Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-clarify-auth-00
JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp> Mon, 26 July 2004 09:15 UTC
Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA10278; Mon, 26 Jul 2004 05:15:25 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Bp1Yf-0004iM-EA; Mon, 26 Jul 2004 05:14:09 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Bp1VJ-0004Dz-P1 for dhcwg@megatron.ietf.org; Mon, 26 Jul 2004 05:10:42 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA10160 for <dhcwg@ietf.org>; Mon, 26 Jul 2004 05:10:39 -0400 (EDT)
Received: from shuttle.wide.toshiba.co.jp ([202.249.10.124]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1Bp1Wc-0002YP-OA for dhcwg@ietf.org; Mon, 26 Jul 2004 05:12:06 -0400
Received: from ocean.jinmei.org (unknown [3ffe:501:100f:1048:7d91:64be:e17:f09d]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id 471731525D; Mon, 26 Jul 2004 18:10:35 +0900 (JST)
Date: Mon, 26 Jul 2004 18:10:35 +0900
Message-ID: <y7vzn5nkub8.wl@ocean.jinmei.org>
From: JINMEI Tatuya / 神明達哉 <jinmei@isl.rdc.toshiba.co.jp>
To: Stig Venaas <Stig.Venaas@uninett.no>
Subject: Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-clarify-auth-00
In-Reply-To: <20040720145508.GL29655@sverresborg.uninett.no>
References: <1090333421.11056.266.camel@localhost> <20040720145508.GL29655@sverresborg.uninett.no>
User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI)
Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen")
Content-Type: text/plain; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: dhcwg@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
>>>>> On Tue, 20 Jul 2004 16:55:08 +0200, >>>>> Stig Venaas <Stig.Venaas@uninett.no> said: > The server MUST record the identifier of the key selected for the > client so that it can validate further Information-request > messages from the client if the client reuses the same key for the > future exchanges. > I must confess I haven't looked much at DHCP authentication, but I think > it's nice to prevent per-client state for "stateless" (RFC3736) DHCP > servers if possible. > Wouldn't it be possible to pass some sort of key id to the client, > which the client can include in future exchanges? The server could > perhaps have a fixed mapping between key id's and keys, and based > on the id, the server knows which key to use. I'm not sure if you > see what I mean, but my idea is if possible to keep the necessary > state in the clients rather than the servers. Might this be > possible? Or would there be security problems? This might be implementation-dependent, but I guess it will work if we do not have to worry about replay attacks; it is obvious we need per-client/server state to implement replay detection. > Using assymetric crypto one could easily have just one fixed key > for all messages sent by the client. But I guess that might make > the server vulnerable to DoS attacks. I'm not sure why you mention the asymmetric crypto case, but the current authentication mechanism defined for DHCPv6 does not use asymmetric crypto. > For stateless I think it's generally enough to authenticate the DHCP > server. In most cases I don't think it's important to guard against > replay, or to authenticate the client. That could perhaps simplify > the security mechanism. It's relatively easy to guard against replay > anyway though. On the one hand, I see and tend to agree that it's nice to prevent per-client state for "stateless" DHCP. On the other hand, we should be very careful when we are going to justify something that could introduce weaker security. While the current main usage for stateless DHCP is client independent, the specification leaves the possibility for per-client configuration (otherwise, we could have prohibited including the client identifier option in Information-request in the first place). Regarding replay attacks, the client might want to minimize the possibility of receiving a replayed reply to Information-request that contains a very small lifetime in the lifetime option. Perhaps a possible compromise would be something like this: - loosen the "MUST record the per-client state" to SHOULD - allow (using MAY) the server to not record the state when replay attacks can be ignored and it is acceptable that Information-request is always non-authenticated What do you think? JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-clari… Christian Strauf
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… Stig Venaas
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… JINMEI Tatuya / 神明達哉
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… JINMEI Tatuya / 神明達哉
- RE: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… Bernie Volz
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… JINMEI Tatuya / 神明達哉
- Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-c… JINMEI Tatuya / 神明達哉