Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt
yogendra pal <jntupal@gmail.com> Wed, 19 October 2016 19:01 UTC
Return-Path: <jntupal@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE6F71299D9 for <dhcwg@ietfa.amsl.com>; Wed, 19 Oct 2016 12:01:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iv85HUpHNHcq for <dhcwg@ietfa.amsl.com>; Wed, 19 Oct 2016 12:01:03 -0700 (PDT)
Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C5301299CE for <dhcwg@ietf.org>; Wed, 19 Oct 2016 12:00:52 -0700 (PDT)
Received: by mail-lf0-x22d.google.com with SMTP id b81so38566978lfe.1 for <dhcwg@ietf.org>; Wed, 19 Oct 2016 12:00:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=AN6+7jp6VLfwpvAzT+aeUnW73gfUdIOW22ZHd624rFw=; b=ST39JB2ycOJb3sOU7dMwIMkohmCf/Q+6+CAM937dd0Dp4yG/GOmMHMPwzYuEMFynv6 AkKKPkonaesYBkpirxYTi4A3SByMkR8xij4Yx1iJ/Z2emfs7EZtuDsIF6pzEFYX5Mbz/ 7nJ2k9DFiXuBNnTEjY2yF+m+9xgir8YATLhxoQ0eXuHSFkwna49X3wrLiG0i/5rwwx66 /EwCADjFgY79nMd9sVJoGJ72zBVx7aWTTRnezcUPER6/1CrcCi97Gr3SuWeyyn+vPEZm xyn/oobtasNTxdnwCOvOTXMLj0R750R3lEkTvIHn58cV4FAzGXstajRbt2risZq3Giga 7WZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=AN6+7jp6VLfwpvAzT+aeUnW73gfUdIOW22ZHd624rFw=; b=Z84Y0on+J61A5xFc0A/YWtT2p3A77Rt/niSfetqGeKs38Yv90ocpAeqiePL/ug4epH GaXz9HvoUcPzZxCSpMFnJ7ws0IT9pvCbk/TUSeJync6BWptom4Z2ds+x50fo5ZbaU2yp HB2S3LvXWUbo4Ud52Q9s/1LmHOHHImwjjzOgsSG+VFj3ApmxRc4ZJ3gt1ZCkTkBOGiAK WrfxyopGg/Li8e2o3dnS9BRzMJ7eejGYV3jGd1Ru9BrmnHqAvYLwmasLKrQeT7XE/cy+ po6uNEsibRHkOweMzlJwQ+Wg78JqGtwUIeef/cvho/EBpBdqH7zI+ASDcwHZT64B2rQB upOg==
X-Gm-Message-State: AA6/9Rnlvz7sz8HjtkJ4oTydOVvgMCNXStPocSdK2IANaS/DmDhmTriDTHU9EdO06YVDOJNd+1p+4+9k4h6hTA==
X-Received: by 10.28.232.23 with SMTP id f23mr6371697wmh.125.1476903648365; Wed, 19 Oct 2016 12:00:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.172.194 with HTTP; Wed, 19 Oct 2016 12:00:47 -0700 (PDT)
In-Reply-To: <ed09c191c9a24989b38ec3db233e04d1@XCH15-06-08.nw.nos.boeing.com>
References: <147671242179.4527.12337010225582460227.idtracker@ietfa.amsl.com> <7e03afc26a08461e8308d5bdf985bed9@XCH-ALN-003.cisco.com> <ccbfe561da43469e8f894e2235c4b429@XCH15-06-08.nw.nos.boeing.com> <6a8f5646aedb44b5af85d7a45039eb02@XCH-ALN-003.cisco.com> <ed09c191c9a24989b38ec3db233e04d1@XCH15-06-08.nw.nos.boeing.com>
From: yogendra pal <jntupal@gmail.com>
Date: Thu, 20 Oct 2016 00:30:47 +0530
Message-ID: <CA+dB4X4edhyJa+FR8phiJvQqi1wPU+eqsZ4=b4WHL7mFj-Dkgw@mail.gmail.com>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>
Content-Type: multipart/alternative; boundary="001a11466da2541119053f3c6d95"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/6YA3aAC3uhj_pX0AGBuzTfoetiE>
Cc: yogpal@cisco.com, "Bernie Volz (volz)" <volz@cisco.com>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2016 19:01:06 -0000
DHC wg, As a co-author of this draft, I and Bernie believe this document is ready for WGLC. I would request working group chair/AD to call for WGLC on this draft. Best Regards, Yogendra Pal On Tue, Oct 18, 2016 at 2:05 AM, Templin, Fred L <Fred.L.Templin@boeing.com> wrote: > Hi Bernie, > > > -----Original Message----- > > From: Bernie Volz (volz) [mailto:volz@cisco.com] > > Sent: Monday, October 17, 2016 10:17 AM > > To: Templin, Fred L <Fred.L.Templin@boeing.com>; dhcwg@ietf.org > > Subject: RE: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-se > curity-01.txt > > > > Hi: > > > > As stated in Section 3: > > > > While IPsec is not mandated for relay to relay, relay to server, and > > server to relay communication, it is highly recommended unless some > > other security mechanisms are already in place (such as VPN tunnels) > > that protect this potentially sensitive traffic from pervasive > > monitoring and other attacks. > > > > It doesn't mandate anything but highly recommends it. Yes, this is > "weak" and really leaves it for the operator to decide what is > > necessary in their deployment. (One thought is that if someone is able > to get into that part of the network, there is probably a lot > > more that they can do and monitor ... and just protecting they > relay/relay/server communication is only one small piece). > > That being the case, I am good with it. > > Thanks - Fred > fred.l.templin@boeing.com > > > - Bernie > > > > -----Original Message----- > > From: Templin, Fred L [mailto:Fred.L.Templin@boeing.com] > > Sent: Monday, October 17, 2016 12:49 PM > > To: Bernie Volz (volz) <volz@cisco.com>; dhcwg@ietf.org > > Subject: RE: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-se > curity-01.txt > > > > Hi Bernie, > > > > Just so I can understand the intent of this document, if the relay(s) > and server already know that some form of encryption is already in > > use (e.g., if the client and server are using sedhcpv6) then it should > be OK to omit encryption between the Relay and Server. Does this > > draft intend to mandate the use of encryption in all cases? > > > > Thanks - Fred > > > > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg >
- [dhcwg] I-D Action: draft-ietf-dhc-relay-server-s… internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… yogendra pal
- [dhcwg] WGLC on draft-ietf-dhc-relay-server-secur… Tomek Mrugalski
- Re: [dhcwg] WGLC on draft-ietf-dhc-relay-server-s… Bernie Volz (volz)
- [dhcwg] Comments on draft-ietf-dhc-relay-server-s… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Timothy Carlin
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- [dhcwg] WGLC on draft-ietf-dhc-relay-server-secur… Tomek Mrugalski