[dhcwg] dhcpv6-24: Reconfigure

Thomas Narten <narten@us.ibm.com> Wed, 15 May 2002 17:17 UTC

Received: from optimus.ietf.org (ietf.org [] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA14083 for <dhcwg-archive@odin.ietf.org>; Wed, 15 May 2002 13:17:53 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA14033 for dhcwg-archive@odin.ietf.org; Wed, 15 May 2002 13:18:06 -0400 (EDT)
Received: from optimus.ietf.org (localhost []) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA13262; Wed, 15 May 2002 13:07:24 -0400 (EDT)
Received: from ietf.org (odin []) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA13237 for <dhcwg@ns.ietf.org>; Wed, 15 May 2002 13:07:23 -0400 (EDT)
Received: from cichlid.adsl.duke.edu (cichlid.adsl.duke.edu []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA13574 for <dhcwg@ietf.org>; Wed, 15 May 2002 13:07:07 -0400 (EDT)
Received: from cichlid.adsl.duke.edu (narten@localhost) by cichlid.adsl.duke.edu (8.11.6/8.11.6) with ESMTP id g4FH5vq02245 for <dhcwg@ietf.org>; Wed, 15 May 2002 13:05:57 -0400
Message-Id: <200205151705.g4FH5vq02245@cichlid.adsl.duke.edu>
To: dhcwg@ietf.org
Date: Wed, 15 May 2002 13:05:57 -0400
From: Thomas Narten <narten@us.ibm.com>
Subject: [dhcwg] dhcpv6-24: Reconfigure
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: <dhcwg.ietf.org>
X-BeenThere: dhcwg@ietf.org

One IESG member has asked:

> 19. DHCP Server-Initiated Configuration Exchange

> reconfigure messages provide such a wonderful opportunity for
> attack.  and they are sent unicast "using an IPv6 unicast address
> of sufficient scope belonging to the DHCP client."

> possibly, the server could have intially provided a nonce that the
> client retains for validation.  but this precludes redundant server
> setups etc.

My response:

An interesting suggestion. Actually, it may not preclude this.  The
idea behind the Reconfigure is that the server that has state about
clients sends unicast Reconfigures to that client. It is not intended
to be used to allow any old DHC server to prod a client. So requiring
that the server also include a nonce may be OK. 
Question to the WG: should this be added? It would add some additional
defense against improper Reconfigure.


dhcwg mailing list