Renumbering Requirements for Stateless Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
RFC 4076

Note: This ballot was opened for revision 02 and is now closed.

(Margaret Cullen) Yes

(Thomas Narten) (was Discuss) Yes

Comment (2004-10-14)
No email
send info
>    This combination of Stateless Address Autoconfiguration and stateless
>    DHCPv6 could be used quite commonly in IPv6 networks.  In the absence
>    of an alternative method for DNS, NTP and other options to be
>    automatically configured, it may become the most common combination
>    for statelessly configuring hosts.

I don't think this last sentence is needed. It hints at the
possibility that other mechanisms might be invented that would be used
instead of stateless DHC. Not sure why this document wants to say
that.

>    While a DHCPv6 server unicasts Reconfigure message to individual
>    clients to trigger the clients to intiate Information-request/reply
>    configuration exchanges to update their configuration settings, the
>    stateless variant of DHCPv6 cannot use the Reconfigure mechanism
>    because it does not maintain a list of IP addresses (leases) to send
>    the unicast messages to.

Perhaps add a sentence something like:

  Note that in DHCPv6, Reconfigure messages must be unicast; multicast
  is not allowed.

>    Thus events including the following cannot be handled:
> 
>    o  Full site renumbering

Don't understand this bullet. Just what is it about renumbering that
can't be done (and isn't covered more explicitely by later points?)


>    o  Security is important; e.g., avoiding denialof service attacks
>       mounted through Reconfigure messages sent from an attacker.

s/denialof/denial of/

(Harald Alvestrand) No Objection

Comment (2004-10-14 for -)
No email
send info
Reviewed by John Loughney, Gen-ART

His review:

This document is ready to go.  

One small nit:

Page 4:

3.1  Site renumbering

   One of the fundamental principles of IPv6 is that sites receive their
   IPv6 address allocations from an ISP using provider assigned (PA)
   address space.  There is currently no provider independent (PI)
   address space in IPv6.  A site wishing to change ISP must thus
   renumber its network.

"A site wishing to change" struck me as odd, as in many cases, some sites
need to change ISP because of mergers or bankruptcies.  I would change the 
sentence to:

	A site changing its ISP must thus renumber its network.

One question, the Security Considerations section says:

8.  Security Considerations

   There are no security considerations in this problem statemement per
   se.  However, whatever mechanism is designed or chosen to address
   this problem should avoid the introduction of new security concerns
   for (stateless) DHCPv6.

Now, I was actually hoping that there would be some text or pointers
discussing the effect of renumber on security. What are the impacts
to security of using DHCPv6 on security?  I am wrong in thinking that
this is what should be captured in Security Considerations text?

John

(Steven Bellovin) (was Discuss, No Objection) No Objection

(Bill Fenner) No Objection

(Ted Hardie) No Objection

(Scott Hollenbeck) No Objection

(Russ Housley) No Objection

Comment (2004-10-13 for -)
No email
send info
  In section 5: s/denialof service/denial of service/

(David Kessens) No Objection

(Allison Mankin) No Objection

(Alex Zinin) No Objection