DHC WG minutes for IETF-99 Prague (DRAFT)

Date: Wednesday, July 19, 2017, 13:30-15:00 (CEST)
Location: Athens/Barcelona
Chairs: Tomek Mrugalski & Bernie Volz


1. The meeting had started with co-chairs (Bernie Volz and Tomek
Mrugalski) going through the agenda and summarizing the state of the
game (two RFCs 8156, 8168 being published, with another one in RFC-Ed
queue).

2. John Brzozowski delivered an excellent presentation about DHCPv6
deployment at Comcast, which is one of the biggest production networks
that use DHCPv6. The scope of this deployment (devices counted in tens
of millions) was of particular interest to the WG. 99% of 44 million
cable modems is using IPv6 and 90% of them are v6-only. As John said
"The scale doubled over the years. Every day is a first". Some details
of specific mechanisms were shared: IA_NA and IA_PD are used, with CPE
getting /56 prefix, splits to /58s or /60s. There are plans to retire
IA_NA and use PD only. SLAAC is everywhere on home networks, with some
gateways doing stateful as well. Intention is to deploy rapid-commit
to optimize traffic. No specific protocol issues reported, but there
may be some operational experience draft coming.

3. Tomek Mrugalski presented Secure DHCPv6 update -
draft-ietf-dhc-sedhcpv6. We did conclude a WGLC since previous meeting,
but serious objections were raised. On technical level the solution
was almost workable, but as preparation for a hackathon serious
questions were raised that quickly escalated into discussion about
base assumptions. Bernie and Tomek discussed the matter with
co-authors and Sec AD, and came up with several possible ways forward:
a) fix the key signing issue, publish as experimental; b) scope down
to just do opportunistic encryption; c) step back and do a problem
statement draft first; d) drop the work.  It became very clear that
going with the experimental publication route was not favored by
anyone, so quickly discarded. People in the room cared about the
security, so dropping the work was discarded as well.  Suresh
Krishnan (responsible Int AD) was ok with dropping the work, but was
also fine with going with the problem statement.  Kathleen Moriarty
(Sec AD) asked whether the DHC needs help. The ipsec WG is small, but
it's full of experts. Also pointed out that the threat analysis is
typically done by the WG. Discussion evolved around the question of
whether opportunistic encryption could be achieved with IPSec. The
major problem here is that DHCPv6 uses deployed relay agents that
can't really be modified and clients communicate with relays using
multicast. It was not immediately clear whether IPSec can handle that
or not.

It is clear that 3315bis and its security considerations section
requires some additional work.

4. Srinivasa Rao Nallurim presented DHCP/DHCPv6 options for LWM2M
bootstrapping (draft-nalluri-dhc-dhcpv6-lwm2m-bootstrap-options),
which was a first remote presentation in DHC in a very long time. It
went well. Some concerns were raised by Francis Dupont, who pointed
out that the text about storing a certificate requires clarification.

People in the room were generally in favor of the concept. There are no
WGs dedicated to this work. Chairs asked Suresh, as responsible AD,
that it would be ok to adopt this work in DHC. An adoption call will be
announced soon.
    
5. Danny Moses presented OnDemand Extensions to DHCPv6 for IP Session
Continuity Requests (draft-moses-dmm-dhcp-ondemand-mobility,
draft-ietf-dmm-ondemand-mobility). This is a work being done in the
DMM WG and was presented in DHC to provide background information and
ask for a review. Some discussion ensued with the option formats
looking good. There was a question whether anchor preference option is
needed at all as the desired functionality could possibly be done with
a IA_PD with hints sent using IAPREFIX option.

The meeting finished almost exactly on time, taking good use of all 90
minutes.