Forcerenew Nonce Authentication
RFC 6704

Note: This ballot was opened for revision 04 and is now closed.

(Jari Arkko) Yes

Comment (2012-02-16 for -04)
No email
send info
Thanks for writing this document. I believe it is ready to move forward, despite the unsubstantiated worries about weakening RFC 3118 security :-)

One small comment:

>   The server SHOULD NOT include the nonce in an ACK when responding to
>   a renew unless a nonce was generated. 

... unless a *new* nonce was generated ...?

(Ralph Droms) Yes

(Ron Bonica) No Objection

(Stewart Bryant) No Objection

(Gonzalo Camarillo) No Objection

(Wesley Eddy) No Objection

(Adrian Farrel) No Objection

Comment (2012-02-14 for -)
No email
send info
Should you describe a mechanism whereby the nonce can be changed?

---

Section 6
Please don;t refer to this as a "proposal". It is just about to become
an RFC. Use "document".

(Stephen Farrell) No Objection

Comment (2012-02-13 for -)
No email
send info
- I agree with Russ' discuss based on the gen-art review.

- I like the idea as explained in the response to the gen-art
review, but didn't get that from the abstract or writeup so I
think fixing those to make the purpose of this clear (make
off-path attacks hard) would be good.

- What is an RDM? (3.1.3) Better to spell that out rather
than force the reader off to rfc 3115.

- Shouldn't there be a requirement to use a different "reconfigure
key value" every single time? If those are re-used, then a client
could pretend to be the server.

- I guess I wondered if you can do this, why can't the server just
sign the response with a private key? 

- Should there be an IANA registry for the type field here in
case you ever want more than hmac-md5?

(Russ Housley) (was Discuss) No Objection

(Pete Resnick) No Objection

Comment (2012-02-14 for -)
No email
send info
The portion of 3.1.2 which starts "The following fields are set in an DHCP authentication option for the Forcerenew Nonce Authentication Protocol:" is poorly written. The fields are not listed in order, the explanation for length is incorrect. This needs to be rewritten.

(Peter Saint-Andre) No Objection

Comment (2012-02-15 for -)
No email
send info
I concur with the DISCUSS that Russ lodged (based on the Gen-ART review).

(Robert Sparks) (was Discuss) No Objection

(Sean Turner) (was Discuss) No Objection