Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05
Benjamin Kaduk <kaduk@mit.edu> Sun, 24 May 2020 23:15 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2273B3A0DE8 for <secdir@ietfa.amsl.com>; Sun, 24 May 2020 16:15:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0YdVHNKGbqn1 for <secdir@ietfa.amsl.com>; Sun, 24 May 2020 16:15:20 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99F993A0DF0 for <secdir@ietf.org>; Sun, 24 May 2020 16:15:20 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 04ONFE4r005842 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 24 May 2020 19:15:16 -0400
Date: Sun, 24 May 2020 16:15:13 -0700
From: Benjamin Kaduk <kaduk@mit.edu>
To: Christopher Wood <caw@heapingbits.net>
Cc: secdir@ietf.org
Message-ID: <20200524231513.GN58497@kduck.mit.edu>
References: <158993226788.7058.12159366851189346862@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <158993226788.7058.12159366851189346862@ietfa.amsl.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HIw8rK2spQy-Ol7W1mqI_oBTeDU>
Subject: Re: [secdir] [Last-Call] Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 23:15:24 -0000
Thanks for the review, Chris! I skimmed the doc and agree that the main point is not readily apparent; hopefully it will get some edits before it comes to the IESG. -Ben On Tue, May 19, 2020 at 04:51:07PM -0700, Christopher Wood via Datatracker wrote: > Reviewer: Christopher Wood > Review result: Serious Issues > > Summary: Series Issues > > Comments: > > - Section 1. The introduction needs a lot of work. It seems to be trying to say > something, but I cannot tell what that is. It's claimed that many documents > attempt to extend DHCPv6, yet no extensions are cited. There's mention of > "multi-requirement extension problems," but no example of such a problem. > There's reference to the possibility of administrators modifying DHCPv6 code > (and possibly breaking things in the process), but that does not seem relevant > to or follow from the previous text. Please revise this entire section and make > the goal clear. What is the problem being solved, why is it important, and what > is the summary of the proposed solution? > > - Section 3.2. This section seems largely irrelevant. What is its purpose? It > mainly documents software support, rather than "extension practices." > > - Section 4.1. Figure 1 could benefit from some descriptive text to match the > diagram. For example, it's clear how "options" are points of extensibility, but > how are "message processing functions" points of extensibility? An example > might help clarify. > > - Section 4.2.3. What does "not all DHCPv6 software considers this extension" > mean? Does it imply that not all server implements support for this extension, > or something else? > > - Section 5. This seems to be the crux of the document, yet I failed to glean > much from its contents. There are some examples of extensions which may require > multiple more than one "moving part," such as (1) client identity transmission > and (2) server use of those identities for address allocation. Is there > guidance that should be followed for specifying this type of multi-requirement > extension? If so, what is it? (Is that not the whole point of this document?) > Are there considerations administrators or specification writers should be > mindful of when designing these extensions? If so, what are they? > > In general, it seems that if a document is to emphasize considerations for > folks, then those considerations out to be clearly articulated. Instead, this > document seems to just list some examples (current practices) without any > further insight. This makes me question its overall value for the community. > > Nits: > > - Section 1. "The IP address plays a significant role in the communication of > the Internet." Did this mean to say communication *on* the Internet? > > - Please remove unnecessary gender terms from the document ("his"). > > - This text: > > For example, considering such a requirement that > DHCPv6 servers assign IPv6 addresses generated by user identifiers to > the clients in a network to hold users accountable, two extensions > should be fulfilled to meet this requirement. > > Could probably be simplified. Also, what does it mean for an extension to be > fulfilled? > > > -- > last-call mailing list > last-call@ietf.org > https://www.ietf.org/mailman/listinfo/last-call
- [secdir] Secdir last call review of draft-ietf-dh… Christopher Wood via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Eric Vyncke (evyncke)
- Re: [secdir] [Last-Call] Secdir last call review … Benjamin Kaduk
- Re: [secdir] [Last-Call] Secdir last call review … Christopher Wood