Re: [dhcwg] AD Evaluation: draft-ietf-dhc-sedhcpv6
神明達哉 <jinmei@wide.ad.jp> Fri, 10 July 2015 17:17 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38F971B2A6B; Fri, 10 Jul 2015 10:17:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q7dfwBiXyJbT; Fri, 10 Jul 2015 10:17:02 -0700 (PDT)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14F661B2A5E; Fri, 10 Jul 2015 10:17:02 -0700 (PDT)
Received: by ykee186 with SMTP id e186so68237016yke.2; Fri, 10 Jul 2015 10:17:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=xQEBVQ8WeNPXvlOinmJNhJ7KZM8jETTFP6n40FzlsYg=; b=bGstPkghK8p+fYUS98ctoFZ2UmVqkXXzePVNFZD1Me8gHF186EM3UshM1EiHMVlV7D s6R0OCGlO6DW2clDNFg7ifiDP8B7qEYMTHq+uP+W/XrjBBHZ7Kr6Tsxoz124wgQjAPS2 b8oE3b89AZ7kB6X7S8FU7Z5jAUFAXi3ga/IhoLCjxXj3WJXNNP3+IyJXF2aaZQx03O5v HQhXWiUHwa4R6LlNgdmO99CuE2xQktLR962Gxm2RZcMeboNwNki5QZyZy4cYkTL0A6lt dyO0OF9Ha4WUhY+D/2lRdyNprsPZbmT4LMS/XEgkyYCKD0WuIAFMg/ltEOJOBXOEv5wZ MG/Q==
MIME-Version: 1.0
X-Received: by 10.170.112.17 with SMTP id e17mr24738396ykb.57.1436548621347; Fri, 10 Jul 2015 10:17:01 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.37.48.131 with HTTP; Fri, 10 Jul 2015 10:17:01 -0700 (PDT)
In-Reply-To: <559FE144.8040607@innovationslab.net>
References: <559FE144.8040607@innovationslab.net>
Date: Fri, 10 Jul 2015 10:17:01 -0700
X-Google-Sender-Auth: auzteKuCaAEKt4roJXXrBYRfqO8
Message-ID: <CAJE_bqckHAROfqMt3V+EKew+j4gTXOs8YZ4xhBaexKG3paA4rg@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Brian Haberman <brian@innovationslab.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/7q2dSUWHWvHFLdG6QTdwQ51tOW8>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, draft-ietf-dhc-sedhcpv6.notify@ietf.org
Subject: Re: [dhcwg] AD Evaluation: draft-ietf-dhc-sedhcpv6
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jul 2015 17:17:04 -0000
At Fri, 10 Jul 2015 11:14:12 -0400, Brian Haberman <brian@innovationslab.net> wrote: > I have performed an initial review of draft-ietf-dhc-sedhcpv6 as a > part of the publication process. As a heads up, I have also solicited a > security-related review that should be available by the Prague meeting. > > The following comments/questions came up during my review. Thanks for the careful read and detailed review. I'm responding to a few selected points... > 1. General > > * While I see the benefit of TOFU in certain settings (e.g., enterprise > networks), I am skeptical of how well that will work in a wireless > hot-spot setting (e.g., Starbucks). An attacker sitting at the table > next to me will have the advantage of low RTT in order to become the > "trusted" server. The draft should provide more guidance on how TOFU > should/could be applied in this context. TOFU won't be a good choice for scenarios like a public wifi at a cafe. An earlier version of the draft attempted to discuss the applicability matters in a bit more detail: https://tools.ietf.org/html/draft-ietf-dhc-sedhcpv6-06#section-7 but, after a long follow-up discussion in the wg, we decided to remove such considerations. That was partly because the proposed deployment discussion was largely speculative and it looked less likely that we could get an agreed view as a group in the wg. Also, some wg members rather preferred to just define the protocol and leave how to deploy it to people implementing and deploying it. I'm not sure if it was a "wg consensus" as not many people spoke up, but it looked it was only me who wanted to include such discussions. In the end, we decided to remove most of these considerations and shipped it. Knowing this background history, I'm not sure if we can now agree on re-introducing (with possibly revising) the removed discussions, let alone on specific text about it. But I'll see other wg members' opinions at the moment... > * I am very concerned about the lack of discussion of *how* a PKI will > function in this approach. [...] At a minimum, I would like to > see a section that discusses some of these limitations in detail. I >cannot say how the security ADs will react to this approach though. I guess this is a variant of the previous point. I'm pessimistic about the possibility of even getting a consensus on including such a discussion, but if these concerns are going to be a blocking issue, the only alternative is to drop the draft entirely, which is not good either. So we might be able to come up with some kind of concession. If the "minimum" approach is acceptable for the IESG, that may be one realistic possibility. > * I think the document as a whole would benefit from the inclusion of a > state diagram in order to ensure that all the possible scenarios and > message processing descriptions are complete. > > 2. I see the following text in Section 4: > > A trust relationship for a public key can be the result either of a > Trust-on-first-use (TOFU) policy, or a list of trusted keys > configured on the recipient. > > How is a list of trusted keys any different than a set of > pre-established secret keys? In other words, would that approach be any > different than the status-quo? In my understanding it's certainly different but quite subtle: https://mailarchive.ietf.org/arch/msg/dhcwg/wPM0csdxm8XZ_h203OWjgsQGZPg Others seemed to have other ideas on such differences (see the thread, warning: it's very long:-). My hope was to understand what it is and include the result in the draft, but, in the end, I failed even to understand what the difference is. Whether or not to include it in a revised version of this draft, it would be nice if I can understand it this time in this discussion. But, again, I'll see what others think about this at the moment. -- JINMEI, Tatuya
- [dhcwg] AD Evaluation: draft-ietf-dhc-sedhcpv6 Brian Haberman
- Re: [dhcwg] AD Evaluation: draft-ietf-dhc-sedhcpv6 神明達哉
- Re: [dhcwg] AD Evaluation: draft-ietf-dhc-sedhcpv6 Ted Lemon
- Re: [dhcwg] AD Evaluation: draft-ietf-dhc-sedhcpv6 Brian Haberman
- Re: [dhcwg] AD Evaluation: draft-ietf-dhc-sedhcpv6 Brian Haberman
- Re: [dhcwg] AD Evaluation: draft-ietf-dhc-sedhcpv6 神明達哉