DHC
WG, IETF-93 (Prague)
Date: Thursday, July 23, 2015, 13:00-15:00
(CEST)
Location: Berlin/Brussels Room
Chairs: Tomek Mrugalski & Bernie Volz
Secretary: Sheng Jiang
Presentations materials: https://datatracker.ietf.org/meeting/93/materials.html#wg-dhc
1.
Co-Chairs
- Administrativia (Agenda Bashing, WG Status, ...) - 5 minutes
Hackathon on July 18 & 19, a group of
participators went through Stateful issues (RFC7550)
and tested Secure DHCPv6 interoperated with two
implementations.
Calling topics for Hackathon in IETF-94,
Yokohama, besides DHCP4o6 (RFC 7341)
6o4 - Marcin / Francis /
2.
Stable
Privacy Addresses next steps - 10 minutes
draft-ietf-dhc-stable-privacy-addresses
Bernie:
there is few discussion on this draft since adoption.
Lorenzo: Just leave it up to server implementers. It doesn't optimize for server memory.
There is not much value in this.
Marcin: also little value.
Ted Lemon: useful to have an algorithm to prevent bad
algorithms e.g. privacy leakage
Fernando: it is useful
Tomek (no hat): a small amount of value - not standards
track - prefer informational
Christian Huitema: stable is against privacy
Ted Lemon: do this algorithm if you want privacy -
Applicability statement.
Eric: First paragraph of section 4 is controversial
"DHCPv6 server implementations conforming to this
specification MUST
generate non-temporary IPv6 addresses using the algorithm specified
in this section."
Bernie: there is one use case for CPE.
Dead/Standards/Info (consensus of hum for dead,
standards silence, Info soft)
Bernie: it seems the WG prefers to kill it.
Ted Lemon: should not kill this, otherwise IA-NA should
also be deprecated, too.
Post Meeting Action: Confirm dead decision on WG mailing
list.
3.
Secure
DHCPv6 and DHCPv4, Sheng Jiang - 10 minutes
draft-ietf-dhc-sedhcpv6,
draft-jiang-dhc-sedhcpv4
Secure DHCPv6:
Adapt SeND timestamp format that was proposed
during the hackathon/WG
discussion. And other terminologies need to be fixed.
Received comments on supporting multiple
certs. Question to WG/SAG: Do we
need to support multiple certs?
Ted Lemon: no point in multiple - do
sequentially
UDP Frag issues if present should be raise
in Security Considerations, but
not fixed in this doc. It is generic for UDP not for DHCPv6 specific.
Bernie:
UDP/IP is a service to DHC
Christian H: still worries about
fragmentation.
Ted Lemon: We can't solve this problem in
this WG. Best is the enemy of
good enough.
The coauthor is given a report and calling
help in SAG for generic security
Issue. But it we could not solve these issues, the document should still go
forward
Brian: Slide 4: need describe where this is
used. Different trust model
enterprise vs. coffee shop - be aware of timing difference
Secure DHCPv4:
Just changes report no questions
Order work on Marcin: V6 before V4
Bernie: the WG would process Secure DHCPv4 after Secure DHCPv6 stabilized.
Post Meeting Action: Confirm switch to SeND time format.
4.
Anonymity
Profile Implementation & Deployment results,
Christian Huitema - 15 minutes
draft-ietf-dhc-anonymity-profile
Marcin:
basically in good state.
- Wake-up behavior is not clear. Just do
discover as otherwise you leak address.
Lorenzo: Why not just send hello+mac or
something?
Chris: no sending simpler, invent new name
is a lie with compatibility issue; the name
should not be reversible.
Lorenzo: switching on same ssid - does it
burn down DHCP server?
WGLC after next draft
Post Meeting Action: Make any last edits to
3 documents related to privacy, then initiate
WGLC on all 3 together.
5.
DHCPv6bis
update & issues discussion, dhcpv6bis team - 25 minutes
draft-cui-dhc-dhcpv6-prefix-length-hint-issue
Steve:
No points for encapsulated options – rfc's say
what MUST be there.
- Lots of implicit updates?
Prefix length hint
Ole: bad initial design
Suresh: same concern
Ted Lemon: not require special cases in the
server
Drop lifetime hints; server ignore it
Ole: Supports dropping. How to hint renumber wanted?
Ted Lemon: client initiate renumber: request
new prefix then release old one once
you have the new one
Bernie: will make this more explicit in
document
Marcin:
move #81 forward as soon as possible and combine if possible
How to grow PD is an important issue
Marcin: more info on how to do this
Ted: solution is to renumber into bigger.
6.
YANG
Data Model for DHCPv6, Linhui Sun - 15 minutes
Bernie:
how does this apply to hackaton?
Marcin:
worried about how well this works with existing implementations - and
updates to them - will do careful review
?:
needs to cover
light weight relay agent.
Bernie: worried if this will fail like older
attempts failed
Is this implementable/usable? Need feedback from implementers (expected
to be part of the IETF'94 hackathon)
Chair: Bernie: is there interest from the WG? Dozen or so hands
Tomek's note: around 20 people interested.
Post Meeting Action: Nothing specific;
authors and interested parties should review
document and develop mappings to several implementations to confirm Yang model.
7.
Authentication
and Encryption Mechanism for DHCPv6,
Tianxiang Li - 15 minutes
draft-cui-dhc-dhcpv6-encryption
Eric: could you do encryption without
certificate? Certificate has privacy issue
A: yes.
Christian: without authentication, security
is meaningless. Encryption to the server
only protects when you trust server.
Discussion about server trust.
Francis: go talk to crypto experts.
Chair: Bernie: interest in proceeding? Some not huge
Tomek's note: around 10 people interested.
Post Meeting Action: Solicit input to
concept and details from security area (Francis
and co-authors to initiate). Revised draft expected before
possible adoption call.
WG co-chairs will discuss this work item
with AD to gauge level of interest in
potentially adding to charter.
8.
4o6
Bulk and Active Leasequery, Tianxiang Li - 10 minutes
draft-cui-dhc-dhcp4o6-bulk-active-leasequery
No clarifying questions/discussion
9.
Relay
Initiated Release, Sunil M Gandhewar - 5 minutes
draft-gandhewar-dhc-v6-relay-initiated-release
draft-gandhewar-dhc-relay-initiated-releasee
Ian:
this will cause problems - Client will think it has a lease but it has gone
from
underneath it
Ted
Lemon: why for v6? Merge drafts.
Post
Meeting Action: Authors should follow up with commenters and address
their concerns (mostly around why this is needed and to assure it will not
cause problems if implemented with state possibly retained in clients).