IETF Logo Mail Archive

[dhcwg] Review of draft-ietf-dhc-sedhcpv6-01

Qi Sun <sunqi.csnet.thu@gmail.com> Thu, 03 April 2014 09:28 UTC

Return-Path: <sunqi.csnet.thu@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AAF81A008E for <dhcwg@ietfa.amsl.com>; Thu, 3 Apr 2014 02:28:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.018
X-Spam-Level:
X-Spam-Status: No, score=-1.018 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_FACE_BAD=0.981, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v9dnMGOctd5z for <dhcwg@ietfa.amsl.com>; Thu, 3 Apr 2014 02:28:03 -0700 (PDT)
Received: from mail-pb0-x233.google.com (mail-pb0-x233.google.com [IPv6:2607:f8b0:400e:c01::233]) by ietfa.amsl.com (Postfix) with ESMTP id EF9D61A00DB for <dhcwg@ietf.org>; Thu, 3 Apr 2014 02:27:57 -0700 (PDT)
Received: by mail-pb0-f51.google.com with SMTP id uo5so1565925pbc.38 for <dhcwg@ietf.org>; Thu, 03 Apr 2014 02:27:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:date:message-id:cc:to:mime-version; bh=n5DWTdTZ61bO+y6F67Ztrf1s6kywxGV26CX5ZYosefw=; b=uRgWM0zWs3M9/XeW7sXZPEAX1DaIp+5mwJ5KhdHHsR5aD6fXgCdRjdamekO+CKZ5lj lnwaY7nLpT9ucuoSXxlF+N440AJYQYD1HtCPYWZN4zOd9NHcYFfksa0vxgvjq+Cifelu rWRnp9qskxBzI8nsYzXHXsZ34LAZTKaYHO1stFEXM35OCHAbUZ62rJJ0h1lSlj299kTh o8AtLbEGahWOqFlKtCb6TOtWDrh5YDLwFy42WWALd02hRsDZp2ypIrP0tONHCKMcQMl7 5pTrY/d3tAj/2BoTAB++DAF23ivaGD+7dXB9l9jrzO2wHyjPGJ3tc4yttjHPUX45ozMh h5HA==
X-Received: by 10.68.113.5 with SMTP id iu5mr6142731pbb.60.1396517273908; Thu, 03 Apr 2014 02:27:53 -0700 (PDT)
Received: from sunqideair.lan ([166.111.68.231]) by mx.google.com with ESMTPSA id qh2sm22612114pab.13.2014.04.03.02.27.50 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 03 Apr 2014 02:27:53 -0700 (PDT)
From: Qi Sun <sunqi.csnet.thu@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_018E8CD6-E2D1-40AC-BC54-EF5FDE963B10"
Date: Thu, 03 Apr 2014 17:27:47 +0800
Message-Id: <0608491B-C35F-4145-BD3D-A3D766A5A3E4@gmail.com>
To: "<dhcwg@ietf.org>" <dhcwg@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/94ibZGmTp_zC69z44JlMrBbYCME
Cc: draft-ietf-dhc-sedhcpv6@tools.ietf.org
Subject: [dhcwg] Review of draft-ietf-dhc-sedhcpv6-01
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Apr 2014 09:28:08 -0000

Hi all,

I volunteered to review the document. Here are my comments (sorry if some of them have been discussed). But most are editorial. 

1. Technical
1) About the Signature Option
a) Different description of Signature Option:
Sec 5.3: "It protects the entire DHCPv6 header and options, except for the Authentication Option.” 
Sec 6.1: "It protects the message header and the message payload and all DHCPv6 options except for the Signature option itself and the Authentication Option.”

b) As is described above, Signature option does not protect itself including the timestamp which will be used to judge the message's validity. It means attackers can change the timestamp without destroying the signature. So attackers changes the timestamp of message, then the recipient will inspect the signature which is "correct" despite the change of the timestamp. This might cause a replay attack.

2) Inequality on the bottom of Page 12
"TSnew + fuzz > TSlast + (RDnew - RDlast) x (1 - drift) - fuzz"

What if RDnew < RDlast, maybe caused by a bad clock? In this case, the inequality holds (so that the message is accepted) but there might be something wrong. For the security reason, it would be better to drop the message, IMHO.

2. Editorial
1) Section titles:
Sec 3: Security Overview of DHCPv6
Sec 4: Secure DHCPv6 Overview
They are kind of close at the first glance.
Suggestion:
s/Sec 4: Secure DHCPv6 Overview/Sec 4: Secure DHCPv6 Mechanism Overview/

2) Add a section of Terminology
There are some terms that are not well-known to the readers. It would be clearer if a section of Terminology could define them before using.
For example:
CA; leap of faith mode; TSlast; RDlast; TSnew; RDnew; drift; etc.

3) Sec 3, 2nd paragraph (and followed paras)
Unnecessary indentation

4) Sec 4, 3rd para
  In this document, we introduce a public key option, a certificate
  option and a signature options with a corresponding verification
  mechanism.
s/a signature options/a signature option/

5) Sec 4.1, bullet 1
  A second option is defined to carry the certificate.
s/A second option/Another option/
Note: “A second option” reads like the two options are kind of linked to each other. But from the description, the two options should not appear at the same time.

6) Sec 5.1
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     OPTION_Public_Key         |         option-len            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
.                Public Key (variable length)                   .
.                                                               .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
s/OPTION_Public_Key/OPTION_PK_PARAMETER/

7) Sec 5.2
 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    OPTION_Certificate         |         option-len            |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
.                Public Key (variable length)                   .
.                                                               .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
s/OPTION_Certificate/OPTION_CERT_PARAMETER/

8) Sec 6.2, the last para
   A Relay-forward or Relay-reply message with any Public Key,
   Certificate or the Signature option is invilad.  The message SHOULD
   be discarded silently.
s/invilad/invalid/
Use MUST instead of SHOULD?

9) Sec 6.3, 1st para
   Actually, be definition in
   this document, relay agents MUST NOT add any secure DHCPv6 options.
10) Sec 6.4, bullet 2
   o  The time stamp in the last received and accepted DHCPv6 message. 
      This is called TSlast. 
s/time stamp/timestamp/

11) Sec 7, 3rd para
   The Secure DHCPv6 mechanism is based on the pre-condition that the
   recipient knows the public key of senders or the sender’s certificate
   can be verified through a trust CA.
s/through a trust CA/through a trusted CA/


12) Sec 7, Page 14
   However, the two communciating nodes can be synchronized is out of
   scope of this work.
s/the two/how the two/
s/communciating nodes/communicating nodes/

Best Regards,
Qi

v2.23.0 | Report a Bug | By Email