IETF Logo Mail Archive

Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17

神明達哉 <jinmei@wide.ad.jp> Wed, 16 November 2016 17:49 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04BC2129489 for <dhcwg@ietfa.amsl.com>; Wed, 16 Nov 2016 09:49:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8tfa-Vxj0iyI for <dhcwg@ietfa.amsl.com>; Wed, 16 Nov 2016 09:49:03 -0800 (PST)
Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 758F01294BC for <dhcwg@ietf.org>; Wed, 16 Nov 2016 09:49:03 -0800 (PST)
Received: by mail-qk0-x22f.google.com with SMTP id n204so185487798qke.2 for <dhcwg@ietf.org>; Wed, 16 Nov 2016 09:49:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=hvRT+GPfEXiGPvo+O6nOhbO4fz2tC8k4D7xx+GC6CuE=; b=cPuG42IHx3gwEPSrsiuJvG40M15ucuiS5LON5bzNsNaTKiVgQ8DS9Wt4sQ2kH38Bvx twSvNl5izJw3opVVjlme8GEobdgDeAC+LqEujes6alC7XTGNRCk+zi8X8xVrNy6fcfA5 PuclnA4dKji2Z1v1lUmSOm1rvggEmno6ke5W/nEoy7qUo8fcR9cHzGvAno/bErAns6Il rFhIucsCkaD+GHOF+ZuWWtc6Wy8H1mCcjX4OwO2Q7KNBak4+B2hqHoN20D+ZXGDky4pA 20ewPIRjTFyNLJApbRWvO80d8QH1s4KyTXMbBMOTSn8/57sgp+85Fe2k5J9by8VvaiOg O8AA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=hvRT+GPfEXiGPvo+O6nOhbO4fz2tC8k4D7xx+GC6CuE=; b=cIME04JLlnjJMgxbjSf1vTNdB/KOUo7JBYZCR+TnTkyewSw/JGL+KK2bV3DMbgAyg+ AqYUPdFR/LBnJLl9buvPRl5fqby7DLol9RE9yzU0Wf4Xm58y1HretWmZUMvILzjLMVgb 18D3Iu+bigIZiHv/IEdcK4G64sUOftFV/TPEmjBVH7ZcIJy2HA1h1ORU9xNc1rEN3Mwl qrLweEO+ZcEXJyKeMlx34ZHoRY12pjPY4DTswec6CpK0j6TS+koVg5a8YumToeYkBdVg T0mg5pyZEtLStyrjAaNR2i2tMXw61pi6+1SeHWljIx9UE40dYtm2FCyUD1VmJKipx5Mu GTuQ==
X-Gm-Message-State: AKaTC015k033YZnZpVP++sGe9eUyD346OLWEaNH06Lqn8uxnpjjurHuJVKtIizBcvHYAKygnc1IOkYIr34/I+g==
X-Received: by 10.55.20.164 with SMTP id 36mr4542757qku.86.1479318542592; Wed, 16 Nov 2016 09:49:02 -0800 (PST)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.237.53.155 with HTTP; Wed, 16 Nov 2016 09:49:01 -0800 (PST)
In-Reply-To: <CAJ3w4NfS8PKOMHcP5s_Nsp5K5eWJfXWRF-vNEau_ekqTRwE=wA@mail.gmail.com>
References: <CAJE_bqebwr2WUUgaNgiYS4_8L77Gxj4Os+oPRG407B6ELMEhCQ@mail.gmail.com> <CAJ3w4Ndi5Gq63n5kZnanRhLM8nWE2wsWGh0kJJLJnq=VoXLuCg@mail.gmail.com> <CAJE_bqegh1DfWjfK2BxeC_fWa0cEk-KJNP0AT-TQuEa39w_wVQ@mail.gmail.com> <CAJ3w4NdM99nv4C19Xj=aosNme+_Ymyys=xQ3UWUfeZReZC4ckA@mail.gmail.com> <CAJE_bqdhGZnK16MooiyujDgthDNnR74EiwW0OevrN6uq4b4ANw@mail.gmail.com> <CAJE_bqfKUZe2yaW1sAq7rrib0M7wz28HHtPLqCHK=vXcN6amgg@mail.gmail.com> <CAJ3w4Nd3s+ZojjiotLkKwys6truhUgK6F-90UYjcpB9iw=fKKQ@mail.gmail.com> <m2r36nuqvn.wl%jinmei.tatuya@gmail.com> <CAJ3w4NeuNYTrX4p5rtZ6UceD5ydQ-B-vY6aqQzxWnXsrDOEFEA@mail.gmail.com> <CAJE_bqdh-bgk7BHZJnaFFBr3PDj4ZnSSGeGNdQ70F7dv91iQrA@mail.gmail.com> <CAJ3w4NfU9PrC9a+MGnJ=Es1yir_asHB3p1=9GfxZZ0iSe+At+Q@mail.gmail.com> <CAJE_bqfRBYkrniWQ+vtPULTURnvyV792QNGvr8JhhZpGQ0MSdA@mail.gmail.com> <CAJ3w4NerRzHYsRqcUAkAjHX23PYVF4Jv0wKcd33vXRRg+-0EAQ@mail.gmail.com> <CAJ3w4NekPk0TuAZW_jmTDYQHd8JP3GsrA0qrKYrnyqSSk3qwxw@mail.gmail.com> <CAJE_bqc8hkrc3dYefTPWi-mUCtZD+oYsrobCK1KjmVGRnNfMCw@mail.gmail.com> <CAJ3w4NejrFAT3RK7i0W46HkQNJjhPxbhzQiL=3fcrceidTzHNQ@mail.gmail.com> <CAJE_bqcCwZWPHuZ0UR8_jyCUsaTrYKzLD8zUKwChYaCL06yT9A@mail.gmail.com> <CAJ3w4NfS8PKOMHcP5s_Nsp5K5eWJfXWRF-vNEau_ekqTRwE=wA@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Wed, 16 Nov 2016 09:49:01 -0800
X-Google-Sender-Auth: q_DUu0e3ImfqruFuD9TegQ9SYgA
Message-ID: <CAJE_bqfqSXFR9R5wf1USg-zs+nvdohQFq99kQL2DiapXvUdEqA@mail.gmail.com>
To: Lishan Li <lilishan48@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/49505I99nXvKUx4p8eNae4ueaL4>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 17:49:05 -0000

At Wed, 16 Nov 2016 20:17:40 +0800,
Lishan Li <lilishan48@gmail.com> wrote:

> In the before, Bernie proposed the same question. And we made the following
> consensus: The Encrypted-Query and Encrypted-Response message use the same
> transaction-id with the before Information-request and Reply message.

I'm not sure if I fully understand it, but if I understand it I
suspect it doesn't really solve this issue.  Two different clients can
happen to use the same transaction-id for the initial
Information-request and Reply (almost at the same time).  And yet it's
possible that the preference and/or support level of algorithms for
these clients are different and the server uses different algorithms
and different key pairs for these clients.

Now, these clients will then set the same transaction-id in the
subsequent Encrypted-Query message.  So the server can't determine
which previous client (and therefore, algorithm and key) it should
assume sent the message.

Besides, (if I understand it correctly) it's not really a
transaction-id at all anymore - the client will have to keep using the
same transaction-id for all subsequent encrypted-query messages.  In
effect, this now works as a "key ID" (but it's incomplete even in that
sense due to the possible conflicts with other clients as noted
above).  Then why not introduce that concept more explicitly?  Since
we are designing a new protocol we don't have to rely on a hack such
as overloading the existing field (such a trick might be necessary if
we need to provide, e.g., backward compatibility, but that's not the
case here).

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email