IETF Logo Mail Archive

Re: [mif-arch-dt] Strawman solution proposals for DHCPv6 and RA support for multiple provisioning domains

Marc Blanchet <marc.blanchet@viagenie.ca> Fri, 22 November 2013 20:39 UTC

Return-Path: <marc.blanchet@viagenie.ca>
X-Original-To: mif-arch-dt@ietfa.amsl.com
Delivered-To: mif-arch-dt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D232C1ADFEF for <mif-arch-dt@ietfa.amsl.com>; Fri, 22 Nov 2013 12:39:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.426
X-Spam-Level:
X-Spam-Status: No, score=-2.426 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.525, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Imrm_urVaH8A for <mif-arch-dt@ietfa.amsl.com>; Fri, 22 Nov 2013 12:39:01 -0800 (PST)
Received: from jazz.viagenie.ca (jazz.viagenie.ca [IPv6:2620:0:230:8000::2]) by ietfa.amsl.com (Postfix) with ESMTP id 3EC021ACCEA for <mif-arch-dt@ietf.org>; Fri, 22 Nov 2013 12:39:01 -0800 (PST)
Received: from h116.viagenie.ca (h116.viagenie.ca [206.123.31.116]) by jazz.viagenie.ca (Postfix) with ESMTPSA id 82EC64690B; Fri, 22 Nov 2013 15:38:53 -0500 (EST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
From: Marc Blanchet <marc.blanchet@viagenie.ca>
In-Reply-To: <6AC3097B-C63D-4DC6-80BE-29FEFE355D40@nominum.com>
Date: Fri, 22 Nov 2013 15:38:50 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <E30067C3-A44D-478A-9D78-CA2D078A8A76@viagenie.ca>
References: <5267F29C.3010304@ericsson.com> <0010ca0ba1f44fe2a1b8fa5f110a00c0@SN2PR03MB077.namprd03.prod.outlook.com>, <41845B5F-8694-4368-B2F6-BA3BA0CFDD91@gmail.com> <ee10ff9826854918aebf0565c93ce5a9@SN2PR03MB077.namprd03.prod.outlook.com> <E07F8EDD-6BA5-4B7D-B307-C819B6AC2053@gmail.com> <6AC3097B-C63D-4DC6-80BE-29FEFE355D40@nominum.com>
To: Ted Lemon <ted.lemon@nominum.com>
X-Mailer: Apple Mail (2.1822)
Cc: Jouni Korhonen <jouni.nospam@gmail.com>, Dmitry Anipko <Dmitry.Anipko@microsoft.com>, "mif-arch-dt@ietf.org" <mif-arch-dt@ietf.org>, Suresh Krishnan <suresh.krishnan@ericsson.com>
Subject: Re: [mif-arch-dt] Strawman solution proposals for DHCPv6 and RA support for multiple provisioning domains
X-BeenThere: mif-arch-dt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: MIF Architecture Design Team mailing list <mif-arch-dt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif-arch-dt>, <mailto:mif-arch-dt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif-arch-dt/>
List-Post: <mailto:mif-arch-dt@ietf.org>
List-Help: <mailto:mif-arch-dt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif-arch-dt>, <mailto:mif-arch-dt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2013 20:39:03 -0000

Le 2013-11-22 à 15:33, Ted Lemon <ted.lemon@nominum.com> a écrit :

> On Nov 22, 2013, at 12:11 PM, Jouni Korhonen <jouni.nospam@gmail.com> wrote:
>> Domain names and alike possible PVD-IDs are ok since they already are "human readable". However, I would put zero energy trying to add something readable data into PVDs if the used PVD-ID itself is e.g. a binary blob. I just see no value of that if it increases the data size of the PVD container or ID.
> 
> If the PVD ID is a blob, you need a mechanism for assigning a name to it and validating it.
> 
> Think about the possible flow here.   We want to be able to present this information to the user in a chooser, right?   So that means that if what's contained in the ID is a binary blob, we need a way to translate it.   Also, if the blob is something we've already seen and can cryptographically authenticate based on a previous leap of faith, then we need the signature to authenticate.  And if we don't have the name at this point, we need a process for finding the name associated with the blob after we've decided to try it.
> 
> It might be better to have a name that we can do all that too that's human-readable.  

be careful. If it is a protocol parameter that is not shown to the user, then human readable is one design choice to help troubleshoot and ...  But if is a human-readable for end-users, as you seem to assume above, then we enter into the languages, scripts, i18n, normalization and ....  I'm not sure we want to go there for a PVD-ID...  I would assume a protocol element and then some end-user mapping in his own language/script/locale that is outside of the scope of this work/spec.

Marc.

>  Then we can do cryptographic validation if we have already seen the name, and avoid connecting to a fraudulent version of the PVD (which we could also do with the blob).   But if we haven't seen the name before, and haven't yet accepted it, we want something to present to the user, don't we?
> 
> This bears thinking about.   I'm not saying you're wrong, but don't be too quick to leap to conclusions about this!
> 
> _______________________________________________
> mif-arch-dt mailing list
> mif-arch-dt@ietf.org
> https://www.ietf.org/mailman/listinfo/mif-arch-dt

v2.23.0 | Report a Bug | By Email