[dhcwg] 3315bis question: Changing default DUID to DUID-LL?
Tomek Mrugalski <tomasz.mrugalski@gmail.com> Mon, 23 May 2016 20:01 UTC
Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8F9F12DAE3 for <dhcwg@ietfa.amsl.com>; Mon, 23 May 2016 13:01:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xTRxHZq8icS8 for <dhcwg@ietfa.amsl.com>; Mon, 23 May 2016 13:01:50 -0700 (PDT)
Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 339DB12DAEE for <dhcwg@ietf.org>; Mon, 23 May 2016 13:01:45 -0700 (PDT)
Received: by mail-lf0-x22f.google.com with SMTP id k98so18659214lfi.1 for <dhcwg@ietf.org>; Mon, 23 May 2016 13:01:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=WCI17bXChIQbGh/RJ1BujnnKnc8lLnM2TrstBwrCNoA=; b=LkqwkgXokJZlZJawBiGyjXKiIKnoZ2NG54mBNfnGBmlIePF60TJmKc/wLKaGJHIIIY nuiT9l218b4M8FhskpsEJ77bL7X7gb+w6ILmpX4zkvc8Jwr2o+wdT7yQlaLd75yvgp0g ir7asCcDbRpeTQfjPSLliatHe+cjjyoG8Hm+MPcnK8z9PXqb5ZpyzvlncwkRPOL2pkC8 WbMmGSWYeAg9uRbFIV/sj9VfcOmj9ijN6MDPG3GdmVIoV3s1L2QoPoRTiLULbiqKzbYC 0nTegt9nd/5C6ecs0L7ftJ3ozDVuAZsQHKP+EEQDXcfy4Ba/wQK2lzPj+gTe3T2CqF5n GIbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=WCI17bXChIQbGh/RJ1BujnnKnc8lLnM2TrstBwrCNoA=; b=Gex2SdgOrFvkPDOinrtQY0j8UHQmUFfz26ZILtr6CCShm2bEmutAPPrxdLC+qpvY+e J/fku3EgIHgcCSIOmbnmgT+iyDdJlGv3m8TScLPusIEwgHCXAZMh8yn8iDvwRDfnbcNj eZbc7sz4M0dJMrPIFL+nK5sb4e+rCaQxAKuXy7rqOPi78d8gA4IzlMU4XCOLvQMlSZ/o T/XelERPBBfE7NSPIfQBbsGLZxRZIZ1LFFlEsRuqktsuKgunbwl1vj2NHK8ka2knSGj3 j8JzjairIHPm9VpSLIpeRkANn1clc5EGSIzNJqAC7J1+rQqJQfSEaW0Ij4SNUCY5K2VK PP8A==
X-Gm-Message-State: ALyK8tIdlBnVhpJhU71cV1/31EvfAPHV8AOv9RKQmVRG1NjbNFE5K7AqE9oCKVnJ0ov5YQ==
X-Received: by 10.25.214.92 with SMTP id n89mr4917218lfg.162.1464033703155; Mon, 23 May 2016 13:01:43 -0700 (PDT)
Received: from [10.0.0.100] (088156132194.dynamic-ww-4.vectranet.pl. [88.156.132.194]) by smtp.googlemail.com with ESMTPSA id uh4sm6011959lbb.46.2016.05.23.13.01.41 for <dhcwg@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Mon, 23 May 2016 13:01:42 -0700 (PDT)
References: <574093A8.5040300@gmail.com>
To: dhcwg <dhcwg@ietf.org>
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
X-Enigmail-Draft-Status: N1110
X-Forwarded-Message-Id: <574093A8.5040300@gmail.com>
Message-ID: <574361A4.9040907@gmail.com>
Date: Mon, 23 May 2016 22:01:40 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <574093A8.5040300@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/KEo5wG3C1Q2xsVmhijTmeHPaWDs>
Subject: [dhcwg] 3315bis question: Changing default DUID to DUID-LL?
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 20:01:52 -0000
Hi, People (in particular those people that run actual networks, but never come to IETF) complained about DHCPv6 being difficult to use, because DUIDs of new devices are unknown until the device is booted up. This is opposed to MAC addresses that are typically printed on the devices. This information could be used directly if the clients used DUID-LL rather than DUID-LLT by default. See forwarded email below for more details. The proposal is tweak existing text in RFC3315bis to explicitly say that DUID-LL is the default (existing text suggested that DUID-LLT is the default if device has clock and a stable storage and that's how it was interpreted by most vendors). Recently we discussed this on dhcpv6bis list. The responses were favorable, but there's strong agreement that change of this scope requires consensus in DHC WG. You can review the previous discussion on dhcpv6bis here: https://mailarchive.ietf.org/arch/msg/dhcpv6bis/0r50PZd_oGBtkzP3L3wRkBEqNUg Two technical points were made: 1. Bernie pointed out that Cable labs already requires using DUID-LL for cable modems. 2. Ted pointed out that DUID-LL does not reveal anything more than DUID-LLT already does, so there's no problem from privacy perspective. So, what's your opinion on this? Tomek -------- Forwarded Message -------- Subject: Changing default DUID to DUID-LL? Date: Sat, 21 May 2016 18:58:16 +0200 From: Tomek Mrugalski <tomasz.mrugalski@gmail.com> To: dhcpv6bis@ietf.org <dhcpv6bis@ietf.org> I recall we did talk about this briefly, but I can't find anything specific posted to dhcpv6bis. Once in a while sysadmins keep asking why DHCPv6 is using DUID-LLT as default, rather than just LL. Here's an example of such question asked last week: https://www.facebook.com/groups/2234775539/permalink/10154080188010540/ (if you don't have facebook account, you can still see the discussion by clicking X comments link). The details vary, but the general objection is still the same. There's a large enterprise or similar organization and the sysadmin would like to know DUIDs of the devices he's about to plug into his network to do host reservation, access control or provide some options on a per host basis. He can't do that without powering up every device and letting it generate its LLT duid. There are several twists to this. First, some people claim it's difficult to extract generated DUIDs from many operating systems, so cases where users themselves are expected to provide their DUID, even if the device was booted up already, are problematic for users to handle. Another objection is that most hardware these days have MAC address printed on it. Vendors can't really print DUIDs as they are not known during manufacturing phase. As I understand it, the original rationale for using LLT rather than LL as default was to avoid cases when switching faulty NIC would make the client to change its DUID. This is very 1990s. If you disagree with this, when was the last time you replaced faulty interface card? Also, the mechanism we have right now - generate the DUID and store it - effectively solves the concern. So, what's your opinion on making the DUID-LL the default for regular devices (i.e. those with clocks and stable storage for generated DUIDs)? Tomek
- [dhcwg] 3315bis question: Changing default DUID t… Tomek Mrugalski
- Re: [dhcwg] 3315bis question: Changing default DU… Ted Lemon
- Re: [dhcwg] 3315bis question: Changing default DU… Roy Marples
- Re: [dhcwg] 3315bis question: Changing default DU… Ted Lemon
- Re: [dhcwg] 3315bis question: Changing default DU… Erik Kline
- Re: [dhcwg] 3315bis question: Changing default DU… Ted Lemon
- Re: [dhcwg] 3315bis question: Changing default DU… Erik Kline
- Re: [dhcwg] 3315bis question: Changing default DU… Ted Lemon
- Re: [dhcwg] 3315bis question: Changing default DU… Erik Kline
- Re: [dhcwg] 3315bis question: Changing default DU… Simon Hobson
- Re: [dhcwg] 3315bis question: Changing default DU… Ted Lemon