Re: [CGA-EXT] [dhcwg] Follow up request for review of draft-ietf-csi-dhcpv6-cga-ps

Ted Lemon <> Tue, 14 September 2010 21:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C98873A6AA9; Tue, 14 Sep 2010 14:20:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -106.424
X-Spam-Status: No, score=-106.424 tagged_above=-999 required=5 tests=[AWL=0.175, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6I37pM5oUqCT; Tue, 14 Sep 2010 14:20:56 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 720073A696C; Tue, 14 Sep 2010 14:20:53 -0700 (PDT)
Received: from source ([]) (using TLSv1) by ([]) with SMTP ID DSNKTI/; Tue, 14 Sep 2010 14:21:22 PDT
Received: from ( []) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client CN "", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by (Postfix) with ESMTP id B9C781B8284; Tue, 14 Sep 2010 14:21:11 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Tue, 14 Sep 2010 14:21:11 -0700
MIME-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Ted Lemon <>
In-Reply-To: <>
Date: Tue, 14 Sep 2010 17:21:05 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <>
References: <>
To: " Group" <>
X-Mailer: Apple Mail (2.1081)
Cc:, Ralph, Droms <>
Subject: Re: [CGA-EXT] [dhcwg] Follow up request for review of draft-ietf-csi-dhcpv6-cga-ps
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 14 Sep 2010 21:20:58 -0000

We've talked about the topics in this draft before at the DHC working group.   I just reread it, and the only thing I object to about it is the thing I've always objected to about it when it's come up in DHC meetings--the idea of offloading CGA generation work to the DHCP server.

This idea doesn't make sense to me from a security perspective--based on my probably naive understanding of CGA, it seems like this would mean that the private key would have to be sent over the wire in the clear.

I'd be happy to see this draft advance if the text about generating keys on the DHCP server were taken out.