuoqGhibT125P7BSi1/Z1oyrvgi3rPNEsg+vZ43uxyptWH+aXUqtizGVx Nilr6PXRAVyQopcgUfErUEN0z+6epo8wg9eQWQMbwUqWq6mwW2WjpIF78P+S0lwZoNaO /VVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=G6BHAHVvBBgaoa1pQ6rzPXDBLdcdblDk0IXCj7Tf/Ag=; b=QAhPD77Iyw9D3WCAzPYZaG22m/b9d20mlq/mt5g7DQSYFnOygbJwNl5ZdwkKLTgAnn x2Ki9RVM6KtkVd2oSptCCz5hl/Z9HbLq49pam8ZnH0qTyGq9B5vygdx6twE5MICf8EEr Avq9bSYPgGcbGSIF38REYkiK1cUaryliSW3WYNKe7359ru4i8dE9o3cw9rNXxJXbAt8c nDS/fuUT7WJRH7u8lIxPluLa1hUC2jWCz4PXPeNPli99K3togSlZ+M2NBoHqpPPJo8sE yt/cy5McE0ZRHYpmth4ITdRlIkqV68yFRdqbSPdZrKSQTdSDG8NZ8ILTgbpA/l7a1jMQ MsMg==
X-Gm-Message-State: AIkVDXJc1kNt8FnRQvFjzpFCGLrrzkCcYq0kkcwNSGdKKZTTjFMKKo3O16RK3l+AcpRIYQ==
X-Received: by with SMTP id c8mr10358755qta.156.1485552315541; Fri, 27 Jan 2017 13:25:15 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id 37sm5134478qto.43.2017. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 27 Jan 2017 13:25:14 -0800 (PST)
From: Ted Lemon <>
Message-Id: <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C986E285-A393-455B-8E37-D224B64E4EA5"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Subject: Re: [dhcwg] [Int-dir] Review of draft-ietf-dhc-relay-server-security-02
Date: Fri, 27 Jan 2017 16:25:12 -0500
In-Reply-To: <>
To: "jouni.nospam" <>
References: <> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3259)
Archived-At: <>
Cc: "" <>, "" <>, Tomek Mrugalski <>, Jouni Korhonen <>, "" <>, "" <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 27 Jan 2017 21:25:19 -0000

On Jan 27, 2017, at 3:20 PM, jouni.nospam <> wrote:
> I would still argue that it updates specifically if the document here is going to be standards track. If this document here would be more of a recommendation e.g., BCP I would be fine without the “updating” part (as I remember the MUST for IPsec in RFC3315bis was not endorsed by the WG).

Ok, but it's not a BCP, it's a standard, with requirements for interop.   So it can't be a BCP.

Given that it can't be a BCP, the other choices are "informational" and "experimental" and "updates the base spec."   You are saying that you want "updates the base spec," which would mean that everybody would have to implement it to conform to the new, updated spec.   But the argument has been made that this is not desirable: not everybody needs to implement this, and it is not desired that implementing this be a requirement.

So are you saying that you disagree with this—that you think it should be MTI?   Or are you saying that there is some other way to accomplish this goal?