Re: [dhcwg] questions about DHCPv6 authentication

Christian Strauf <> Thu, 17 June 2004 11:14 UTC

Received: from ( []) by (8.9.1a/8.9.1a) with ESMTP id HAA19406; Thu, 17 Jun 2004 07:14:43 -0400 (EDT)
Received: from localhost.localdomain ([] by with esmtp (Exim 4.32) id 1Bauez-00087b-AH; Thu, 17 Jun 2004 07:02:21 -0400
Received: from ([] by with esmtp (Exim 4.32) id 1BauYQ-0005Un-5Q for; Thu, 17 Jun 2004 06:55:34 -0400
Received: from ietf-mx ( []) by (8.9.1a/8.9.1a) with ESMTP id GAA17776 for <>; Thu, 17 Jun 2004 06:55:31 -0400 (EDT)
Received: from ([] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BauYL-0002HF-0y for; Thu, 17 Jun 2004 06:55:29 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BauXB-0001o3-00 for; Thu, 17 Jun 2004 06:54:18 -0400
Received: from ([]) by ietf-mx with esmtp (Exim 4.12) id 1BauW9-0001OM-00 for; Thu, 17 Jun 2004 06:53:14 -0400
Received: by (Postfix, from userid 1000) id 08F6B27466; Thu, 17 Jun 2004 12:53:18 +0200 (CEST)
Date: Thu, 17 Jun 2004 12:53:18 +0200
From: Christian Strauf <>
Subject: Re: [dhcwg] questions about DHCPv6 authentication
Message-ID: <>
References: <>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.6i
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
X-Mailman-Version: 2.1.5
Precedence: list
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>

Excuse possible dupes, I had trouble with my mailer.


> 1. the RFC says in as follows:
> Sending Information-request Messages
>     If the server has selected a key for the client in a previous message
>     exchange (see section, the client MUST use the same key to
>     generate the authentication information throughout the session.
>   I don't really understand this part...does this assume a separate
>   Solicit-Advertise (or Reply if rapid-commit option is used?)
>   exchanges to negotiate the key?  If so, what if the server and/or
>   the client only implement the "stateless" subset described in
>   RFC3736?  Note that RFC3736 says:
>     Authenticated DHCP, as described in
>     sections 21 and 22.11 of the DHCP specification [1], can be used to
>     avoid attacks mounted through the stateless DHCP service.
>   I read this to mean that Authenticated DHCP can be used for
>   implementations only support RFC3736.  But how can such
>   implementations select the key without the "previous message
>   exchange"?
the key distribution is done out-of-band, as stated in section 21.4.3.
Therefore, no inital exchange for key distribution is necessary. The way I
understand this section is that clients must keep using the same key they've
been using for any previous message exchange that included an authentication
option. Stateless DHCPv6 clients are free to use authentication options with
pre-shared keys the same way that RFC3315 clients do.

> 2. RFC3315 says in Section 21.4.2 (Message Validation) that
>      If the MAC
>      computed by the receiver does not match the MAC contained in the
>      authentication option, the receiver MUST discard the DHCP message.
>    It seems to me this part of the specification some other parts of
>    Section 21.4:
>    2-1) in Section, the RFC allows the client to respond to
>         an Advertise even if it fails on authentication:
>           Client behavior, if no Advertise messages include authentication
>         information or pass the validation test, is controlled by local
>         policy on the client.  According to client policy, the client MAY
>         choose to respond to an Advertise message that has not been
>         authenticated.
>         Doesn't this contradict with Section 21.4.2?
Yes, partly. I think the part that is contradictory is "[...] or pass the
validation test [...]". This section clearly -- as you correctly identified in
my eyes -- contradicts the quoted part of 21.4.2 above. I agree that a failed
validation test is very critical and should not be open to local policy (i.e.
no responses to these advertise messages should be made by the client in any

The other part ("[...] no Advertise messages include authentication information
[...]") may indeed be a matter of local policy.

>    2-2) this can be a more serious issue.  The RFC says in Section
> that:
>           If the Reply
>           fails to pass the validation test, the client MUST restart the DHCP
>           configuration process by sending a Solicit message.
>         Doesn't this contradict with Section 21.4.2?  Moreover, it
>         seems to me that restarting the configuration process in this
>         case can open up a possibility of DoS attack.  What is the
>         background of this specification?
I think that it doesn't contradict section 21.4.2 but as a matter of fact is a
logical consequence if validation tests fail. However, I agree 100% that this
is a potentially dangerous behaviour because it can be used for DoS attacks on
servers and clients. I think that this deserves to be addressed in the Security
Considerations section because appropriate timeouts or similar should be in
place to prevent this kind of attack by malicious hosts that send malformed
replies that will fail validation tests.

> Any hints or answers would be highly appreciated.  Thanks in advance,
I hope that you find my comments useful.


dhcwg mailing list