[dhcwg] dhcpv6-24: Security considerations

Thomas Narten <narten@us.ibm.com> Wed, 15 May 2002 17:18 UTC

Received: from optimus.ietf.org (ietf.org [] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA14123 for <dhcwg-archive@odin.ietf.org>; Wed, 15 May 2002 13:18:34 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id NAA14056 for dhcwg-archive@odin.ietf.org; Wed, 15 May 2002 13:18:44 -0400 (EDT)
Received: from optimus.ietf.org (localhost []) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA13378; Wed, 15 May 2002 13:09:31 -0400 (EDT)
Received: from ietf.org (odin []) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id NAA13351 for <dhcwg@ns.ietf.org>; Wed, 15 May 2002 13:09:29 -0400 (EDT)
Received: from cichlid.adsl.duke.edu (cichlid.adsl.duke.edu []) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA13665 for <dhcwg@ietf.org>; Wed, 15 May 2002 13:09:15 -0400 (EDT)
Received: from cichlid.adsl.duke.edu (narten@localhost) by cichlid.adsl.duke.edu (8.11.6/8.11.6) with ESMTP id g4FH82402270 for <dhcwg@ietf.org>; Wed, 15 May 2002 13:08:02 -0400
Message-Id: <200205151708.g4FH82402270@cichlid.adsl.duke.edu>
To: dhcwg@ietf.org
Date: Wed, 15 May 2002 13:08:02 -0400
From: Thomas Narten <narten@us.ibm.com>
Subject: [dhcwg] dhcpv6-24: Security considerations
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: <dhcwg.ietf.org>
X-BeenThere: dhcwg@ietf.org

Review comments on some security  aspects:

> 21. Authentication of DHCP messages

> the replay detection method, which only requires a monotonically
> increasing value, seems trivial to spoof.  and the main auth
> method, delayed authentication, relies on distribution of
> preconfigured shared keys, yet 21.5.4 provides no key roll-over
> mechanism (attack by ex-employee), and admits to not scaling well
> and not supporting roamers.  none of these issues are mentioned in
> the security section.

Makes sense to me.

> 23. Security Considerations

> should this not discuss where section 21 is weak?

yes, or point to the text that does.


dhcwg mailing list