IETF Logo Mail Archive

Re: [dhcwg] more thoughts about draft-ietf-dhc-sedhcpv6-02.txt

Sten Carlsen <stenc@s-carlsen.dk> Thu, 26 June 2014 17:00 UTC

Return-Path: <stenc@s-carlsen.dk>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62FAB1B2C04 for <dhcwg@ietfa.amsl.com>; Thu, 26 Jun 2014 10:00:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.892
X-Spam-Level:
X-Spam-Status: No, score=-0.892 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DK=1.009, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JVWm8uvponIn for <dhcwg@ietfa.amsl.com>; Thu, 26 Jun 2014 10:00:43 -0700 (PDT)
Received: from mail2.s-carlsen.dk (0134100024.0.fullrate.dk [90.185.128.210]) by ietfa.amsl.com (Postfix) with ESMTP id CB96C1B2BF9 for <dhcwg@ietf.org>; Thu, 26 Jun 2014 09:48:40 -0700 (PDT)
Received: from [10.215.18.70] (0x3e2c8647.mobile.telia.dk [62.44.134.71]) by mail2.s-carlsen.dk (Postfix) with ESMTPA id 1BA701A9D6; Thu, 26 Jun 2014 18:48:07 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Sten Carlsen <stenc@s-carlsen.dk>
X-Mailer: iPhone Mail (11D201)
In-Reply-To: <201406261611.s5QGBBl8086343@givry.fdupont.fr>
Date: Thu, 26 Jun 2014 18:47:59 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <0285FA77-8314-4909-A69B-60296423D4F8@s-carlsen.dk>
References: <201406261611.s5QGBBl8086343@givry.fdupont.fr>
To: Francis Dupont <Francis.Dupont@fdupont.fr>
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/-JeeW7H3QcL5z9DUCBh4Y-xpnao
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] more thoughts about draft-ietf-dhc-sedhcpv6-02.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 17:00:44 -0000


> On 26 Jun 2014, at 18:11, Francis Dupont <Francis.Dupont@fdupont.fr> wrote:
> 
> In your previous mail you wrote:
> 
>>> => to make timestamps more efficient for security you have to allow only
>>> small drift, so a pre-synchronization procedure should help to solve
>>> the unsecure/large vs secure/hard-to-implement drift. 
>> To me it seems that a pre-synchronisation procedure is a great help for
>> intruders?
> 
> => I can't see why you say that or do you mean timestamps have another
> role than anti-replay?
My point is that giving the attacker the means to synchronise the replay attack with the target will give replay attacks a considerable time window in which to play.

> 
>> Now you can make sure the target is in time sync with the attack just by
>> synchronising with it first, really opens the window for attacks.
> 
> => which attacks? messages are signed so a synchronized attacker has
> no advantages...
If signing messages in itself protects against replays, why bother with synchronising time?
> 
> Regards
> 
> Francis.Dupont@fdupont.fr

v2.23.0 | Report a Bug | By Email