Re: [OPSEC] Iotdir early review of draft-ietf-opsec-v6-21

Ted Lemon <mellon@fugue.com> Wed, 20 November 2019 09:53 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DABAB1208C6 for <opsec@ietfa.amsl.com>; Wed, 20 Nov 2019 01:53:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6iUSwLE_o8Yw for <opsec@ietfa.amsl.com>; Wed, 20 Nov 2019 01:53:23 -0800 (PST)
Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3FD8C1208BF for <opsec@ietf.org>; Wed, 20 Nov 2019 01:53:23 -0800 (PST)
Received: by mail-qv1-xf2e.google.com with SMTP id y18so9443102qve.2 for <opsec@ietf.org>; Wed, 20 Nov 2019 01:53:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=kYMpL/vAKGF702siHhy5KZYBnCY0MHvE1/qtMMR7AKQ=; b=OCidimxGpGBVvaHkPnqhsEUCtgT97WGCSe7UoTJveAaIuaal8wGXnC7N/UDsqSnRe4 XpO2NpotKir5fdLb3CjS8WuU4oUtYlFN+fEmhXd/uwsoSsGRjHXl3uM6oDEELKTh4zrH SDAFoLIe/sjlCMWjnZo/h1K8xd3t8KN6L91IdYvLU95kiZYS5ze980k5Zx3SaBELtRaG nqhJbrTuI3DnDl5DHLHM6lbxFjdLMe4/n/tK5CGWDUQqOJqY5R5g4aVHhJOvFhDhJDsY CGL2roFzTqwVGLQxhRmmXhEBcepn816zlUnZjEE/Bd3OmF/yzj1UZ7zF3qnCbQVyV7OR dOvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=kYMpL/vAKGF702siHhy5KZYBnCY0MHvE1/qtMMR7AKQ=; b=FFwVsF+3frvAn7TH4x6+cFH9hAZrc+/Vb8s+jXlMOwwftrJ2m/c9MkoJeOGDJbsZ+n tnfsgVY+vblsEWrCV409J0OFAedYAT/n0TXvXJIufIi+mEUmD3SWk345XAi7/7J1XHAK cSCjI03xvH8tSO6/tUT7XbZazxPm9aF4b9FYOUPL1iaLcKBwrSkzBwiHnY3DSAaqXs1v xhf5k8ZVQ2W0B/iNIFLplIyjjJ2UhWCqLwIASLJavyxUczwSNmuQkRziWAFi0UlIhCOF q4DpS1bLtEohTaTbxohxZ46/TBk33dvGpkMIeUpIZDPloKlmQKZxcNH93HUpfhYG2ahn CUpA==
X-Gm-Message-State: APjAAAUA0JRUl34QWNox3eo7lPmW1LuRhwn4hO4j2foA55Y/sDJ8TjmS bMQlbaowUomlcdpN7WsVSxMWfA==
X-Google-Smtp-Source: APXvYqxQ+7/01zx9fQp/bDVZERzIv2+CntDhi8eismEinfQvC3x+OhqL+Kf/HVphC6tHQvRDBWOAJg==
X-Received: by 2002:a0c:edcc:: with SMTP id i12mr1675270qvr.20.1574243602277; Wed, 20 Nov 2019 01:53:22 -0800 (PST)
Received: from ?IPv6:2601:18b:300:36ee:9125:6a16:b164:3b45? ([2601:18b:300:36ee:9125:6a16:b164:3b45]) by smtp.gmail.com with ESMTPSA id a4sm11333310qkk.113.2019.11.20.01.53.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 20 Nov 2019 01:53:21 -0800 (PST)
Content-Type: multipart/alternative; boundary=Apple-Mail-18A46DEE-E882-4A09-87A4-EF2677BBC289
Content-Transfer-Encoding: 7bit
From: Ted Lemon <mellon@fugue.com>
Mime-Version: 1.0 (1.0)
Date: Wed, 20 Nov 2019 04:53:20 -0500
Message-Id: <D847F62D-D706-4BC9-B9D5-043FFB0D9BD0@fugue.com>
References: <95B1A8FE-A74F-47C3-AC91-66A10B727D32@gmail.com>
Cc: iot-dir@ietf.org, opsec@ietf.org, draft-ietf-opsec-v6.all@ietf.org
In-Reply-To: <95B1A8FE-A74F-47C3-AC91-66A10B727D32@gmail.com>
To: Gyan Mishra <hayabusagsm@gmail.com>
X-Mailer: iPad Mail (17E177)
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/wcRKDw29Dt78MoXs3Y-WR2_M64k>
Subject: Re: [OPSEC] Iotdir early review of draft-ietf-opsec-v6-21
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 09:53:27 -0000

On Nov 19, 2019, at 8:12 PM, Gyan Mishra <hayabusagsm@gmail.com> wrote:
> 
> See RFC 6853.
> 
> https://tools.ietf.org/html/rfc6853#section-6.1
> 
> With DHCPV6 all servers are active and that is why there is not any state sharing since the pool has to be different and there a a preference option as to which server is preferred.  This does go deeper into host configuration which is out of scope for this document so will leave out.

Right.  What I’m suggesting is that you explicitly recommend using DHCPv6 servers that support RFC 8156 rather than the less effective solution proposed in RFC 6853.  This recommendation will not be actionable for all network operators, but it should work well in enterprise settings.