Re: Gen-ART LC Review of draft-ietf-dhc-relay-id-suboption-11
Ben Campbell <ben@nostrum.com> Fri, 21 December 2012 15:40 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C6E021F85D7; Fri, 21 Dec 2012 07:40:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.474
X-Spam-Level:
X-Spam-Status: No, score=-102.474 tagged_above=-999 required=5 tests=[AWL=0.126, BAYES_00=-2.599, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yNp20WY0A2vh; Fri, 21 Dec 2012 07:40:23 -0800 (PST)
Received: from shaman.nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id AD78321F8ADA; Fri, 21 Dec 2012 07:40:17 -0800 (PST)
Received: from [10.0.1.14] (cpe-76-187-92-156.tx.res.rr.com [76.187.92.156]) (authenticated bits=0) by shaman.nostrum.com (8.14.3/8.14.3) with ESMTP id qBLFeGCi096183 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 21 Dec 2012 09:40:16 -0600 (CST) (envelope-from ben@nostrum.com)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
Subject: Re: Gen-ART LC Review of draft-ietf-dhc-relay-id-suboption-11
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <F2B120E98374B2448745C1117BDA1854238F281F@BLRKECMBX23.ad.infosys.com>
Date: Fri, 21 Dec 2012 09:40:18 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <8C2DB2B9-B9DD-444B-B760-DED177907291@nostrum.com>
References: <BE996F07-CFB7-47F5-8B17-FA651C294FA3@nostrum.com> <F2B120E98374B2448745C1117BDA1854238F281F@BLRKECMBX23.ad.infosys.com>
To: RAMAKRISHNADTV <RAMAKRISHNADTV@infosys.com>
X-Mailer: Apple Mail (2.1499)
Received-SPF: pass (nostrum.com: 76.187.92.156 is authenticated by a trusted mechanism)
Cc: "gen-art@ietf.org Review Team" <gen-art@ietf.org>, Bharat Joshi <bharat_joshi@infosys.com>, "ietf@ietf.org List" <ietf@ietf.org>, "draft-ietf-dhc-relay-id-suboption.all@tools.ietf.org" <draft-ietf-dhc-relay-id-suboption.all@tools.ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2012 15:40:24 -0000
Thanks for the timely response, and the background for the security language. This brings up one question, however. See inline: Thanks! Ben. On Dec 21, 2012, at 6:48 AM, RAMAKRISHNADTV <RAMAKRISHNADTV@infosys.com> wrote: > Hi Ben, > > Thank you for your review comments. > Please find my responses inline below. > > Regards, > Ramakrishna DTV. > >> -----Original Message----- >> From: Ben Campbell [mailto:ben@nostrum.com] >> Sent: Thursday, December 20, 2012 2:45 AM >> To: draft-ietf-dhc-relay-id-suboption.all@tools.ietf.org >> Cc: gen-art@ietf.org Review Team; ietf@ietf.org List >> Subject: Gen-ART LC Review of draft-ietf-dhc-relay-id-suboption-11 >> >> I am the assigned Gen-ART reviewer for this draft. For background on >> Gen-ART, please see the FAQ at >> >> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >> >> Please resolve these comments along with any other Last Call comments >> you may receive. >> >> Document: draft-ietf-dhc-relay-id-suboption-11 >> Reviewer: Ben Campbell >> Review Date: 2012-12-19 >> IETF LC End Date: 2013-01-07 >> >> Summary: This draft is basically ready for publication as a proposed >> standard. However, there is one comment from a prior review that I am >> not sure whether is resolved. >> >> Major issues: >> >> None >> >> Minor issues: >> >> -- In Sean Turner's 2009 review of version 07 of the document [ >> http://www.ietf.org/mail-archive/web/gen-art/current/msg04614.html ], he >> made the following comment: >> >>> In the security considerations it says look to RFC 3046 and >>> RFC 4030 for security considerations and then says SHOULD use the >> relay >>> agent authentication option from RFC 4030. RFC 3046 is targeted at >>> network infrastructures that are "trusted and secure" and RFC 4030 >>> allows the relay agent to be part of this trusted and secure network. >>> If an implementation doesn't use the relay agent authentication >> option, >>> then the relay agent can't be part of the "trusted and secure" >> network. > > RFC3046 created the relay agent information option. > Relay agent information option exists only in the messages between > relay agents and DHCP servers. RFC3046 is targeted at network infrastructures > that are "trusted and secure" as far as the paths among relay agents and DHCP > servers is concerned. In many deployments, relay agents and DHCP servers > are under a single administrative control. By careful design and engineering > of the network, it is possible to ensure that the network infrastructure > comprising relay agents and DHCP server is trusted and secure. To achieve that, > RFC4030 may be used but is not a MUST. If not, RFC4030 would already be a MUST > for RFC3046 deployment. But that is not currently the case. Is the SHOULD use 4030 language a new normative requirement, or is it simply describing existing requirements from 3046 or elsewhere? If it's a new normative requirement, then I am fine with your answer and withdraw the concern. If not, then it would be better to use descriptive rather than normative language in this draft. > >>> This makes me think that the relay agent authentication option from >>> RFC 4030 ought to be a MUST not a SHOULD? >> >> I can't tell from the resulting conversation if that comment is >> addressed in the current text. Additional text has been added, but the >> SHOULD remains. I'm willing to accept it has been addressed if the >> author's say so--I only mention it to make sure it didn't fall through a >> crack. >> > > We have indeed discussed about this comment and addressed it. > > The following was a related comment from DHC WG Chair (Ted Lemon) > (http://www.ietf.org/mail-archive/web/gen-art/current/msg04615.html): > > "This document makes no changes to practice that require more or less security > than is provided by existing relay agent options in RFC3046. Thus, the > security considerations in RFC3046 should be adequate." > > As Ted mentioned, our draft only proposes a new sub-option for relay-agent > option which was originally created as part of RFC3046. So, the security > considerations for RFC3046 apply to our draft as well. RFC3046 deployments may > use RFC4030 as explained above. So, we indicated in our draft to refer to > both RFC3046 and RFC4030. But there are no specific security issues in the > new relay-id sub-option itself to make RFC4030 a MUST. > > >> Nits/editorial comments: >> >> -- section 5, last paragraph: >> >> I suggest removing the scare quotes around "stability". If there are >> concerns about whether such stability is real, it would be better to say >> that directly. >> > > There is no need for these scare quotes. We will remove them. > >> -- informative references: >> >> draft-ietf-dhc-dhcpv4-bulk-leasequery-06 is now 07 > > We will update this. > >> > > **************** CAUTION - Disclaimer ***************** > This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely > for the use of the addressee(s). If you are not the intended recipient, please > notify the sender by e-mail and delete the original message. Further, you are not > to copy, disclose, or distribute this e-mail or its contents to any other person and > any such actions are unlawful. This e-mail may contain viruses. Infosys has taken > every reasonable precaution to minimize this risk, but is not liable for any damage > you may sustain as a result of any virus in this e-mail. You should carry out your > own virus checks before opening the e-mail or attachment. Infosys reserves the > right to monitor and review the content of all messages sent to or from this e-mail > address. Messages sent to or from this e-mail address may be stored on the > Infosys e-mail system. > ***INFOSYS******** End of Disclaimer ********INFOSYS***
- Gen-ART LC Review of draft-ietf-dhc-relay-id-subo… Ben Campbell
- Re: Gen-ART LC Review of draft-ietf-dhc-relay-id-… Ben Campbell
- Re: Gen-ART LC Review of draft-ietf-dhc-relay-id-… Ben Campbell
- Re: Gen-ART LC Review of draft-ietf-dhc-relay-id-… Ben Campbell
- RE: Gen-ART LC Review of draft-ietf-dhc-relay-id-… RAMAKRISHNADTV
- Re: Gen-ART LC Review of draft-ietf-dhc-relay-id-… Ted Lemon
- Re: Gen-ART LC Review of draft-ietf-dhc-relay-id-… Ted Lemon
- RE: Gen-ART LC Review of draft-ietf-dhc-relay-id-… Bharat Joshi