IETF Logo Mail Archive

Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05

Benjamin Kaduk <kaduk@mit.edu> Sun, 24 May 2020 23:15 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2273B3A0DE8 for <secdir@ietfa.amsl.com>; Sun, 24 May 2020 16:15:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YdVHNKGbqn1 for <secdir@ietfa.amsl.com>; Sun, 24 May 2020 16:15:20 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99F993A0DF0 for <secdir@ietf.org>; Sun, 24 May 2020 16:15:20 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 04ONFE4r005842 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 24 May 2020 19:15:16 -0400
Date: Sun, 24 May 2020 16:15:13 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Christopher Wood <caw@heapingbits.net>
Cc: secdir@ietf.org
Message-ID: <20200524231513.GN58497@kduck.mit.edu>
References: <158993226788.7058.12159366851189346862@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <158993226788.7058.12159366851189346862@ietfa.amsl.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HIw8rK2spQy-Ol7W1mqI_oBTeDU>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 23:15:24 -0000

Thanks for the review, Chris!  I skimmed the doc and agree that the main
point is not readily apparent; hopefully it will get some edits before it
comes to the IESG.

-Ben

On Tue, May 19, 2020 at 04:51:07PM -0700, Christopher Wood via Datatracker wrote:
> Reviewer: Christopher Wood
> Review result: Serious Issues
> 
> Summary: Series Issues
> 
> Comments:
> 
> - Section 1. The introduction needs a lot of work. It seems to be trying to say
> something, but I cannot tell what that is. It's claimed that many documents
> attempt to extend DHCPv6, yet no extensions are cited. There's mention of
> "multi-requirement extension problems," but no example of such a problem.
> There's reference to the possibility of administrators modifying DHCPv6 code
> (and possibly breaking things in the process), but that does not seem relevant
> to or follow from the previous text. Please revise this entire section and make
> the goal clear. What is the problem being solved, why is it important, and what
> is the summary of the proposed solution?
> 
> - Section 3.2. This section seems largely irrelevant. What is its purpose? It
> mainly documents software support, rather than "extension practices."
> 
> - Section 4.1. Figure 1 could benefit from some descriptive text to match the
> diagram. For example, it's clear how "options" are points of extensibility, but
> how are "message processing functions" points of extensibility? An example
> might help clarify.
> 
> - Section 4.2.3. What does "not all DHCPv6 software considers this extension"
> mean? Does it imply that not all server implements support for this extension,
> or something else?
> 
> - Section 5. This seems to be the crux of the document, yet I failed to glean
> much from its contents. There are some examples of extensions which may require
> multiple more than one "moving part," such as (1) client identity transmission
> and (2) server use of those identities for address allocation. Is there
> guidance that should be followed for specifying this type of multi-requirement
> extension? If so, what is it? (Is that not the whole point of this document?)
> Are there considerations administrators or specification writers should be
> mindful of when designing these extensions? If so, what are they?
> 
> In general, it seems that if a document is to emphasize considerations for
> folks, then those considerations out to be clearly articulated. Instead, this
> document seems to just list some examples (current practices) without any
> further insight. This makes me question its overall value for the community.
> 
> Nits:
> 
> - Section 1. "The IP address plays a significant role in the communication of
> the Internet." Did this mean to say communication *on* the Internet?
> 
> - Please remove unnecessary gender terms from the document ("his").
> 
> - This text:
> 
>    For example, considering such a requirement that
>    DHCPv6 servers assign IPv6 addresses generated by user identifiers to
>    the clients in a network to hold users accountable, two extensions
>    should be fulfilled to meet this requirement.
> 
> Could probably be simplified. Also, what does it mean for an extension to be
> fulfilled?
> 
> 
> -- 
> last-call mailing list
> last-call@ietf.org
> https://www.ietf.org/mailman/listinfo/last-call

v2.23.0 | Report a Bug | By Email