IETF Logo Mail Archive

Re: [dhcwg] Review of draft-ietf-dhc-sedhcpv6-01

Qi Sun <sunqi.csnet.thu@gmail.com> Fri, 04 April 2014 08:35 UTC

Return-Path: <sunqi.csnet.thu@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ADF41A0442 for <dhcwg@ietfa.amsl.com>; Fri, 4 Apr 2014 01:35:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSb_ex0IxseE for <dhcwg@ietfa.amsl.com>; Fri, 4 Apr 2014 01:35:34 -0700 (PDT)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) by ietfa.amsl.com (Postfix) with ESMTP id 545891A0434 for <dhcwg@ietf.org>; Fri, 4 Apr 2014 01:35:31 -0700 (PDT)
Received: by mail-pa0-f50.google.com with SMTP id kq14so3140724pab.37 for <dhcwg@ietf.org>; Fri, 04 Apr 2014 01:35:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=71Krb7eskxpZEEE6ZCSYmWZBWNrkaccSCbs4nnmlosk=; b=WZDb07nrRsV4Fc71O7zp4dj2XPNgjccedJ7fhF1GGsg4hirccdwf1oolw7psgzBuWA f1CpDvbDTkfInSSy3dDSjTGcOq5kLQvRAZ9haormoV/0w3AXOMuOoowGcrfBPwGfh139 9aeOVNwp2jhbJcDclDFhnLyJtOPPaqhUtULyvQbJzVIsGjmLRsALzoFBFGhRZPEaUdNP MC95sQWGry4U4vpzzDx0r2/pAmyB5+Ii9IHW/ZrNzcUCShw1WWSXIxITo/iaMRe0Jasa +nf9LRk4fL7Bl7WWswuq+14+Mdbc5/Tnsr+Z2W0sV0S3jOJ9Wh2NHDT8MBGlKWsZz9Kw qy3Q==
X-Received: by 10.66.240.4 with SMTP id vw4mr13421093pac.26.1396600526909; Fri, 04 Apr 2014 01:35:26 -0700 (PDT)
Received: from sunqideair.lan ([166.111.68.231]) by mx.google.com with ESMTPSA id yi3sm16189489pbb.51.2014.04.04.01.35.22 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 04 Apr 2014 01:35:26 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_C0096491-D0B2-4B73-AE2A-2AC994B51F15"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Qi Sun <sunqi.csnet.thu@gmail.com>
In-Reply-To: <5D36713D8A4E7348A7E10DF7437A4B923AE34B8A@nkgeml512-mbx.china.huawei.com>
Date: Fri, 04 Apr 2014 16:35:17 +0800
Message-Id: <73511884-93B9-49E8-A21F-27124862B9E9@gmail.com>
References: <0608491B-C35F-4145-BD3D-A3D766A5A3E4@gmail.com> <5D36713D8A4E7348A7E10DF7437A4B923AE34B8A@nkgeml512-mbx.china.huawei.com>
To: Sheng Jiang <jiangsheng@huawei.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/-9Zz1JULWRGmUc58FjzlNIagIc8
X-Mailman-Approved-At: Fri, 04 Apr 2014 04:08:26 -0700
Cc: "<dhcwg@ietf.org>" <dhcwg@ietf.org>, "draft-ietf-dhc-sedhcpv6@tools.ietf.org" <draft-ietf-dhc-sedhcpv6@tools.ietf.org>
Subject: Re: [dhcwg] Review of draft-ietf-dhc-sedhcpv6-01
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Apr 2014 08:35:39 -0000

Hi Sheng, 

Yes, correcting description in Sec 6.1 is sufficient. Thanks!

Best Regards,
Qi

On Apr 4, 2014, at 3:52 PM, Sheng Jiang <jiangsheng@huawei.com> wrote:

> Hi, Qi,
>  
> Thanks so much for your carefully review. All editorial comments will be applied in the next update in a couple of week time. Your technical comments are also valid, they will be applied too.
>  
> Some explanation for technical point 1, regarding to signature option.  In the section 5.3, the signature “constructed by using the sender's private key protects the following sequence of octets:
>  
>                1. The DHCPv6 message header.
>  
>                2. All DHCPv6 options including the Signature
>                option (fill the signature field with zeroes)
>                except for the Authentication Option.”
>  
> So, the signature option itself, including timestamp is actually protected. Changing the wrong description in Section 6.1 would be sufficient to address this comment.
>  
> Regards,
>  
> Sheng
>  
> From: Qi Sun [mailto:sunqi.csnet.thu@gmail.com] 
> Sent: Thursday, April 03, 2014 5:28 PM
> To: <dhcwg@ietf.org>
> Cc: draft-ietf-dhc-sedhcpv6@tools.ietf.org; liuzilong8266@163.com
> Subject: Review of draft-ietf-dhc-sedhcpv6-01
>  
> Hi all,
>  
> I volunteered to review the document. Here are my comments (sorry if some of them have been discussed). But most are editorial. 
>  
> 1. Technical
> 1) About the Signature Option
> a) Different description of Signature Option:
> Sec 5.3: "It protects the entire DHCPv6 header and options, except for the Authentication Option.” 
> Sec 6.1: "It protects the message header and the message payload and all DHCPv6 options except for the Signature option itself and the Authentication Option.”
>  
> b) As is described above, Signature option does not protect itself including the timestamp which will be used to judge the message's validity. It means attackers can change the timestamp without destroying the signature. So attackers changes the timestamp of message, then the recipient will inspect the signature which is "correct" despite the change of the timestamp. This might cause a replay attack.
>  
> 2) Inequality on the bottom of Page 12
> "TSnew + fuzz > TSlast + (RDnew - RDlast) x (1 - drift) - fuzz"
>  
> What if RDnew < RDlast, maybe caused by a bad clock? In this case, the inequality holds (so that the message is accepted) but there might be something wrong. For the security reason, it would be better to drop the message, IMHO.
>  
> 2. Editorial
> 1) Section titles:
> Sec 3: Security Overview of DHCPv6
> Sec 4: Secure DHCPv6 Overview
> They are kind of close at the first glance.
> Suggestion:
> s/Sec 4: Secure DHCPv6 Overview/Sec 4: Secure DHCPv6 Mechanism Overview/
>  
> 2) Add a section of Terminology
> There are some terms that are not well-known to the readers. It would be clearer if a section of Terminology could define them before using.
> For example:
> CA; leap of faith mode; TSlast; RDlast; TSnew; RDnew; drift; etc.
>  
> 3) Sec 3, 2nd paragraph (and followed paras)
> Unnecessary indentation
>  
> 4) Sec 4, 3rd para
>   In this document, we introduce a public key option, a certificate
>   option and a signature options with a corresponding verification
>   mechanism.
> s/a signature options/a signature option/
>  
> 5) Sec 4.1, bullet 1
>   A second option is defined to carry the certificate.
> s/A second option/Another option/
> Note: “A second option” reads like the two options are kind of linked to each other. But from the description, the two options should not appear at the same time.
>  
> 6) Sec 5.1
>  0                   1                   2                   3
>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |     OPTION_Public_Key         |         option-len            |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
> .                Public Key (variable length)                   .
> .                                                               .
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> s/OPTION_Public_Key/OPTION_PK_PARAMETER/
>  
> 7) Sec 5.2
>  0                   1                   2                   3
>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |    OPTION_Certificate         |         option-len            |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |                                                               |
> .                Public Key (variable length)                   .
> .                                                               .
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> s/OPTION_Certificate/OPTION_CERT_PARAMETER/
>  
> 8) Sec 6.2, the last para
>    A Relay-forward or Relay-reply message with any Public Key,
>    Certificate or the Signature option is invilad.  The message SHOULD
>    be discarded silently.
> s/invilad/invalid/
> Use MUST instead of SHOULD?
>  
> 9) Sec 6.3, 1st para
>    Actually, be definition in
>    this document, relay agents MUST NOT add any secure DHCPv6 options.
> 10) Sec 6.4, bullet 2
>    o  The time stamp in the last received and accepted DHCPv6 message. 
>       This is called TSlast. 
> s/time stamp/timestamp/
>  
> 11) Sec 7, 3rd para
>    The Secure DHCPv6 mechanism is based on the pre-condition that the
>    recipient knows the public key of senders or the sender’s certificate
>    can be verified through a trust CA.
> s/through a trust CA/through a trusted CA/
>  
>  
> 12) Sec 7, Page 14
>    However, the two communciating nodes can be synchronized is out of
>    scope of this work.
> s/the two/how the two/
> s/communciating nodes/communicating nodes/
>  
> Best Regards,
> Qi

v2.23.0 | Report a Bug | By Email