Re: [DMM] RFC4283bis progress..

2015-07-14 Thread Templin, Fred L
Perkins Subject: Re: [DMM] RFC4283bis progress.. HI Fred, MIP NAI structure is some what designed for carrying an identifier that can be represented in a simple structure. It is bound by the 1-octet size limit defined in RFC6275. X.509 is a complex structure, it includes the signed public key

Re: [DMM] RFC4283bis progress..

2015-07-14 Thread Brian Haberman
Hi Fred, On 7/14/15 10:54 AM, Templin, Fred L wrote: Hi Sri, Reason for the X.509 certificate is that, in some environments, an attacker can spoof a DHCP Client Identifier and receive services that were intended for the authentic client. With X.509 certificate, the certificate

Re: [DMM] RFC4283bis progress..

2015-07-14 Thread Templin, Fred L
Hi Brian, -Original Message- From: dmm [mailto:dmm-boun...@ietf.org] On Behalf Of Brian Haberman Sent: Tuesday, July 14, 2015 8:37 AM To: dmm@ietf.org Subject: Re: [DMM] RFC4283bis progress.. Hi Fred, On 7/14/15 10:54 AM, Templin, Fred L wrote: Hi Sri, Reason

Re: [DMM] RFC4283bis progress..

2015-07-14 Thread Brian Haberman
On 7/14/15 12:19 PM, Templin, Fred L wrote: Hi Brian, -Original Message- From: dmm [mailto:dmm-boun...@ietf.org] On Behalf Of Brian Haberman Sent: Tuesday, July 14, 2015 8:37 AM To: dmm@ietf.org Subject: Re: [DMM] RFC4283bis progress.. Hi Fred, On 7/14/15 10:54 AM, Templin

Re: [DMM] RFC4283bis progress..

2015-07-14 Thread Sri Gundavelli (sgundave)
To: dmm@ietf.org Subject: Re: [DMM] RFC4283bis progress.. Hi Fred, On 7/14/15 10:54 AM, Templin, Fred L wrote: Hi Sri, Reason for the X.509 certificate is that, in some environments, an attacker can spoof a DHCP Client Identifier and receive services that were intended for the authentic

Re: [DMM] RFC4283bis progress..

2015-07-14 Thread Templin, Fred L
Hi Brian, -Original Message- From: dmm [mailto:dmm-boun...@ietf.org] On Behalf Of Brian Haberman Sent: Tuesday, July 14, 2015 11:31 AM To: dmm@ietf.org Subject: Re: [DMM] RFC4283bis progress.. On 7/14/15 12:19 PM, Templin, Fred L wrote: Hi Brian, -Original Message

Re: [DMM] RFC4283bis progress..

2015-07-14 Thread Jouni Korhonen
This is doable using Hash and URL of X.509 certificate used in IKEv2 certificate payloads. See RFC 7296 Section 3.6. That should fit into 254 bytes assuming the URL is not extra long. - Jouni 7/14/2015, 8:36 AM, Brian Haberman kirjoitti: Hi Fred, On 7/14/15 10:54 AM, Templin, Fred L

Re: [DMM] RFC4283bis progress..

2015-07-13 Thread Templin, Fred L
Sent: Thursday, July 09, 2015 7:45 PM To: Sri Gundavelli (sgundave); jouni korhonen; dmm@ietf.org; Charlie Perkins Subject: Re: [DMM] RFC4283bis progress.. Hello folks, The last discussion about the document was related to whether or not Vehicle ID should be included in the draft. No resolution

Re: [DMM] RFC4283bis progress..

2015-07-13 Thread Sri Gundavelli (sgundave)
@ietf.orgmailto:dmm@ietf.org dmm@ietf.orgmailto:dmm@ietf.org, Charlie Perkins charlie.perk...@huawei.commailto:charlie.perk...@huawei.com Subject: RE: [DMM] RFC4283bis progress.. Hi, I would like to suggest one additional identifier before publication: X.509 certificate as per Section 5.2 of Secure DHCPv6

Re: [DMM] RFC4283bis progress..

2015-07-09 Thread Sri Gundavelli (sgundave)
@ietf.orgmailto:dmm@ietf.org dmm@ietf.orgmailto:dmm@ietf.org, Charlie Perkins charlie.perk...@huawei.commailto:charlie.perk...@huawei.com Subject: [DMM] RFC4283bis progress.. Charlie, WG, In last IETF and slightly after that there was discussion about missing MN-IDs in the current -00 version. Have