Skip to main content

Security of Messages Exchanged between Servers and Relay Agents
draft-ietf-dhc-relay-server-security-05

Revision differences

Document history

Date Rev. By Action
2017-08-01
05 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2017-07-18
05 (System) RFC Editor state changed to AUTH48 from EDIT
2017-06-20
05 (System) RFC Editor state changed to EDIT
2017-06-20
05 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2017-06-20
05 (System) Announcement was received by RFC Editor
2017-06-19
05 (System) IANA Action state changed to No IC from In Progress
2017-06-19
05 (System) IANA Action state changed to In Progress
2017-06-19
05 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2017-06-19
05 Amy Vezza IESG has approved the document
2017-06-19
05 Amy Vezza Closed "Approve" ballot
2017-06-19
05 Amy Vezza Ballot approval text was generated
2017-06-18
05 Suresh Krishnan IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup
2017-04-24
05 Eric Rescorla
[Ballot comment]
Based on e-mail it seems like at least one company is implementing.

Personally, were I voting, I'd vote against making an MTI that …
[Ballot comment]
Based on e-mail it seems like at least one company is implementing.

Personally, were I voting, I'd vote against making an MTI that I expect almost nobody to follow, but I concede that there's not sufficient evidence of that to hold a discuss here.
2017-04-24
05 Eric Rescorla Ballot comment text updated for Eric Rescorla
2017-04-24
05 Eric Rescorla
[Ballot comment]
Based on e-mail it seems like at least one company is implementing.

Personally, were I voting, I'd vote against making an MTI that …
[Ballot comment]
Based on e-mail it seems like at least one company is implementing.

Personally, were I voting, I'd vote against making an MTI that I expect almost nobody to follow, but I concede that that's not enough to hold a discuss here.
2017-04-24
05 Eric Rescorla [Ballot Position Update] Position for Eric Rescorla has been changed to No Objection from Discuss
2017-04-21
05 Gunter Van de Velde Closed request for Last Call review by OPSDIR with state 'No Response'
2017-04-20
05 Warren Kumari
[Ballot comment]
"This document specifies the optional requirements for relay agent and
  server implementations to support IPsec authentication and encryption
  and recommends operators …
[Ballot comment]
"This document specifies the optional requirements for relay agent and
  server implementations to support IPsec authentication and encryption
  and recommends operators enable this IPsec support."

Thank you, this adequately addresses my discuss.
2017-04-20
05 Warren Kumari [Ballot Position Update] Position for Warren Kumari has been changed to No Objection from Discuss
2017-04-19
05 (System) Sub state has been changed to AD Followup from Revised ID Needed
2017-04-19
05 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed
2017-04-19
05 Bernie Volz New version available: draft-ietf-dhc-relay-server-security-05.txt
2017-04-19
05 (System) New version approved
2017-04-19
05 (System) Request for posting confirmation emailed to previous authors: Yogendra Pal , Bernie Volz
2017-04-19
05 Bernie Volz Uploaded new revision
2017-04-15
04 Francis Dupont Request for Telechat review by GENART Completed: Ready. Reviewer: Francis Dupont. Sent review to list.
2017-04-13
04 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2017-04-12
04 Alia Atlas [Ballot comment]
I agree with both Warren's discuss and Benoit's comments about balloting being
easier when others have already done so :-)
2017-04-12
04 Alia Atlas [Ballot Position Update] New position, No Objection, has been recorded for Alia Atlas
2017-04-12
04 Deborah Brungard [Ballot comment]
Agree with other ADs' comments.
2017-04-12
04 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2017-04-12
04 Ben Campbell
[Ballot comment]
I am balloting "Yes", but I share the curiosity about whether people will really do this.

-3, third paragraph: "MUST exchange messages securely" …
[Ballot comment]
I am balloting "Yes", but I share the curiosity about whether people will really do this.

-3, third paragraph: "MUST exchange messages securely"
"Securely" is too ambiguous for a MUST. What specific protections are required?

-3, paragraph 4:
The list starts with no context. A sentence or paragraph describing the purpose of the list would be helpful.
2017-04-12
04 Ben Campbell Ballot comment text updated for Ben Campbell
2017-04-12
04 Ben Campbell
[Ballot comment]
I share the curiosity about whether people will really do this.

-3, third paragraph: "MUST exchange messages securely"
"Securely" is too ambiguous for …
[Ballot comment]
I share the curiosity about whether people will really do this.

-3, third paragraph: "MUST exchange messages securely"
"Securely" is too ambiguous for a MUST. What specific protections are required?

-3, paragraph 4:
The list starts with no context. A sentence or paragraph describing the purpose of the list would be helpful.
2017-04-12
04 Ben Campbell [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell
2017-04-12
04 Benoît Claise [Ballot comment]
The advantage of a late review is that everything has been said already by other ADs :-)
2017-04-12
04 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2017-04-12
04 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2017-04-12
04 Alexey Melnikov
[Ballot comment]
Thank you for writing this document.

I am curious to know whether there are existing or planned implementations/deployments of this document.

I am …
[Ballot comment]
Thank you for writing this document.

I am curious to know whether there are existing or planned implementations/deployments of this document.

I am also agreeing with Warren concerns.
2017-04-12
04 Alexey Melnikov [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov
2017-04-11
04 Kathleen Moriarty
[Ballot comment]
Thank you very much for your work on this document.  Once Warren's discuss has been cleared with adequate clarifications and 'updates' text, which …
[Ballot comment]
Thank you very much for your work on this document.  Once Warren's discuss has been cleared with adequate clarifications and 'updates' text, which I support, this will be a helpful document.  It will be very nice to no longer have the discussion as to why encryption is not required for DHCP, this is a welcome and overdue change. 

Is there an expected change to encrypt the full path in a future revision?
2017-04-11
04 Kathleen Moriarty Ballot comment text updated for Kathleen Moriarty
2017-04-11
04 Kathleen Moriarty
[Ballot comment]
Thank you very much for your work on this document.  Once Warren's discuss has been cleared with adequate clarifications and 'updates' text, which …
[Ballot comment]
Thank you very much for your work on this document.  Once Warren's discuss has been cleared with adequate clarifications and 'updates' text, which I support, this will be a helpful document.  It will be very nice to no longer have the discussion as to why encryption is not required for DHCP, this is a welcome and overdue change.
2017-04-11
04 Kathleen Moriarty [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty
2017-04-11
04 Mirja Kühlewind
[Ballot comment]
I strongly agree with Warren's discuss. This document is an update of RFC3315 and therefore MUST carry the update tag. If someone decides …
[Ballot comment]
I strongly agree with Warren's discuss. This document is an update of RFC3315 and therefore MUST carry the update tag. If someone decides not to implement this new specification, they will still only confirm to RFC3315 and not this new document. As Warren said, someone who wants this encryption needs to require conformance to this new RFC anyway. However I think the IETF should give a clear recommendation here that encryption must be used. If the working group really believes there are cases where encryption is not needed, this document must be rewritten to allow for these cases (by using SHOULD/RECOMMENDED instead of MUST/REQUIRED) and give a clear recommendation when it is acceptable to not use encryption.

Further, I'm also wondering why this is not just incorporated in rfc3315bis?
2017-04-11
04 Mirja Kühlewind Ballot comment text updated for Mirja Kühlewind
2017-04-11
04 Mirja Kühlewind
[Ballot comment]
I strongly agre with Warren's discuss. This document is an update of RFC3315 and therefore MUST carry the update tag. If someone decides …
[Ballot comment]
I strongly agre with Warren's discuss. This document is an update of RFC3315 and therefore MUST carry the update tag. If someone decides not to implement this new specification, they will still only confirm to RFC3315 and not this new document. As Warren said, somesome who wants this encryption needs to require conformance to this new RFC anyway. However I think the IETF should give a clear recommendation here that encryption must be used. If the working group really believes there are cases where encryption is not needed, this document must be rewritten to allow for these cases (by using SHOULD/RECOMMANDED instead of MUST/REQUIRED) and give a clear recomendation when it is acceptable to not use encryption.

Further, I'm also wondering why this is not just incorporated in rfc3315bis?
2017-04-11
04 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2017-04-10
04 Alvaro Retana [Ballot comment]
I agree with Warren's confusion about the relationship between this document, RFC3315 and draft-ietf-dhc-rfc3315bis.
2017-04-10
04 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2017-04-09
04 Spencer Dawkins [Ballot comment]
Thanks for producing this document, when the DISCUSSes clear :-)
2017-04-09
04 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2017-04-08
04 Warren Kumari
[Ballot discuss]
This document says that it "replaces the text in RFC3315 Section 21.1.", but it does not have an Updates tag. It is also …
[Ballot discuss]
This document says that it "replaces the text in RFC3315 Section 21.1.", but it does not have an Updates tag. It is also contains a large blob of RFC3315, with clear explanation of what exactly changed.
The writeup says "Even though this I-D introduces changes to RFC3315, the WG doesn't want to enforce IPsec encryption on every DHCPv6 server. Therefore it does not update RFC3315." -- so, if I'm writing a new DHCPv6 implementation, do I need to support this? The document reads like it tries to update 3315, but the writeup says otherwise -- once published, no-one will read the shepherd writeup. I think that the document itself needs to be clearer that this is an optional extension (so if I want to buy an implementation which does this, I ask for RFC3315 and RFCxxxx).

I also do not understand the relationship between this document (which talks about text RFC3315), and draft-ietf-dhc-rfc3315bis (which is currently in WGLC) -- if rfc3315bis is almost done, should this reference that instead? Or should rfc3315bis simply incorporate this?
2017-04-08
04 Warren Kumari
[Ballot comment]
I found the document confusing -- it says that it REQUIRES IPsec for DHCPv4 and DHCPv6, but it reads like it is requiring …
[Ballot comment]
I found the document confusing -- it says that it REQUIRES IPsec for DHCPv4 and DHCPv6, but it reads like it is requiring that operators enable this, not that implementations have to support this; what exactly is is trying to do?
I think that it would be much clearer if it said that implementations of this document must support IPsec and that operators are recommended to enable it (assuming that it what it means).
2017-04-08
04 Warren Kumari [Ballot Position Update] New position, Discuss, has been recorded for Warren Kumari
2017-04-07
04 (System) IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed
2017-04-07
04 Eric Rescorla
[Ballot discuss]
What's not clear to me from reading this docment is whether anyone
actually does IPsec for DHCP relaying. If so, what configurations do …
[Ballot discuss]
What's not clear to me from reading this docment is whether anyone
actually does IPsec for DHCP relaying. If so, what configurations do
they run it in? If not, will they do so as the result of this
document?
2017-04-07
04 Eric Rescorla [Ballot Position Update] New position, Discuss, has been recorded for Eric Rescorla
2017-04-07
04 Suresh Krishnan IESG state changed to IESG Evaluation from Waiting for Writeup
2017-04-07
04 Suresh Krishnan Ballot has been issued
2017-04-07
04 Suresh Krishnan [Ballot Position Update] New position, Yes, has been recorded for Suresh Krishnan
2017-04-07
04 Suresh Krishnan Created "Approve" ballot
2017-04-07
04 Suresh Krishnan Ballot writeup was changed
2017-04-06
04 Jean Mahoney Request for Telechat review by GENART is assigned to Francis Dupont
2017-04-06
04 Jean Mahoney Request for Telechat review by GENART is assigned to Francis Dupont
2017-03-29
04 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed
2017-03-29
04 Bernie Volz New version available: draft-ietf-dhc-relay-server-security-04.txt
2017-03-29
04 (System) New version approved
2017-03-29
04 (System) Request for posting confirmation emailed to previous authors: Yogendra Pal , Bernie Volz
2017-03-29
04 Bernie Volz Uploaded new revision
2017-03-23
03 Tero Kivinen Request for Last Call review by SECDIR Completed: Ready. Reviewer: Catherine Meadows.
2017-03-17
03 Suresh Krishnan Placed on agenda for telechat - 2017-04-13
2017-03-13
03 (System) IESG state changed to Waiting for Writeup from In Last Call
2017-03-10
03 Francis Dupont Request for Last Call review by GENART Completed: Ready. Reviewer: Francis Dupont.
2017-03-03
03 (System) IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed
2017-03-03
03 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has reviewed [draft-enter-here], which is currently in Last Call, and has the following comments:

We understand …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has reviewed [draft-enter-here], which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
IANA Services Specialist
PTI
2017-03-02
03 Jean Mahoney Request for Last Call review by GENART is assigned to Francis Dupont
2017-03-02
03 Jean Mahoney Request for Last Call review by GENART is assigned to Francis Dupont
2017-03-02
03 Tero Kivinen Request for Last Call review by SECDIR is assigned to Catherine Meadows
2017-03-02
03 Tero Kivinen Request for Last Call review by SECDIR is assigned to Catherine Meadows
2017-03-01
03 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Eric Vyncke
2017-03-01
03 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Eric Vyncke
2017-02-27
03 Amy Vezza IANA Review state changed to IANA - Review Needed
2017-02-27
03 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC: tomasz.mrugalski@gmail.com, dhc-chairs@ietf.org, suresh.krishnan@ericsson.com, draft-ietf-dhc-relay-server-security@ietf.org, Tomek Mrugalski , …
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC: tomasz.mrugalski@gmail.com, dhc-chairs@ietf.org, suresh.krishnan@ericsson.com, draft-ietf-dhc-relay-server-security@ietf.org, Tomek Mrugalski , dhcwg@ietf.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Security of Messages Exchanged Between Servers and Relay Agents) to Proposed Standard


The IESG has received a request from the Dynamic Host Configuration WG
(dhc) to consider the following document:
- 'Security of Messages Exchanged Between Servers and Relay Agents'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2017-03-13. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) has no
  guidance for how to secure messages exchanged between servers and
  relay agents.  The Dynamic Host Configuration Protocol for IPv6
  (DHCPv6) states that IPsec should be used to secure messages
  exchanged between servers and relay agents, but does not require
  encryption.  And, with recent concerns about pervasive monitoring and
  other attacks, it is appropriate to require securing relay to relay
  and relay to server communication for DHCPv6 and relay to server
  communication for DHCPv4.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-server-security/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-server-security/ballot/


No IPR declarations have been submitted directly on this I-D.




2017-02-27
03 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2017-02-27
03 Amy Vezza Last call announcement was changed
2017-02-24
03 Suresh Krishnan Last call was requested
2017-02-24
03 Suresh Krishnan Last call announcement was generated
2017-02-24
03 Suresh Krishnan Ballot approval text was generated
2017-02-24
03 Suresh Krishnan Ballot writeup was generated
2017-02-24
03 Suresh Krishnan IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2017-02-07
03 (System) Sub state has been changed to AD Followup from Revised ID Needed
2017-02-07
03 Bernie Volz New version available: draft-ietf-dhc-relay-server-security-03.txt
2017-02-07
03 (System) New version approved
2017-02-07
03 (System) Request for posting confirmation emailed to previous authors: "Bernie Volz" , "Yogendra Pal"
2017-02-07
03 Bernie Volz Uploaded new revision
2017-02-01
02 Suresh Krishnan IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2017-01-25
02 Jouni Korhonen Request for Early review by INTDIR Completed: Not Ready. Reviewer: Jouni Korhonen. Sent review to list.
2017-01-23
02 Bernie Volz Request for Early review by INTDIR is assigned to Jouni Korhonen
2017-01-23
02 Bernie Volz Request for Early review by INTDIR is assigned to Jouni Korhonen
2017-01-23
02 Bernie Volz Request for Early review by INTDIR is assigned to Ted Lemon
2017-01-23
02 Bernie Volz Request for Early review by INTDIR is assigned to Ted Lemon
2017-01-19
02 Bernie Volz Request for Early review by INTDIR is assigned to Jouni Korhonen
2017-01-19
02 Bernie Volz Request for Early review by INTDIR is assigned to Jouni Korhonen
2017-01-18
02 Suresh Krishnan Requested Early review by INTDIR
2017-01-18
02 Suresh Krishnan IESG state changed to AD Evaluation from Publication Requested
2017-01-18
02 Tomek Mrugalski
Write-up for draft-ietf-dhc-relay-server-security-02

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper …
Write-up for draft-ietf-dhc-relay-server-security-02

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

  Standards track. This I-D clarifies how DHCPv4 and DHCPv6 traffic between
  servers and relays should be protected and uses normative language.
  Therefore this is the right type. The intended type is clearly
  indicated in the page header.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  DHCPv4 has no guidance for how to secure messages exchanged between
  servers and relay agents. The DHCPv6 states that IPsec should be
  used to secure messages exchanged between servers and relay agents,
  but does not require encryption.  And, with recent concerns about
  pervasive monitoring and other attacks, it is appropriate to
  require securing relay to relay and relay to server communication
  for DHCPv4 and DHCPv6. This draft codifies how to use IPsec with
  encryption to secure that communication.

Working Group Summary

  This draft was created as a result of a concern raised by during
  IESG review of draft-ietf-dhc-access-network-identifier (https://
  mailarchive.ietf.org/arch/msg/dhcwg/17b2yzdJOS1hif95kRIQXidudI8).
  The issue was the DHCP options could reveal user identifying
  information when a client communicates with a server via
  relay(s). This was a generic DHCP issue, so the decision was made to
  write a separate draft. Using IPsec for that purpose seems to be an
  obvious choice and that is what the draft proposes.

  This draft was first presented in Buenos Aires (April 2016) and
  later in Berlin (July 2016) and got unanimous support in the room on
  both occasions. It was adopted in Sep. 2016. The draft is very short
  (a bit over 2 pages of actual content) and changed very little
  between its first individual revision and the rev that passed
  WGLC. That is understandable, as it codifies the obvious solution
  implied by RFC3315 and was written by two experienced engineers (one
  of them being DHC co-chair). This is also the reason why this draft
  received fewer comments than average. In total, there were 37
  messages related to this draft posted to DHC list and a handful more
  circulated off the list.

Document Quality

  This document is of high quality. The reviews it received my seem
  like not too thorough, but that's because of the draft's shortness
  and a high quality of its initial version. The authors are two
  experienced DHCP engineers working for Cisco. I have personally
  reviewed -01 rev of this draft had some minor comments. They were
  addressed in -02.

Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

  Tomek Mrugalski is the shepherd. Suresh Krishnan is the responsible AD.

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  I reviewed the document before its adoption.  I thoroughly reviewed
  this document second time during WGLC (-01):
  https://mailarchive.ietf.org/arch/msg/dhcwg/s7ipaeaePK1ht3OSk0hxx683V9A
  The minor issues I pointed out were addressed properly. This
  document is ready for publication in my opinion.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  No, at least not from the DHCP perspective. An extra review from
  security experts would be welcome. Ops-dir feedback would be
  probably be useful, too.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  This I-D is DHCP-centric, so DHC is the proper WG for this work. It
  would be useful to have sec-dir review of it.  This draft was
  reviewed by Stephen Farrell on Oct. 14, 2016, but sadly his (brief)
  comments were sent off the list, so the review is not well
  documented. I was part of that discussion. I confirmed that
  Stephen's comment was addressed in -01.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

  I have no such concerns, except asking for a sec-dir review and
  optionally ops-dir review.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

  Yes, both authors confirmed in writing. There are no IPRs, existing or
  outstanding.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it?

  The consensus is pretty solid. There was an unanimous nod of
  approval in the room when it was presented. Usage of IPsec with
  encryption is the obvious choice and some deployments are already
  doing it. Sadly, not a lot of people thought it is important enough
  to confirm their approval on the ML. That's probably because RFC3315
  indicated that already and that's what people typically do when they
  need to secure their relay-server communication.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

  There are 3 idnit comments and all of them are not a problem. First,
  the draft uses pre-RFC5378 disclaimer, because it contains text from
  RFC3315 (which we know some of the authors are not reachable).

  Second is the publication year not matching current. Yes, it was
  published in 2016 and that is stated correctly.

  The third nit is for outdated reference (sedhcpv6-18, with -20 being
  available). This will be fixed by RFC Editor. Sedhcpv6 authors are
  eager to update their draft as soon as any comments arrive (11
  revisions in the last 13 months), so trying to keep up would be a
  waste of time.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  No such review is required.

(13) Have all references within this document been identified as
either normative or informative?

  Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  No. All normative references are to published RFCs only.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  No. There are no such references.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  No. Even though this I-D introduces changes to RFC3315, the WG doesn't
  want to enforce IPsec encryption on every DHCPv6 server. Therefore
  it does not update RFC3315.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  This document does not require any IANA actions. That is clearly
  stated in the IANA considerations section.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  There are no such registries defined.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  There are no such sections, so automated checks are not necessary.
2017-01-18
02 Tomek Mrugalski Responsible AD changed to Suresh Krishnan
2017-01-18
02 Tomek Mrugalski IETF WG state changed to Submitted to IESG for Publication from Waiting for WG Chair Go-Ahead
2017-01-18
02 Tomek Mrugalski IESG state changed to Publication Requested
2017-01-18
02 Tomek Mrugalski IESG process started in state Publication Requested
2017-01-18
02 Tomek Mrugalski Tag Revised I-D Needed - Issue raised by WGLC cleared.
2017-01-18
02 Tomek Mrugalski Changed document writeup
2017-01-18
02 Tomek Mrugalski Changed document writeup
2016-12-15
02 Bernie Volz New version available: draft-ietf-dhc-relay-server-security-02.txt
2016-12-15
02 (System) New version approved
2016-12-15
02 (System) Request for posting confirmation emailed to previous authors: "Bernie Volz" , "Yogendra Pal"
2016-12-15
02 Bernie Volz Uploaded new revision
2016-12-14
01 Tomek Mrugalski WGLC passed on 2016-12-14. Updated rev needed.
2016-12-14
01 Tomek Mrugalski Tag Revised I-D Needed - Issue raised by WGLC set.
2016-12-14
01 Tomek Mrugalski IETF WG state changed to Waiting for WG Chair Go-Ahead from In WG Last Call
2016-10-26
01 Tomek Mrugalski Last day of WGLC on 2016-11-09.
2016-10-26
01 Tomek Mrugalski IETF WG state changed to In WG Last Call from WG Document
2016-10-17
01 Bernie Volz New version available: draft-ietf-dhc-relay-server-security-01.txt
2016-10-17
01 (System) New version approved
2016-10-17
01 (System) Request for posting confirmation emailed to previous authors: "Bernie Volz" , "Yogendra Pal"
2016-10-17
01 Bernie Volz Uploaded new revision
2016-10-01
00 Bernie Volz Notification list changed to "Tomek Mrugalski" <tomasz.mrugalski@gmail.com>
2016-10-01
00 Bernie Volz Document shepherd changed to Tomek Mrugalski
2016-10-01
00 Bernie Volz Changed consensus to Yes from Unknown
2016-10-01
00 Bernie Volz Intended Status changed to Proposed Standard from None
2016-10-01
00 Bernie Volz This document now replaces draft-volz-dhc-relay-server-security instead of None
2016-10-01
00 Bernie Volz New version available: draft-ietf-dhc-relay-server-security-00.txt
2016-10-01
00 Bernie Volz WG -00 approved
2016-10-01
00 Bernie Volz Uploaded new revision
2016-10-01
00 Bernie Volz Set submitter to "Bernie Volz ", replaces to draft-volz-dhc-relay-server-security and sent approval email to group chairs: dhc-chairs@ietf.org