IETF Logo Mail Archive

Re: [Softwires] [dhcwg] WGLC for draft-ietf-dhc-dhcp4o6-saddr-opt - EXTENDED - Respond by April 17, 2018

"Bernie Volz (volz)" <volz@cisco.com> Tue, 08 May 2018 14:39 UTC

Return-Path: <volz@cisco.com>
X-Original-To: softwires@ietfa.amsl.com
Delivered-To: softwires@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D03F4124319; Tue, 8 May 2018 07:39:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.509
X-Spam-Level:
X-Spam-Status: No, score=-14.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uduotaJX7g0l; Tue, 8 May 2018 07:39:46 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 851B112E8DC; Tue, 8 May 2018 07:39:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=21164; q=dns/txt; s=iport; t=1525790386; x=1526999986; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=m+UDXbWH9isb/Q8TSZqzCsyJX4RNaQQe1vRSySMJILc=; b=dSDkpijHL2SZQ1XsdVwc8FQyJmrBbTzZOAaV5+XDk/FgTVaZBgIKVz8T XNRwr7GwkVfmD9JeNokUEt9UHXQ3/bvKgFZP8Dtu6gSG8DHspsBoAWlfp pKrgGWH0jPGLjFoMHa6WwWmTGJJPiCzNXCpJavcUnB2WvLxldU0PF9L/d Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DEAAC/tfFa/5RdJa1cGQEBAQEBAQEBAQEBAQcBAQEBAYJNdmF6KAqDZYgCjHSBeXUajjSEdIF4CyyEQAIagkshNBgBAgEBAQEBAQJsHQuFKAEBAQEDI0QNBRACAQgRAwECJAcCAgIwHQgBAQQOBRsEgy4BckwDFadGghwfiCOCSIV9giiCE4EPI4FpSjWBQYEOgg42gmAwgiQCkQOHJwgCiDWGFoE1iy2HQYhkAhETAYEkARw4gVJwFWUBghiCLByOBm+BFY8QAYEXAQE
X-IronPort-AV: E=Sophos;i="5.49,378,1520899200"; d="scan'208,217";a="110773633"
Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by alln-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 May 2018 14:39:45 +0000
Received: from XCH-RCD-005.cisco.com (xch-rcd-005.cisco.com [173.37.102.15]) by rcdn-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id w48Edj7H024228 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 8 May 2018 14:39:45 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-005.cisco.com (173.37.102.15) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Tue, 8 May 2018 09:39:45 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1320.000; Tue, 8 May 2018 09:39:45 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "ianfarrer@gmx.com" <ianfarrer@gmx.com>
CC: "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-dhcp4o6-saddr-opt@ietf.org" <draft-ietf-dhc-dhcp4o6-saddr-opt@ietf.org>, "softwires@ietf.org" <softwires@ietf.org>
Thread-Topic: [Softwires] [dhcwg] WGLC for draft-ietf-dhc-dhcp4o6-saddr-opt - EXTENDED - Respond by April 17, 2018
Thread-Index: AdPR0dhl6hOmDljIT5WO9WYIg4HP4wAAGrxgAcTX1cADhqXwgP//xRkA
Date: Tue, 08 May 2018 14:39:45 +0000
Message-ID: <C6EBAF19-D0B9-4E83-B1A3-298F7160120F@cisco.com>
References: <35d79f1b7eba44ebbd1166abdec3f75e@XCH-ALN-003.cisco.com> <6101fb2ad0f94af9a87be709056cdaeb@XCH-ALN-003.cisco.com> <290a895002ca49929fa0b3f7c7fa77ca@XCH-ALN-003.cisco.com> <5AC34DC3-5F29-4A2D-9DE0-B50CFE92E040@gmx.com>
In-Reply-To: <5AC34DC3-5F29-4A2D-9DE0-B50CFE92E040@gmx.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.22.0.170515
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [161.44.67.121]
Content-Type: multipart/alternative; boundary="_000_C6EBAF19D0B94E83B1A3298F7160120Fciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/softwires/Uyye-vVomu9-WCMR62asL3cDtEg>
Subject: Re: [Softwires] [dhcwg] WGLC for draft-ietf-dhc-dhcp4o6-saddr-opt - EXTENDED - Respond by April 17, 2018
X-BeenThere: softwires@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: softwires wg discussion list <softwires.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/softwires>, <mailto:softwires-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/softwires/>
List-Post: <mailto:softwires@ietf.org>
List-Help: <mailto:softwires-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/softwires>, <mailto:softwires-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2018 14:39:54 -0000

Hi Ian:

Thanks … suggested text changes look good. I would think it best to reference 3315bis … hopefully it won’t hold up publication of this draft since it may take RFC Editor a bit longer to process the 3315bis document, but they also will have a head start. (If it does hold it up and we need to expedite release of this draft as an RFC, we can always ask for reference to change to 3315.)


  *   Bernie

From: Ian Farrer <ianfarrer@gmx.com>
Date: Tuesday, May 8, 2018 at 10:10 AM
To: Bernie Volz <volz@cisco.com>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-dhcp4o6-saddr-opt@ietf.org" <draft-ietf-dhc-dhcp4o6-saddr-opt@ietf.org>, "softwires@ietf.org" <softwires@ietf.org>
Subject: Re: [Softwires] [dhcwg] WGLC for draft-ietf-dhc-dhcp4o6-saddr-opt - EXTENDED - Respond by April 17, 2018

Hi Bernie,

Many thanks for the review. I’ve had a look through your comments and they all look straightforward enough. They will be in the next version with Tomek’s comments.

Here’s my suggestions in response to a couple of your comments:

SECTION 9:

-          More of a question – do the new options or procedures add any new or different considerations? If not, great.

There is one case that I think is missed. I’ve update the Security Considerations section to add the following text:

      A rogue client could attempt to use the mechanism described
      in "Changing the Bound IPv6 Softwire Source Address” to redirect IPv4 traffic
      intended for another client to itself. This would be performed by
      sending a DHCPREQUEST message for another client's active IPv4
      lease containing the attacker's softwire IPv6 address in
      OPTION_DHCP4O6_S46_SADDR.

      For such an attack to be effective, the attacker would
      need to know both the client identifier and active IPv4
      address lease currently in use by another client. The risk
      of this can be reduced by using a client identifier format
      which is not easily guessable, e.g. by including a time
      component for when the client identifier was generated
      (see [I-D.ietf-dhc-rfc3315bis] Section 11.2).


-          And, it is rather odd that DHCPv4 (RFC2131) and DHCPv6 (draft-ietf-dhc-rfc3315bis) aren’t referenced in the document. They are implicit because RFC7341 is referenced, but not always clear that this is the best way to go. But I didn’t find any easy way to incorporate these references directly.

I’ve added the following to Section 4. Solution Overview:

In order to provision a softwire, both IPv6 and IPv4 configuration
needs to be passed to the client. To map this to the DHCP 4o6
configuration process, the IPv6 configuration is carried in
DHCPv6 options [I-D.ietf-dhc-rfc3315bis], carried
inside the DHCPv6 message DHCPV4-RESPONSE (21)
sent by the server.

And:

IPv4 configuration is carried in DHCPv4 messages <xref target="RFC2131"/>,
(inside the DHCP 4o6 option OPTION_DHCPV4_MSG (87)) using the mechanism
described in <xref target="RFC7341"/>.

The normative refs. are updated with these as well.

BTW, should I be referencing RFC3315 or the -bis version as normative at this stage?

Thanks,
Ian

v2.23.0 | Report a Bug | By Email