Re: Security Architecture for DHCP
bound@zk3.dec.com Tue, 22 April 1997 03:45 UTC
Received: from cnri by ietf.org id aa15553; 21 Apr 97 23:45 EDT
Received: from marge.bucknell.edu by CNRI.Reston.VA.US id aa00765; 21 Apr 97 23:45 EDT
Received: from reef.bucknell.edu by mail.bucknell.edu; (5.65v3.2/1.1.8.2/17Jul96-0109PM) id AA00116; Mon, 21 Apr 1997 23:41:30 -0400
Date: Mon, 21 Apr 1997 23:41:30 -0400
Message-Id: <9704220313.AA14461@wasted.zk3.dec.com>
Errors-To: droms@bucknell.edu
Reply-To: dhcp-v4@bucknell.edu
Originator: dhcp-v4@bucknell.edu
Sender: dhcp-v4@bucknell.edu
Precedence: bulk
From: bound@zk3.dec.com
To: Multiple recipients of list <dhcp-v4@bucknell.edu>
Subject: Re: Security Architecture for DHCP
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Comment: Discussion of DHCP for IPv4
Ted, >> The expense is only at set up not during processing. Your also assuming >> all nodes are booting monday morning and I don't believe that assumption >> is valid in all cases. The cost of all nodes booting has many issues >> besides security. I consider this argument a red herring. >No, the expense happens every time you check the signature on a >message. And we have a lot of evidence that the monday morning boot >rush _does_ happen, so even if it doesn't happen in all cases, we >still need to consider it. This argument is most definitely _not_ a >red herring. Asymmetric key signatures are *expensive*! I will not recant what Olafur stated. I see your point on the boot as I said. From other mail to Olafur I now think your concerned about the encrypt/decrypt of the message with the signature. I have to check with some one more expertise than I on the actual algorithm as to me it is just a function call or overlay. I will get back to you. But your saying the symetric algorithm is a lightweight scheme needed. I have no issue with that as long as we don't state that the asymetric is not part of our scope of work. >> I don't agree with you. Having the client and server learn a key and >> and distributing them is less secure than public key using private keys >> a the client and server. I also believe key recovery is easier with >> public key. >Like I said, you can use public key as a fallback when you haven't >already got a shared private key. But if you have a shared private >key, it's a lot quicker to use that. Why do we need key recovery? >Am I missing something here? My customers are telling me they want this strong stuff. But I see no issue for 64bit Alphas either at this point in time. Key recovery is a reality I must deal with to ship products except to U.S. and Canada. The mechanisms being defined to do this at present assume public keys. This is not my want but a requirement. It is a market requirement whether I am a crypto libertarian or not. >> Also your mail (which I just read again) focuses too much on DHCPv4 >> and not enough on the problem and choice for client/server issues >> which I would like to see addressed first in the WG before we nail >> down solutions. I think Olafur's draft heads us in that direction. >> But ignoring DHCPv6 or IPv6 is not wise. >I am not sufficiently conversant in the DHCPv6 protocol to speak to >security issues there - that's why I left that open. However, you've >stated that you think the DHCPv6 problem can be solved with IPsec. If >you're right, DHCPv6 is largely irrelevant to this discussion. Are >you now saying that IPsec will not work for DHCPv6? I think IPsec will work for DHCPv6 so I will talk to Olafur off line. >> I don't think this is an either/or situtation customers will want a >> choice here and to force symetric algorithms and strategy on them as the >> only solution IMO is not a good idea and I don't support that idea. >Precisely. What I am proposing is that they have a choice between two >authentication methods, and that it be possible for this choice to be made automatically in cases where both methods are needed. One method >is a very expensive asymmetric key solution that will be very >CPU-intensive, but provides good ad-hoc authentication when no shared >secret exists. The other is a much cheaper scheme which only works >when the client and server share a secret. I have no issue with that at all. >Can you tell me specifically what you don't like about this proposal? I think your requirements are fine I assume they will be brought forth into Olafur's draft. Its not that I don't like it. Its that it is very DHCPv4 terminology focused in the examples. For example what happens with DHCPv6 with SOLICIT is much different than DISCOVER and DHCPv6 uses multicast. I don't think pursuing this discussion is useful. If I thought your "requirements" were way off I would have said so, but I do not. /jim
- Security Architecture for DHCP bound
- Re: Security Architecture for DHCP Ted Lemon
- Re: Security Architecture for DHCP bound
- Re: Security Architecture for DHCP bound
- Re: Security Architecture for DHCP Ted Lemon
- Re: Security Architecture for DHCP Olafur Gudmundsson
- Re: Security Architecture for DHCP bound