Re: Re: Request for Advices on the draft "draft-cha-ipv6-ra-mo-00.txt"
HYUN WOOK CHA <hyunwook.cha@samsung.com> Wed, 08 October 2008 00:40 UTC
Return-Path: <ipv6-bounces@ietf.org>
X-Original-To: ipv6-archive@megatron.ietf.org
Delivered-To: ietfarch-ipv6-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C86D53A6844; Tue, 7 Oct 2008 17:40:49 -0700 (PDT)
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5DA9E3A6844; Tue, 7 Oct 2008 17:40:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.586
X-Spam-Level:
X-Spam-Status: No, score=-2.586 tagged_above=-999 required=5 tests=[AWL=1.225, BAYES_00=-2.599, MIME_BASE64_BLANKS=0.041, MIME_BASE64_TEXT=1.753, RCVD_IN_DNSWL_MED=-4, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IfentmvzqSk6; Tue, 7 Oct 2008 17:40:47 -0700 (PDT)
Received: from mailout1.samsung.com (mailout1.samsung.com [203.254.224.24]) by core3.amsl.com (Postfix) with ESMTP id 726BF3A681A; Tue, 7 Oct 2008 17:40:47 -0700 (PDT)
Received: from ep_ms7_bk (mailout1.samsung.com [203.254.224.24]) by mailout1.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0K8E00LH29WWNN@mailout1.samsung.com>; Wed, 08 Oct 2008 09:41:20 +0900 (KST)
Received: from ep_spt01 (ms7.samsung.com [203.254.225.101]) by ms7.samsung.com (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0K8E0011W9WV50@ms7.samsung.com>; Wed, 08 Oct 2008 09:41:19 +0900 (KST)
Content-return: prohibited
Date: Wed, 08 Oct 2008 00:41:19 +0000
From: HYUN WOOK CHA <hyunwook.cha@samsung.com>
Subject: Re: Re: Request for Advices on the draft "draft-cha-ipv6-ra-mo-00.txt"
To: Brian Haberman <brian@innovationslab.net>
Message-id: <17818024.401631223426479734.JavaMail.weblogic@epml18>
MIME-version: 1.0
MIME-version: 1.0
X-Priority: 3
Msgkey: 20081008003730718@hyunwook.cha
X-MTR: 20081008003730718@hyunwook.cha
X-EPLocale: ko_KR.windows-1252
X-EPWebmail-Msg-Type: personal
X-EPWebmail-Reply-Demand: 0
X-EPApproval-Locale:
X-EPHeader: ML
X-EPTrCode:
X-EPTrName:
Cc: "narten@us.ibm.com" <narten@us.ibm.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, Ted Lemon <Ted.Lemon@nominum.com>, "volz@cisco.com" <volz@cisco.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: hyunwook.cha@samsung.com
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ipv6-bounces@ietf.org
Errors-To: ipv6-bounces@ietf.org
Hello, Brian.
As I presented last IETF 6MAN meeting, our draft aims to provide automatic revocation of DHCPv6 clients in case that invocation of clients can be done in accordance with the RFC2462. Thus, requirement of our security model is that we should not intoduce additional threats to the existing specification and implementations. Since per-interface state variables are managed through timer based algorithm proposed in the draft, illegal RA messages can not stop clients as long as legal RA messages advertise the availability of DHCPv6 service. Also, we proposed two options when state variables are invalidated: 1) DHCPv6 client may refer state variables to decide whether it should keep its operation or not only after all bindings(leases) expires. 2) DHCPv6 client may be stopped immediately at the transition of variables from 1 to 0. With the first option, client can keep its operation even if state variables will be changed to 0 since legal RA messages are absent within lifetimes by any reasons.
> It would seem quite dangerous to enable/disable DHCPv6 clients
> arbitrarily based on bit settings in un-protected RA messages.
I agree with your point. We do not have any security methods and just consider using the SEND.
Regards,
Joseph
------- Original Message -------
Sender : Brian Haberman<brian@innovationslab.net>
Date : 2008-10-08 04:20 (GMT+09:00)
Title : Re: Request for Advices on the draft "draft-cha-ipv6-ra-mo-00.txt"
Joseph,
Do you have a particular security model in mind for giving Router
Advertisements the power to control software functionality on each node?
It would seem quite dangerous to enable/disable DHCPv6 clients
arbitrarily based on bit settings in un-protected RA messages.
Regards,
Brian
HYUN WOOK CHA wrote:
> Hello, Ted.
>
> That's correct. I believe that the ability to stop DHCP clients using
> M/O bits in RA is required once they were invoked by M/O bits in RA.
>
>
> Joseph
>
> ------- Original Message ------- Sender : Ted
> Lemon<Ted.Lemon@nominum.com> Date : 2008-09-30 09:36 (GMT+09:00)
> Title : Re: Request for Advices on the draft
> "draft-cha-ipv6-ra-mo-00.txt"
>
> Joseph, to summarize, it sounds like you believe that the ability to
> stop DHCP clients broadcasting on a link is a requirement. And you
> therefore think that deprecating the M&O bits is not the right
> answer. Is that correct?
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
- Request for Advices on the draft "draft-cha-ipv6-… HYUN WOOK CHA
- Re: Request for Advices on the draft "draft-cha-i… Thomas Narten
- Re: Re: Request for Advices on the draft "draft-c… HYUN WOOK CHA
- Re: Request for Advices on the draft "draft-cha-i… Thomas Narten
- Re: [dhcwg] Request for Advices on the draft "dra… Ted Lemon
- Fwd: Re: Request for Advices on the draft "draft-… hyunwook cha
- Re: Request for Advices on the draft "draft-cha-i… HYUN WOOK CHA
- Re: Request for Advices on the draft "draft-cha-i… Ted Lemon
- Re: Re: Request for Advices on the draft "draft-c… HYUN WOOK CHA
- Re: RE: Re: Request for Advices on the draft "dra… HYUN WOOK CHA
- Re: [dhcwg] Request for Advices on the draft "dra… Ralph Droms
- RE: [dhcwg] Request for Advices on the draft "dra… Bernie Volz (volz)
- Re: [dhcwg] Request for Advices on the draft "dra… Ralph Droms
- RE: [dhcwg] Request for Advices on the draft "dra… Bernie Volz (volz)
- Re: [dhcwg] Request for Advices on the draft "dra… Ralph Droms
- Re: [dhcwg] Request for Advices on the draft "dra… hyunwook cha
- Re: Re: Request for Advices on the draft "draft-c… HYUN WOOK CHA
- RE: Re: Request for Advices on the draft "draft-c… Bernie Volz (volz)
- Re: Request for Advices on the draft "draft-cha-i… Brian Haberman
- Re: Re: Re: Request for Advices on the draft "dra… Joseph Hyunwook Cha
- Re: Request for Advices on the draft "draft-cha-i… Brian Haberman
- RE: Request for Advices on the draft "draft-cha-i… Bernie Volz (volz)
- Re: [dhcwg] Request for Advices on the draft "dra… Ralph Droms
- Brokenness of specs w.r.t. client behavior with M… Thomas Narten
- Re: Brokenness of specs w.r.t. client behavior wi… Iljitsch van Beijnum
- Re: Brokenness of specs w.r.t. client behavior wi… Alain Durand
- Re: Brokenness of specs w.r.t. client behavior wi… Iljitsch van Beijnum
- Re: Brokenness of specs w.r.t. client behavior wi… Thomas Narten
- Re: Brokenness of specs w.r.t. client behavior wi… Iljitsch van Beijnum
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Bernie Volz (volz)
- Re: Brokenness of specs w.r.t. client behavior wi… Ralph Droms
- RE: Brokenness of specs w.r.t. client behavior wi… Greg.Rabil
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Greg.Rabil
- Cost of multicast [was Re: Brokenness of specs w.… Thomas Narten
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Ralph Droms
- RE: Cost of multicast [was Re: Brokenness of spec… Manfredi, Albert E
- Re: Brokenness of specs w.r.t. client behavior wi… Pekka Savola
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Kadirvel Chockalingam Vanniarajan
- Re: Cost of multicast [was Re: Brokenness of spec… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… trejrco
- Re: Cost of multicast [was Re: Brokenness of spec… Thomas Narten
- Re: Cost of multicast [was Re: Brokenness of spec… Thomas Narten
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Pekka Savola
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Brian E Carpenter
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Thomas Narten
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Pekka Savola
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Ted Lemon
- Re: Cost of multicast [was Re: Brokenness of spec… Mark Smith
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Brian E Carpenter
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Christian Huitema
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Bob Hinden
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David Conrad
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Brian E Carpenter
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Cost of multicast [was Re: Brokenness… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Ralph Droms
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Pekka Savola
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Ralph Droms
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Ralph Droms
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Ralph Droms
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Markku Savela
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… TJ
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Dunn, Jeffrey H.
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Templin, Fred L
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Ted Lemon
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Ted Lemon
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Wes Beebee (wbeebee)
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Bernie Volz (volz)
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… JINMEI Tatuya / 神明達哉
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… JINMEI Tatuya / 神明達哉
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… TJ
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Kadirvel Chockalingam Vanniarajan
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Brian E Carpenter
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… hyunwook cha
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… teemu.savolainen
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… teemu.savolainen
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Iljitsch van Beijnum
- Re: [dhcwg] Cost of multicast [was Re: Brokenness… Iljitsch van Beijnum
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Tony Hain
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… Tony Hain
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… hyunwook cha
- Re: [dhcwg] Cost of multicast [was Re: Brokenness… hyunwook cha
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… hyunwook cha
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… hyunwook cha
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… teemu.savolainen
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… teemu.savolainen
- Re: [dhcwg] Cost of multicast [was Re: Brokenness… David W. Hankins
- Re: [dhcwg] Cost of multicast [was Re: Brokenness… Iljitsch van Beijnum
- Re: [dhcwg] Cost of multicast [was Re: Brokenness… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… David W. Hankins
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… Brian E Carpenter
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… hyunwook cha
- /128 address allocation and "localized IPv6 addre… teemu.savolainen
- Re: /128 address allocation and "localized IPv6 a… Pekka Savola
- RE: [dhcwg] /128 address allocation and "localize… Templin, Fred L
- Re: [dhcwg] /128 address allocation and "localize… Ole Troan
- Re: /128 address allocation and "localized IPv6 a… Brian E Carpenter
- Re: /128 address allocation and "localized IPv6 a… Rémi Denis-Courmont
- Re: [dhcwg] /128 address allocation and "localize… H. Peter Anvin
- Re: [dhcwg] /128 address allocation and "localize… Mark Smith
- Re: /128 address allocation and "localized IPv6 a… Brian E Carpenter
- Re: /128 address allocation and "localized IPv6 a… Rémi Denis-Courmont
- RE: /128 address allocation and "localized IPv6 a… teemu.savolainen
- RE: /128 address allocation and "localized IPv6 a… teemu.savolainen
- Re: /128 address allocation and "localized IPv6 a… hyunwook cha
- RE: [dhcwg] Brokenness of specs w.r.t. client beh… teemu.savolainen
- Node Requirements Bis and issue tracker john.loughney@nokia.com
- Re: [dhcwg] /128 address allocation and "localize… H. Peter Anvin
- RE: [dhcwg] /128 address allocation and "localize… Christian Huitema
- Re: [dhcwg] /128 address allocation and "localize… H. Peter Anvin
- Re: [dhcwg] Brokenness of specs w.r.t. client beh… hyunwook cha
- comments on node requirements revision Ed Jankiewicz
- RE: comments on node requirements revision john.loughney
- Node req: Issues 7 - 11 john.loughney
- Re: Node req: Issue 8 (RFC 5175 - extensions to R… Thomas Narten