IETF Logo Mail Archive

Re: [v6ops] Please review the No IPv4 draft

Brian Haberman <brian@innovationslab.net> Wed, 16 April 2014 11:55 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 913D01A0156 for <v6ops@ietfa.amsl.com>; Wed, 16 Apr 2014 04:55:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rWSoMbhi6ua for <v6ops@ietfa.amsl.com>; Wed, 16 Apr 2014 04:55:44 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) by ietfa.amsl.com (Postfix) with ESMTP id 4E0121A014D for <v6ops@ietf.org>; Wed, 16 Apr 2014 04:55:44 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 7241B88118 for <v6ops@ietf.org>; Wed, 16 Apr 2014 04:55:41 -0700 (PDT)
Received: from 102521117.rudm1.ra.johnshopkins.edu (addr16212925014.ippl.jhmi.edu [162.129.250.14]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 3389C71B0001 for <v6ops@ietf.org>; Wed, 16 Apr 2014 04:55:41 -0700 (PDT)
Message-ID: <534E6FAF.5080503@innovationslab.net>
Date: Wed, 16 Apr 2014 07:55:27 -0400
From: Brian Haberman <brian@innovationslab.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: v6ops@ietf.org
References: <534BF5A5.5010609@viagenie.ca> <534BFA08.3030404@foobar.org> <49EA8AC9-D5C5-4FE5-9A10-0CD574782F0F@nominum.com> <534C07FC.8000907@foobar.org> <F08AF14D-22C6-4F4C-9388-670EB4CD8453@nominum.com> <F2A0EC2F-6B41-4560-88BA-CEBF3E921B61@delong.com> <CAEmG1=oK8iHAms2_uVBsCtpCG7xBdhRfh9QQrd+JXUXgjBPqPA@mail.gmail.com> <534C1A41.1050505@foobar.org> <CAEmG1=qjev-Fkt4tpMSwy4xz-4L5CKow6xBCyiRY7sr7BBoQeA@mail.gmail.com> <BEE692B7-4A6E-44CC-9B2F-C6649C7BE622@delong.com>
In-Reply-To: <BEE692B7-4A6E-44CC-9B2F-C6649C7BE622@delong.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="eWF759gmNIb5e4XaImAtMJNHkF4QjDfJJ"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/Gggr6p5o6OjVegC3kxRwooj7Wlw
Subject: Re: [v6ops] Please review the No IPv4 draft
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2014 11:55:49 -0000

I purposely picked Owen's message since it is a perfect entry point...


On 4/14/14 3:32 PM, Owen DeLong wrote:
> 
> On Apr 14, 2014, at 10:45 AM, Matthew Petach <mpetach@netflight.com>
> wrote:
> 
>> 
>> On Mon, Apr 14, 2014 at 10:26 AM, Nick Hilliard <nick@foobar.org>
>> wrote: On 14/04/2014 18:23, Matthew Petach wrote:
>>> (which is to say, the potential for abuse here seems kinda high;
>>> are we sure this a good road for us to be traveling down?)
>> 
>> This is no different to any other type of rogue dhcpv4 situation.
>> 
>> Nick
>> 
>> 
>> Correct me if I'm wrong, though; being an ICMP response, rather
>> than a DHCP response would mean DHCP snooping wouldn't be
>> sufficient to stop me from engaging in mischief, where today
>> settings like DHCP snooping and DHCP guard could prevent me from
>> acting as a rogue DHCP server?
>> 
>> I suppose if we extend the concept of DHCP snooping to also include
>> ICMP snooping, that would work.
>> 
>> Thanks!
>> 
>> Matt
>> 
> 
> ICMP was just a suggestion. If you want to put it in DHCP/UDP to
> dodge abuse potential, I have no problem with that. The point is that
> this has no business being encoded in DHCPv6 or RA, it belongs in
> IPv4 somewhere.

Further down the thread, there have been arguments about IPv6 being the
only transport available, hence the need to put this option in
DHCPv6/RAs.  Seems to me the way you keep this option in its own address
family (i.e., carry it in DHCPv4) is to leverage a draft now going
through IETF Last Call (draft-ietf-dhc-dhcpv4-over-dhcpv6).  That draft
specifies how to carry DHCPv4 options in DHCPv6 (due to lack of IPV4
transport).

Regards,
Brian

v2.23.0 | Report a Bug | By Email