Re: [secdir] secdir review of draft-sakane-dhc-dhcpv6-kdc-option

Jeffrey Hutzelman <jhutz@cmu.edu> Thu, 05 July 2012 17:07 UTC

Return-Path: <jhutz@cmu.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35CA421F870A for <secdir@ietfa.amsl.com>; Thu, 5 Jul 2012 10:07:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PIgOhpJ4aKu9 for <secdir@ietfa.amsl.com>; Thu, 5 Jul 2012 10:07:38 -0700 (PDT)
Received: from smtp01.srv.cs.cmu.edu (SMTP01.SRV.CS.CMU.EDU [128.2.217.196]) by ietfa.amsl.com (Postfix) with ESMTP id 7C7DE21F8704 for <secdir@ietf.org>; Thu, 5 Jul 2012 10:07:38 -0700 (PDT)
Received: from [192.168.33.132] (c-67-165-85-247.hsd1.pa.comcast.net [67.165.85.247]) (authenticated bits=0) by smtp01.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id q65H7nLC000447 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 5 Jul 2012 13:07:51 -0400 (EDT)
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Masahiro =Rhythm Drive= Ishiyama <masahiro@isl.rdc.toshiba.co.jp>
In-Reply-To: <23445_1341500728_q65F5R5I014871_yd94npqbvx7.wl@grayswandir.isl.rdc.toshiba.co.jp>
References: <21762_1337814743_q4NNCMPh008981_alpine.BSF.2.00.1205231837020.9762@fledge.watson.org> <1337881837.3279.45.camel@destiny.pc.cs.cmu.edu> <004a01cd4562$b7b338e0$4001a8c0@gateway.2wire.net> <tsl7gus37hu.fsf@mit.edu> <23445_1341500728_q65F5R5I014871_yd94npqbvx7.wl@grayswandir.isl.rdc.toshiba.co.jp>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 05 Jul 2012 13:07:49 -0400
Message-ID: <1341508069.3279.798.camel@destiny.pc.cs.cmu.edu>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3
Content-Transfer-Encoding: 7bit
X-Scanned-By: mimedefang-cmuscs on 128.2.217.196
Cc: secdir@ietf.org, jhutz@cmu.edu
Subject: Re: [secdir] secdir review of draft-sakane-dhc-dhcpv6-kdc-option
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2012 17:07:39 -0000

On Mon, 2012-07-02 at 13:59 +0900, Masahiro =Rhythm Drive= Ishiyama
wrote:
> 	At first I thought that it might be good to leave section 4.1,
> 	but now I changed my mind. I think the order of the preference
> 	might depend on the running environment: some people prefer
> 	"secured" one, some people prefer DNS...  So I'd like to make
> 	the order configurable and move section 4.1 to appendix, as a
> 	hint for implementation.

Since the current text, including the requirement to prefer KDC lookup
by DNS, is the result of working group consensus, this change requires
discussion in the working group and a consensus to make a change.

-- Jeff