IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Sun, 24 May 2020 07:00 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA6583A0BFE; Sun, 24 May 2020 00:00:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=fSfHu74d; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=I3Jz4CK6
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u4lKPZ0Yx-59; Sun, 24 May 2020 00:00:15 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07A5E3A0B05; Sat, 23 May 2020 23:59:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5498; q=dns/txt; s=iport; t=1590303598; x=1591513198; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=PHDRmCVMb1E2HqVbJzoge5zn8lhmhc7OhnOSM66J/6o=; b=fSfHu74dcVPTo+88TsV240Mz6cwpUw4zcZM/+k8L7cfrR4EjAF8C2S3F 2H+wuuiotGv8EzVb188BAMAJu89nR2dYkCe773sEgV0m0rLv70ii5SAN5 IJ9bmhZlOjIeSLD8S47X63O+sGv7j9ghlqnmDVLRVZoEFdXM/VgMivrS4 I=;
IronPort-PHdr: 9a23:xDIBmRQMgezUyLL+o4/SX8INl9psv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESQB9uJ6/9Nk+vQvKrhRXdG55ud4zgOc51JAhkCj8he3wktG9WMBkCzKvn2Jzc7E8JPWB4AnTm7PEFZFdy4awjUpXu/vj4fEw3+MwV/J/juXIjfk5f/2+W74ZaGZQJOiXK0aq9zKxPjqwLXu4EWjIJuJ7x3xAHOpy5Dev9dwiVjIlfAkg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AaAgAXGspe/4YNJK1cCRsBAQEBAQEBAQUBAQESAQEBAwMBAQFAgUeBVFEHgUcvLIQkg0YDjRsliXqOQoFCgRADVQsBAQEMAQEtAgQBAYFQgnQCF4IGJDgTAgMBAQsBAQUBAQECAQUEbYVWDIVyAQEBAQMSEREMAQE3AQsEAgEIDgMDAQIDAiYCAgIfERQBCAgCBAENBRQHB4MEgkwDLgGgcwKBOYhhdoEygwEBAQWFJw0Lgg4JgQ4qgmSJYBqBQT+BOAwQgk0+gh6BchIUGIMUM4ItjlCDFokjlyQGLUoKglSUAASEWB2CY4kCkh2FJIsqjDqRKAIEAgQFAg4BAQWBaSKBPhEHcBU7KgGCPlAYDZBABwUXg0+KVnQ3AgYBBwEBAwl8jFsBAQ
X-IronPort-AV: E=Sophos;i="5.73,428,1583193600"; d="scan'208";a="763572237"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 24 May 2020 06:59:56 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 04O6xuCg015149 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 24 May 2020 06:59:56 GMT
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 24 May 2020 01:59:56 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Sun, 24 May 2020 01:59:55 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Sun, 24 May 2020 01:59:55 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lxercVfUd+s6FUOTyq2woc8NzDlM4UCDjx+axyymhhWu2aVgsruj5rFPa69dBGBkKpbpdrlwxUF4Y6IimRKc0yhQnkdXOeOuy7vS4LAMtXf/n4B2oyMx0qv9Jc36GysTFhji2aI4DAgkozeqI2L+uOM985xtca/n4ytt1ZGfvuSMscBJGB5lb0qB92amYw9Ut/g+M3HvgR0158vKsYvBDtT8ZQc6rAyNSMSe4qS9kqKUysgmXhPUoMIKXckvoiMA/D13tMlDHu1fXXHAWnIDox882kDBwjQrjmifoT+8jq2svIDIX/kB7qf+cP9yqVVGuE7JQ1pRLP/VeF4YexEdYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PHDRmCVMb1E2HqVbJzoge5zn8lhmhc7OhnOSM66J/6o=; b=WSBK8jQH3mNHuxjst9HgRqLDdmpxryB4336mZIRKC5k93DQELt6bZ/nN69zoashgG9wLxFmSwhlTqiO0/JT3v5DgWnwiGkCnklFsCIUY92aNi98fvF5L2VmU4k3i/fLo0Bscvje7wVARXlG0/MxWY5k3KNPDqiOHAKOLyvh7r20+9Jt24bjOaNKRVolMvNBPt/tvJkBrzjcFt3aX/kYqLy/ZkAgngeFYKV8O1VMcU49ZJCSmD/DYgakuDl/MIS5N98Uc++2glVurVK6jJiiqegydSLmhUFi61DdfufVRd1mfXVFAvHVeF+5emIPg3DFGt8GYRGkxUYq3EKBnpLJMIw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PHDRmCVMb1E2HqVbJzoge5zn8lhmhc7OhnOSM66J/6o=; b=I3Jz4CK6BjHJCyFaVt2nT3n1QZYjYs0gkimjgqSThf4sbdkOoAl6F5OA92dUy7yw902MBEbMfZrVH3CkhHjlBnRrOYAAyD5ZCpC8AR13UxWP0IaS1Hgocz5M1X8vMu9MyspQuf8oF0u+zcfFjaCFqLhmMeaM+ZXvfRXr+wLhZtk=
Received: from DM5PR11MB1753.namprd11.prod.outlook.com (2603:10b6:3:10d::13) by DM5PR11MB1355.namprd11.prod.outlook.com (2603:10b6:3:b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3021.24; Sun, 24 May 2020 06:59:54 +0000
Received: from DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::a14c:59b6:47b0:f630]) by DM5PR11MB1753.namprd11.prod.outlook.com ([fe80::a14c:59b6:47b0:f630%7]) with mapi id 15.20.3021.026; Sun, 24 May 2020 06:59:54 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Christopher Wood <caw@heapingbits.net>, "secdir@ietf.org" <secdir@ietf.org>
CC: "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-problem-statement-of-mredhcpv6.all@ietf.org" <draft-ietf-dhc-problem-statement-of-mredhcpv6.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05
Thread-Index: AQHWLjhsnYfr8j9O0E2/0SzCs2NJvKi29u+A
Date: Sun, 24 May 2020 06:59:54 +0000
Message-ID: <D2D38C4C-0061-46C2-85D0-2470A2C75A00@cisco.com>
References: <158993226788.7058.12159366851189346862@ietfa.amsl.com>
In-Reply-To: <158993226788.7058.12159366851189346862@ietfa.amsl.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
authentication-results: heapingbits.net; dkim=none (message not signed) header.d=none;heapingbits.net; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:a4c2:adc:fbc8:9ec6]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5c8572a4-a59d-4d52-0c18-08d7ffb00fe5
x-ms-traffictypediagnostic: DM5PR11MB1355:
x-microsoft-antispam-prvs: <DM5PR11MB135514C69748D0268181BF12A9B20@DM5PR11MB1355.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0413C9F1ED
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: zozz0Ir78OzcJBgcZOfw2PIO+Nm16Tz/h6X4UsAIFD6A93JjfNmvUvhdkPpTmp46IBu160EDXCjOLcZ4+68YEn0BZs1P1ePzElDoBtBm6pWJNZaQvcGqGbhT6FTZVnspcA5mzXPNIZLoMQMZlOYYmMcoon/UzpWpmLK3/WbwRoyezvGzPbiIAIWqr8AhT2yI7JKKj+tN4TCh6ZSk2ebHS+UCu8fhRGZXtPHHoOuj725IxshCu0kveTW4q8J+78NIYz+oBAlBgM7Zrm+KiJaCe1MLiY/0x5jwS3nFYxhqjl0q/D8Er0cq47Z2h3TQoNwz
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM5PR11MB1753.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(376002)(396003)(366004)(346002)(316002)(6506007)(53546011)(8936002)(186003)(478600001)(36756003)(86362001)(2906002)(33656002)(4326008)(6512007)(66574014)(64756008)(91956017)(76116006)(66946007)(5660300002)(2616005)(71200400001)(66476007)(66556008)(66446008)(6486002)(54906003)(8676002)(110136005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: ZHbk3QRnUXII7+Z2b1VB/7Rx4tirEsMG4GoXQCf7QS86GDfnENE97WC7ctzjpl11pymG1b6YTLpW5uv0Y/Jia+Ry5+oVpCsh7ChaW1rha48nJuFrUnvWruO8B8KUIdBB0BTsxyKQ7bwwK2R88ImqVxkZKnUeWeNnrNePfdsqMTPyywQ/rEV/jrQRj6hHRYXUuOFlWvgvioBeBaecPsGopkZHuliFfJitYb+0YhNHAJShKBFAq/x3QJvxjx3ZFHT2CHNgUKC57CUpiNRkFCSfMx5S19yk9YGiPsNcHE4bDtNPADW0arn4LAMeh6hwIQP4MK4/YOwkgtKvo8mY7T55f+guiBYZs5PwWcoNQSJbIl6ikZK0mNGdPHBTgg8VAmCmWJ5krU4Bn1Vvcc8wxGWPo77+2JqBe0GKtEZvx6Xgl3co/iJJJIEdEsPvzk68O3y6dlu5VbZ+QLpe2VpgHIe4yqaAiK6wwRhzHnPa/qqx4v9WAdbI4FIEL/vRkcMw6uFZCPiMQ1X9ocsos2clpDWDucpOdngyA3HOiJNyWuK5QaM=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <FD9BCDBFEA989941814230E59B0375F9@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 5c8572a4-a59d-4d52-0c18-08d7ffb00fe5
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2020 06:59:54.1271 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vSSZii94nouBkIubowpfmD7RpxpMy454gNgp/mq+X0Bz2HqYgOq/HbfzgC+cpUghWn1E7vPF3AZ0HrA8grk6gg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1355
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/rUBjVpf0NtvXtZsZBZoFHqCcWeA>
Subject: Re: [secdir] Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 May 2020 07:00:25 -0000

Thank you Chris for your review.

I will take your and Pete's reviews when considering the next steps.

Regards

-éric

-----Original Message-----
From: Christopher Wood via Datatracker <noreply@ietf.org>
Reply-To: Christopher Wood <caw@heapingbits.net>
Date: Wednesday, 20 May 2020 at 01:51
To: "secdir@ietf.org" <secdir@ietf.org>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-problem-statement-of-mredhcpv6.all@ietf.org" <draft-ietf-dhc-problem-statement-of-mredhcpv6.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Subject: Secdir last call review of draft-ietf-dhc-problem-statement-of-mredhcpv6-05
Resent-From: <alias-bounces@ietf.org>
Resent-To: <rengang@cernet.edu.cn>, <he-l14@mails.tsinghua.edu.cn>, <liuying@cernet.edu.cn>, <volz@cisco.com>, <tomasz.mrugalski@gmail.com>, Eric Vyncke <evyncke@cisco.com>, <ek.ietf@gmail.com>, Bernie Volz <volz@cisco.com>
Resent-Date: Wednesday, 20 May 2020 at 01:51

    Reviewer: Christopher Wood
    Review result: Serious Issues

    Summary: Series Issues

    Comments:

    - Section 1. The introduction needs a lot of work. It seems to be trying to say
    something, but I cannot tell what that is. It's claimed that many documents
    attempt to extend DHCPv6, yet no extensions are cited. There's mention of
    "multi-requirement extension problems," but no example of such a problem.
    There's reference to the possibility of administrators modifying DHCPv6 code
    (and possibly breaking things in the process), but that does not seem relevant
    to or follow from the previous text. Please revise this entire section and make
    the goal clear. What is the problem being solved, why is it important, and what
    is the summary of the proposed solution?

    - Section 3.2. This section seems largely irrelevant. What is its purpose? It
    mainly documents software support, rather than "extension practices."

    - Section 4.1. Figure 1 could benefit from some descriptive text to match the
    diagram. For example, it's clear how "options" are points of extensibility, but
    how are "message processing functions" points of extensibility? An example
    might help clarify.

    - Section 4.2.3. What does "not all DHCPv6 software considers this extension"
    mean? Does it imply that not all server implements support for this extension,
    or something else?

    - Section 5. This seems to be the crux of the document, yet I failed to glean
    much from its contents. There are some examples of extensions which may require
    multiple more than one "moving part," such as (1) client identity transmission
    and (2) server use of those identities for address allocation. Is there
    guidance that should be followed for specifying this type of multi-requirement
    extension? If so, what is it? (Is that not the whole point of this document?)
    Are there considerations administrators or specification writers should be
    mindful of when designing these extensions? If so, what are they?

    In general, it seems that if a document is to emphasize considerations for
    folks, then those considerations out to be clearly articulated. Instead, this
    document seems to just list some examples (current practices) without any
    further insight. This makes me question its overall value for the community.

    Nits:

    - Section 1. "The IP address plays a significant role in the communication of
    the Internet." Did this mean to say communication *on* the Internet?

    - Please remove unnecessary gender terms from the document ("his").

    - This text:

       For example, considering such a requirement that
       DHCPv6 servers assign IPv6 addresses generated by user identifiers to
       the clients in a network to hold users accountable, two extensions
       should be fulfilled to meet this requirement.

    Could probably be simplified. Also, what does it mean for an extension to be
    fulfilled?

v2.23.0 | Report a Bug | By Email