[dhcwg] Review of draft-ietf-dhc-sedhcpv6-01
Qi Sun <sunqi.csnet.thu@gmail.com> Thu, 03 April 2014 09:28 UTC
Return-Path: <sunqi.csnet.thu@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AAF81A008E for <dhcwg@ietfa.amsl.com>; Thu, 3 Apr 2014 02:28:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.018
X-Spam-Level:
X-Spam-Status: No, score=-1.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v9dnMGOctd5z for <dhcwg@ietfa.amsl.com>; Thu, 3 Apr 2014 02:28:03 -0700 (PDT)
Received: from mail-pb0-x233.google.com (mail-pb0-x233.google.com [IPv6:2607:f8b0:400e:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id EF9D61A00DB for <dhcwg@ietf.org>; Thu, 3 Apr 2014 02:27:57 -0700 (PDT)
Received: by mail-pb0-f51.google.com with SMTP id uo5so1565925pbc.38 for <dhcwg@ietf.org>; Thu, 03 Apr 2014 02:27:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:date:message-id:cc:to:mime-version; bh=n5DWTdTZ61bO+y6F67Ztrf1s6kywxGV26CX5ZYosefw=; b=uRgWM0zWs3M9/XeW7sXZPEAX1DaIp+5mwJ5KhdHHsR5aD6fXgCdRjdamekO+CKZ5lj lnwaY7nLpT9ucuoSXxlF+N440AJYQYD1HtCPYWZN4zOd9NHcYFfksa0vxgvjq+Cifelu rWRnp9qskxBzI8nsYzXHXsZ34LAZTKaYHO1stFEXM35OCHAbUZ62rJJ0h1lSlj299kTh o8AtLbEGahWOqFlKtCb6TOtWDrh5YDLwFy42WWALd02hRsDZp2ypIrP0tONHCKMcQMl7 5pTrY/d3tAj/2BoTAB++DAF23ivaGD+7dXB9l9jrzO2wHyjPGJ3tc4yttjHPUX45ozMh h5HA==
X-Received: by 10.68.113.5 with SMTP id iu5mr6142731pbb.60.1396517273908; Thu, 03 Apr 2014 02:27:53 -0700 (PDT)
Received: from sunqideair.lan ([166.111.68.231]) by mx.google.com with ESMTPSA id qh2sm22612114pab.13.2014.04.03.02.27.50 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 03 Apr 2014 02:27:53 -0700 (PDT)
From: Qi Sun <sunqi.csnet.thu@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_018E8CD6-E2D1-40AC-BC54-EF5FDE963B10"
Date: Thu, 03 Apr 2014 17:27:47 +0800
Message-Id: <0608491B-C35F-4145-BD3D-A3D766A5A3E4@gmail.com>
To: "<dhcwg@ietf.org>" <dhcwg@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/94ibZGmTp_zC69z44JlMrBbYCME
Cc: draft-ietf-dhc-sedhcpv6@tools.ietf.org
Subject: [dhcwg] Review of draft-ietf-dhc-sedhcpv6-01
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 09:28:08 -0000
Hi all, I volunteered to review the document. Here are my comments (sorry if some of them have been discussed). But most are editorial. 1. Technical 1) About the Signature Option a) Different description of Signature Option: Sec 5.3: "It protects the entire DHCPv6 header and options, except for the Authentication Option.” Sec 6.1: "It protects the message header and the message payload and all DHCPv6 options except for the Signature option itself and the Authentication Option.” b) As is described above, Signature option does not protect itself including the timestamp which will be used to judge the message's validity. It means attackers can change the timestamp without destroying the signature. So attackers changes the timestamp of message, then the recipient will inspect the signature which is "correct" despite the change of the timestamp. This might cause a replay attack. 2) Inequality on the bottom of Page 12 "TSnew + fuzz > TSlast + (RDnew - RDlast) x (1 - drift) - fuzz" What if RDnew < RDlast, maybe caused by a bad clock? In this case, the inequality holds (so that the message is accepted) but there might be something wrong. For the security reason, it would be better to drop the message, IMHO. 2. Editorial 1) Section titles: Sec 3: Security Overview of DHCPv6 Sec 4: Secure DHCPv6 Overview They are kind of close at the first glance. Suggestion: s/Sec 4: Secure DHCPv6 Overview/Sec 4: Secure DHCPv6 Mechanism Overview/ 2) Add a section of Terminology There are some terms that are not well-known to the readers. It would be clearer if a section of Terminology could define them before using. For example: CA; leap of faith mode; TSlast; RDlast; TSnew; RDnew; drift; etc. 3) Sec 3, 2nd paragraph (and followed paras) Unnecessary indentation 4) Sec 4, 3rd para In this document, we introduce a public key option, a certificate option and a signature options with a corresponding verification mechanism. s/a signature options/a signature option/ 5) Sec 4.1, bullet 1 A second option is defined to carry the certificate. s/A second option/Another option/ Note: “A second option” reads like the two options are kind of linked to each other. But from the description, the two options should not appear at the same time. 6) Sec 5.1 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_Public_Key | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . Public Key (variable length) . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ s/OPTION_Public_Key/OPTION_PK_PARAMETER/ 7) Sec 5.2 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | OPTION_Certificate | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . Public Key (variable length) . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ s/OPTION_Certificate/OPTION_CERT_PARAMETER/ 8) Sec 6.2, the last para A Relay-forward or Relay-reply message with any Public Key, Certificate or the Signature option is invilad. The message SHOULD be discarded silently. s/invilad/invalid/ Use MUST instead of SHOULD? 9) Sec 6.3, 1st para Actually, be definition in this document, relay agents MUST NOT add any secure DHCPv6 options. 10) Sec 6.4, bullet 2 o The time stamp in the last received and accepted DHCPv6 message. This is called TSlast. s/time stamp/timestamp/ 11) Sec 7, 3rd para The Secure DHCPv6 mechanism is based on the pre-condition that the recipient knows the public key of senders or the sender’s certificate can be verified through a trust CA. s/through a trust CA/through a trusted CA/ 12) Sec 7, Page 14 However, the two communciating nodes can be synchronized is out of scope of this work. s/the two/how the two/ s/communciating nodes/communicating nodes/ Best Regards, Qi