Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-clarify-auth-00

JINMEI Tatuya / 神明達哉 <> Mon, 26 July 2004 09:15 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id FAA10278; Mon, 26 Jul 2004 05:15:25 -0400 (EDT)
Received: from localhost.localdomain ([] by with esmtp (Exim 4.32) id 1Bp1Yf-0004iM-EA; Mon, 26 Jul 2004 05:14:09 -0400
Received: from ([] by with esmtp (Exim 4.32) id 1Bp1VJ-0004Dz-P1 for; Mon, 26 Jul 2004 05:10:42 -0400
Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id FAA10160 for <>; Mon, 26 Jul 2004 05:10:39 -0400 (EDT)
Received: from ([]) by with esmtp (Exim 4.33) id 1Bp1Wc-0002YP-OA for; Mon, 26 Jul 2004 05:12:06 -0400
Received: from (unknown [3ffe:501:100f:1048:7d91:64be:e17:f09d]) by (Postfix) with ESMTP id 471731525D; Mon, 26 Jul 2004 18:10:35 +0900 (JST)
Date: Mon, 26 Jul 2004 18:10:35 +0900
Message-ID: <>
From: JINMEI Tatuya / 神明達哉 <>
To: Stig Venaas <>
Subject: Re: [dhcwg] Comments on draft-jinmei-dhc-dhcpv6-clarify-auth-00
In-Reply-To: <>
References: <1090333421.11056.266.camel@localhost> <>
User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI)
Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen")
Content-Type: text/plain; charset="US-ASCII"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
X-Mailman-Version: 2.1.5
Precedence: list
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

>>>>> On Tue, 20 Jul 2004 16:55:08 +0200, 
>>>>> Stig Venaas <> said:

> The server MUST record the identifier of the key selected for the
> client so that it can validate further Information-request
> messages from the client if the client reuses the same key for the
> future exchanges.

> I must confess I haven't looked much at DHCP authentication, but I think
> it's nice to prevent per-client state for "stateless" (RFC3736) DHCP
> servers if possible.

> Wouldn't it be possible to pass some sort of key id to the client,
> which the client can include in future exchanges? The server could
> perhaps have a fixed mapping between key id's and keys, and based
> on the id, the server knows which key to use. I'm not sure if you
> see what I mean, but my idea is if possible to keep the necessary
> state in the clients rather than the servers. Might this be
> possible? Or would there be security problems?

This might be implementation-dependent, but I guess it will work if we
do not have to worry about replay attacks; it is obvious we need
per-client/server state to implement replay detection.

> Using assymetric crypto one could easily have just one fixed key
> for all messages sent by the client. But I guess that might make
> the server vulnerable to DoS attacks.

I'm not sure why you mention the asymmetric crypto case, but the
current authentication mechanism defined for DHCPv6 does not use
asymmetric crypto.

> For stateless I think it's generally enough to authenticate the DHCP
> server. In most cases I don't think it's important to guard against
> replay, or to authenticate the client. That could perhaps simplify
> the security mechanism. It's relatively easy to guard against replay
> anyway though.

On the one hand, I see and tend to agree that it's nice to prevent
per-client state for "stateless" DHCP.

On the other hand, we should be very careful when we are going to
justify something that could introduce weaker security.  While the
current main usage for stateless DHCP is client independent, the
specification leaves the possibility for per-client configuration
(otherwise, we could have prohibited including the client identifier
option in Information-request in the first place).  Regarding replay
attacks, the client might want to minimize the possibility of
receiving a replayed reply to Information-request that contains a very
small lifetime in the lifetime option.

Perhaps a possible compromise would be something like this:

- loosen the "MUST record the per-client state" to SHOULD
- allow (using MAY) the server to not record the state when replay
  attacks can be ignored and it is acceptable that Information-request
  is always non-authenticated

What do you think?

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.

dhcwg mailing list