re: I-D Action: draft-ietf-6man-addr-select-opt-04.txt
Ray Hunter <v6ops@globis.net> Wed, 18 July 2012 17:29 UTC
Return-Path: <v6ops@globis.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D24F211E8132 for <ipv6@ietfa.amsl.com>; Wed, 18 Jul 2012 10:29:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZ4sqA5VyXE7 for <ipv6@ietfa.amsl.com>; Wed, 18 Jul 2012 10:29:12 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id EB1D611E811D for <ipv6@ietf.org>; Wed, 18 Jul 2012 10:29:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 5DA9D870049; Wed, 18 Jul 2012 19:29:46 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBFcex+W7cxw; Wed, 18 Jul 2012 19:29:17 +0200 (CEST)
Received: from Rays-iMac-2.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id E09BF870046; Wed, 18 Jul 2012 19:29:16 +0200 (CEST)
Message-ID: <5006F266.3070802@globis.net>
Date: Wed, 18 Jul 2012 19:29:10 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox 3.0.4 (Macintosh/20120616)
MIME-Version: 1.0
To: draft-ietf-6man-addr-select-opt@tools.ietf.org
Subject: re: I-D Action: draft-ietf-6man-addr-select-opt-04.txt
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: 6man Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2012 17:29:12 -0000
I have read this draft. As previously stated, I like the idea. comments & questions: Section 2: / a client MAY NOT automatically add rows to the policy table/ MAY NOT seems to contradict Section 4 /This option's concept is to serve as a hint for a node about how to behave in the network./ i.e. it's a hint not a command. Is this not then a "SHOULD NOT"? Otherwise won't we get questions about who is leading for determining end-node global behaviour, the device owner or the network operator? Or is this MAY NOT flag only valid IF the node chooses to trust and install the policy table communicated via DHCPv6? /label: An 8-bit unsigned integer;/ Is there any specification in an RFC that says ALL implementations can only handle a label of 8 bits? /precedence: An 8-bit unsigned integer;/ Is there any specification in an RFC that says that ALL implementations can only handle a precedence of 8 bits? draft-ietf-6man-rfc3484bis-06 refers to numeric comparisons, but does not appear to specify a type. I see later in Section 5: /Currently, the label and precedence values are defined as 8-bit unsigned integers. In almost all cases, this value will be enough./ How many times have I heard that about fixed length fields. What happens if it is not enough? Is it worth considering variable length labels and precedence fields? Or making them 16 bits to start with? /An IPv4-mapped address [RFC4291] must be used to represent an IPv4 address as a prefix value./ Whilst I agree with this statement, some examples in the Microsoft documentation I have read show dual entries in the policy table: one for mapped IPv4 address prefixes and one for IPv4-Compatible IPv6 address prefixes. e.g. the default policy table is shown with entries like: ::/96 20 3 ::ffff:0:0/96 10 4 Since IPv4-Compatible IPv6 addresses are deprecated, can we assume that these can be safely ignored, or not? I have always played it safe and configured both in Windows 7, so I'm not sure of underlying behaviour of the implementation and if this might change over time or versions. /The zone-index is defined in RFC 3493 [RFC3493] as 'scope ID'/ I can't find a direct reference to 'scope ID' in RFC3493. Is it 'sin6_scope_id'? That would make sense as it is defined as 32 bit integer. Section 4.3: /In other cases the node MUST NOT use Policy Table options unless the node is specifically configured to do so./ When I first read this I asked myself "is that not too draconian?" I think a document link to the definition of a "secure channel" in the Security Considerations section would answer that question effectively i.e. a signed DHCP message is considered a secure channel, regardless of the underlying transport. What about version control of the policy table itself? Is there a need for a policy-table version option like a DNS SOA serial number? I could imagine some potential corner-case problems with replay attack or race conditions, especially if the local router is acting as some sort of smart caching DHCPv6 server introducing local options. Or is that just too obscure to worry about? Thanks! RayH
- I-D Action: draft-ietf-6man-addr-select-opt-04.txt internet-drafts
- re: I-D Action: draft-ietf-6man-addr-select-opt-0… Ray Hunter