Re: [dhcwg] DHCP and DHCPv6 options for LWM2M services

Ted Lemon <mellon@fugue.com> Tue, 10 January 2017 17:01 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 825E9129D40 for <dhcwg@ietfa.amsl.com>; Tue, 10 Jan 2017 09:01:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id asHuT4FilJCh for <dhcwg@ietfa.amsl.com>; Tue, 10 Jan 2017 09:01:14 -0800 (PST)
Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA34E129D3F for <dhcwg@ietf.org>; Tue, 10 Jan 2017 09:01:13 -0800 (PST)
Received: by mail-qt0-x233.google.com with SMTP id l7so122226215qtd.1 for <dhcwg@ietf.org>; Tue, 10 Jan 2017 09:01:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=x61ojiCQBpUfnKZbiSSZiBaTT9NEhBZ+p5Kl+z82mic=; b=SreSTop3Ke0goSE5W7IojPZbnOaHzNH8E2w55aYf+qG4vGwRN+hu3KrJQHe0hnNprc FifLHGioOIpI7BK1txSIbhsy+Gg1Qwx0e1yN4Ftynedeb/FB8orxhz1V6LHcyNVzD50U UbBZJX8CUQl8/mpDeCOhoyrRwBxpZR4bhE3TpZ+hyDi7s30GTuAipsmvQs+oArp6/djU hnIPGygRpz4FxnEE+giEPtvIrr9vpnyZkELkFb5MEqNs8NJdXHE88JuItzPTsa6xY7fS k1phWNaZBmqFrZaxja0Bfm1L3Vq0x7Zgr3Ui4KravOyw45KvN5f17AXpQlstVn5DpeXq AGlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=x61ojiCQBpUfnKZbiSSZiBaTT9NEhBZ+p5Kl+z82mic=; b=rT4dffKj13a2ud8S7ujvXJys4A7yZtQnCS4ImUYvhbAz+hXn5rWyieetJpOHWlPCze fbt2Qv+LFlP8I0MHBgZhWmrb0br7Uh48LqQPEgRLcozZxFpfCRrE1TZ0I3HBjwWbVRWx P3tDHw9YqDSiDOZJwTNVwcqpI96gZR++PV0Jka9UO63OENxc4PHFTRj+LwyuyAvKgNm+ NFfYXrPfys7zkgfJX6OPM7X5TDkFGBVpMeldX1PjZWwwEhxNXMAmxCnogCzGbewngtI/ tHXqMk22uQ8IKi41kLy7MBdmHcZoG8CHh8bfwp5g1Z4/PGJXwMLRK1YUF8tdASipjp// v4Aw==
X-Gm-Message-State: AIkVDXIOPMcTri8b+2pNAjrhs67aFx3sxDeOn9PDsLVDrasYFZ+/2M1cz5NxkJH78XZquQ==
X-Received: by 10.200.56.196 with SMTP id g4mr3973965qtc.71.1484067672936; Tue, 10 Jan 2017 09:01:12 -0800 (PST)
Received: from [192.168.1.228] (c-73-167-64-188.hsd1.ma.comcast.net. [73.167.64.188]) by smtp.gmail.com with ESMTPSA id k71sm1804468qke.47.2017.01.10.09.01.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Jan 2017 09:01:11 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <1C7BFF93-52A1-40D2-9367-DFA9C3CDDB6B@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_2554EF20-71D2-4CA0-935C-09099709A101"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Tue, 10 Jan 2017 12:01:10 -0500
In-Reply-To: <8382A4BB-303D-468D-9453-1A426096FAAE@thehobsons.co.uk>
To: Simon Hobson <dhcp1@thehobsons.co.uk>
References: <HE1PR0701MB191453938CCDD842F97014F3DE640@HE1PR0701MB1914.eurprd07.prod.outlook.com> <0827A698-2AF7-4D16-87BE-A86BC8E44C63@fugue.com> <HE1PR0701MB1914138E2293BA8C976DC9C2DE670@HE1PR0701MB1914.eurprd07.prod.outlook.com> <8382A4BB-303D-468D-9453-1A426096FAAE@thehobsons.co.uk>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/6WUo0pIwaMIW6kN0N-vhYd4Zm3E>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] DHCP and DHCPv6 options for LWM2M services
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 17:01:15 -0000

On Jan 10, 2017, at 3:06 AM, Simon Hobson <dhcp1@thehobsons.co.uk>; wrote:
> I can see the use case, but now you validating the information being provided ... using a certificate provided by an untrusted source.
> Thus, if someone has enough access to redirect your devices to use their server, they probably have enough access to provide the fake certificate to make their server trusted. I'm assuming this is what Ted was alluring to.

Yes, this is exactly what I was alluring to.   :)