Mirja Kühlewind's No Objection on draft-ietf-dhc-relay-port-07: (with COMMENT)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Mirja Kühlewind's No Objection on draft-ietf-dhc-relay-port-07: (with COMMENT)

Mirja Kuehlewind (IETF)
Mirja Kühlewind has entered the following ballot position for
draft-ietf-dhc-relay-port-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-port/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I really think this document should update RFC2131 and RFC3315 as it proposed
concrete changes to both RFCs. The point is that, while the use of the
described mechanism and options is optional, I think the updates of the texts
apply more generally.

Further, I would think that if a DHCP server now has to listen on all ports for
incoming traffic, that this would raise additional security considerations.
However, didn’t think enough about it to name a specific threat.


_______________________________________________
dhcwg mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/dhcwg
Reply | Threaded
Open this post in threaded view
|

Re: Mirja Kühlewind's No Objection on draft-ietf-dhc-relay-port-07: (with COMMENT)

Bernie Volz (volz)
Hi:

A DHCP Server does not need to listen on other ports. Only the relay that wants to use an alternative port for responses needs to listen on alternate port(s).

Regarding the updates issue, this is always a complex question - does a new DHCP option update these documents? I believe that updates should be used for required changes to a protocol (or corrections), not for extensions. It is too bad there is no “extends” tag to indicate extensions.

- Bernie

On Nov 13, 2017, at 11:47 AM, Mirja Kühlewind <[hidden email]> wrote:

Mirja Kühlewind has entered the following ballot position for
draft-ietf-dhc-relay-port-07: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-port/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I really think this document should update RFC2131 and RFC3315 as it proposed
concrete changes to both RFCs. The point is that, while the use of the
described mechanism and options is optional, I think the updates of the texts
apply more generally.

Further, I would think that if a DHCP server now has to listen on all ports for
incoming traffic, that this would raise additional security considerations.
However, didn’t think enough about it to name a specific threat.


_______________________________________________
dhcwg mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/dhcwg

_______________________________________________
dhcwg mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/dhcwg
Reply | Threaded
Open this post in threaded view
|

Re: Mirja Kühlewind's No Objection on draft-ietf-dhc-relay-port-07: (with COMMENT)

Mirja Kuehlewind (IETF)
Hi Bernie,


> Am 13.11.2017 um 11:57 schrieb Bernie Volz (volz) <[hidden email]>:
>
> Hi:
>
> A DHCP Server does not need to listen on other ports. Only the relay that wants to use an alternative port for responses needs to listen on alternate port(s).

Right. And you don’t think that that has any new security implications?
>
> Regarding the updates issue, this is always a complex question - does a new DHCP option update these documents? I believe that updates should be used for required changes to a protocol (or corrections), not for extensions. It is too bad there is no “extends” tag to indicate extensions.

I agree the option would not require an update but the text changes do.

Mirja


>
> - Bernie
>
> On Nov 13, 2017, at 11:47 AM, Mirja Kühlewind <[hidden email]> wrote:
>
>> Mirja Kühlewind has entered the following ballot position for
>> draft-ietf-dhc-relay-port-07: No Objection
>>
>> When responding, please keep the subject line intact and reply to all
>> email addresses included in the To and CC lines. (Feel free to cut this
>> introductory paragraph, however.)
>>
>>
>> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-port/
>>
>>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>> I really think this document should update RFC2131 and RFC3315 as it proposed
>> concrete changes to both RFCs. The point is that, while the use of the
>> described mechanism and options is optional, I think the updates of the texts
>> apply more generally.
>>
>> Further, I would think that if a DHCP server now has to listen on all ports for
>> incoming traffic, that this would raise additional security considerations.
>> However, didn’t think enough about it to name a specific threat.
>>
>>
>> _______________________________________________
>> dhcwg mailing list
>> [hidden email]
>> https://www.ietf.org/mailman/listinfo/dhcwg

_______________________________________________
dhcwg mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/dhcwg
Reply | Threaded
Open this post in threaded view
|

Re: Mirja Kühlewind's No Objection on draft-ietf-dhc-relay-port-07: (with COMMENT)

Suresh Krishnan-2
Hi Mirja,

On Mon, Nov 13, 2017 at 1:38 PM, Mirja Kuehlewind (IETF)
<[hidden email]> wrote:

> Hi Bernie,
>
>
>> Am 13.11.2017 um 11:57 schrieb Bernie Volz (volz) <[hidden email]>:
>>
>> Hi:
>>
>> A DHCP Server does not need to listen on other ports. Only the relay that wants to use an alternative port for responses needs to listen on alternate port(s).
>
> Right. And you don’t think that that has any new security implications?
>>
>> Regarding the updates issue, this is always a complex question - does a new DHCP option update these documents? I believe that updates should be used for required changes to a protocol (or corrections), not for extensions. It is too bad there is no “extends” tag to indicate extensions.
>
> I agree the option would not require an update but the text changes do.

The mechanism specified in this document is not generically applicable
to implementers of RFC3315 and RFC2131. Only relay nodes that run the
relay processes on non ports need to implement this spec. I think
making this document update RFC3315/2131 would cause more harm than
good.

Thanks
Suresh

_______________________________________________
dhcwg mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/dhcwg