Re: [dhcwg] seDHCPv6 update and next steps ...

Ted Lemon <mellon@fugue.com> Thu, 13 July 2017 00:26 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 186C0131790 for <dhcwg@ietfa.amsl.com>; Wed, 12 Jul 2017 17:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t51vB0PdbM8L for <dhcwg@ietfa.amsl.com>; Wed, 12 Jul 2017 17:26:02 -0700 (PDT)
Received: from mail-pg0-x230.google.com (mail-pg0-x230.google.com [IPv6:2607:f8b0:400e:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C10312EC48 for <dhcwg@ietf.org>; Wed, 12 Jul 2017 17:26:02 -0700 (PDT)
Received: by mail-pg0-x230.google.com with SMTP id k14so20777294pgr.0 for <dhcwg@ietf.org>; Wed, 12 Jul 2017 17:26:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=R+S0pgtWz8lbYMM7aD1ys2WfUzw52rUIVHzZ/DOeucY=; b=O72v7NUBAjfDHiDDMbP0xuRq7iAda0t7ZdU/myEB+ENhVQhoUTk/0uU2z/fi3/Wdce fiWKv28mCtE4ZhqfmnJbXVR5SlQ4/1R9eDPLgQRNeNE89zMWmF6So4GSKWAeItz/eUha e5glDPjKIFcWoQ4AF2nPpAvc4vO7ahBizGw3YUN6nquzuXf44poncAyXHFOzaYJ+GZJS wv9rB4udgfpkUp0IS2AlA5UOwvP2xip0u3QiVwL+IDAKpxHY/D1yibqieUgxrVRHM3cQ Q8IAMdA8NSjsPZHCSgfsWUZcmtnJcbR8GbAmx0CsMZLtZaAGkPikyqE30OS0dHMiC7Km j/mQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=R+S0pgtWz8lbYMM7aD1ys2WfUzw52rUIVHzZ/DOeucY=; b=ZVb9zjhEJ8OhvDbm+UVXdXsxlsxs/KrGS0PDjXQQmzF76zw7Gd/3aVZmnZkfZhrkS2 76gCAvJDpMOr1BBPxapUF1A+b1dS/9X/K/BQFziJRw4gro7cHgBO7M/U+Br28uCDdy+x XRFMphULdQzB43DjwEI9Ekyciroze0T3nTMRtjeP0mbvzkWswJcQpiZi4jFfMFe0JXeP g1ottxwSCvL2ouJ9lHrxIuvhyDTDWPSZMusPVyqpGgsUNAcki9QY8OtwX1534Tp8Gw9i ER3Oyw2hdUf0dtz/GfSvpKYgTIFHNNHd2FdsTUcT9E8RjgXNX6iWYzq5eWsbioJm2aId POSA==
X-Gm-Message-State: AIVw113TNaSoA+6muJhDS4luNf24y/bLpmIvqCU/d7rwkG0ejN3iTaQj JiIvgKWmXCDZ3Ze+WJLDh0Zc47Aoe0u7
X-Received: by 10.99.51.142 with SMTP id z136mr6264442pgz.275.1499905561755; Wed, 12 Jul 2017 17:26:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.170.2 with HTTP; Wed, 12 Jul 2017 17:25:21 -0700 (PDT)
In-Reply-To: <0A6AD09C-F75A-4A64-8ECB-A6A81C1201D6@cisco.com>
References: <4775705423554cc39360724881251abe@XCH-ALN-003.cisco.com> <a3d7522c763947a2916edfc461bf92af@XCH15-06-08.nw.nos.boeing.com> <e9cbb73ac7164448aa215c5ab3081e18@XCH-ALN-003.cisco.com> <cb431acefa5149a4a024538352e02357@XCH15-06-08.nw.nos.boeing.com> <0A6AD09C-F75A-4A64-8ECB-A6A81C1201D6@cisco.com>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 12 Jul 2017 20:25:21 -0400
Message-ID: <CAPt1N1mSxTdtpqcVQRnHnYLH=8iu00+rs0FjrLYc-xyQLqn3Lw@mail.gmail.com>
To: "Bernie Volz (volz)" <volz@cisco.com>
Cc: "Templin, Fred L" <Fred.L.Templin@boeing.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-sedhcpv6@tools.ietf.org" <draft-ietf-dhc-sedhcpv6@tools.ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0b3f70349688055427faac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/Ao7yl8nlKIVEnmSaiCS89iNcV1Y>
Subject: Re: [dhcwg] seDHCPv6 update and next steps ...
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2017 00:26:06 -0000

You mean for leasequery?   We should probably scope that out.   It's not
clear to me that there's an overlap in the use cases, though.

On Wed, Jul 12, 2017 at 6:30 PM, Bernie Volz (volz) <volz@cisco.com>; wrote:

> Ok, thanks for your use case. We'll hopefully get more.
>
> And,
>
> since there may be a LDRA, the DHCPv6 parameters must be available
>
> in-the-clear so that the LDRA can snoop any IA_NA/IA_PD assignments.
>
>
> I think this can be solved in other ways, such as via the RAAN work.
> Though one issue with that is we need to figure out how to provide client
> details (i.e., client-id) that might be needed by relays.
>
> - Bernie (from iPad)
>
> On Jul 12, 2017, at 5:36 PM, Templin, Fred L <Fred.L.Templin@boeing.com>;
> wrote:
>
> Hi Bernie,
>
>
>
> My scenario is very simple. The client and server are connected to the same
>
> link, and the link already supports link-layer security (e.g., IEEE
> 802.1X).
>
>
>
> The client knows that it can trust the server because the server’s address
>
> is in a list of known server addresses for the link that cannot be
> subverted
>
> by an adversary and there is no opportunity for source address spoofing.
>
>
>
> The server knows that the client is authorized to connect to the link
>
> (e.g., due to 802.1X) but the server does not know whether the client
>
> is authorized to use the DUID it is claiming in its DHCPv6 messages.
>
> For example, trusted client ‘A’ could use trusted client ‘B’s DUID to
>
> steal client ‘B’s service – an “insider attack”.
>
>
>
> So, what is needed from seDHCPv6 is for the client to authenticate itself
>
> to the server so that it cannot steal the services of another client. And,
>
> since there may be a LDRA, the DHCPv6 parameters must be available
>
> in-the-clear so that the LDRA can snoop any IA_NA/IA_PD assignments.
>
>
>
> Thanks - Fred
>
>
>
> *From:* Bernie Volz (volz) [mailto:volz@cisco.com <volz@cisco.com>]
> *Sent:* Wednesday, July 12, 2017 2:06 PM
> *To:* Templin, Fred L <Fred.L.Templin@boeing.com>;;
> draft-ietf-dhc-sedhcpv6@tools.ietf.org; dhcwg@ietf.org
> *Subject:* RE: seDHCPv6 update and next steps ...
>
>
>
> Hi Fred:
>
>
>
> Thanks for your interest.
>
>
>
> Could you clarify what you mean by authentication-only? As I see if in
> terms of authentication there is:
>
> 1.       Authenticate the server to the client
>
> 2.       Authenticate the client to the server
>
> 3.       Or both
>
>
>
> There are also various degrees of authentication – for example, TOFU
> (Trust on First Use) to trusted third party (and what that might impose on
> certificate distribution / validation).
>
>
>
> And, if you have a specific use model in mind (for example, if this is for
> AERO), having a brief summary of this and the authentication requirements
> would be useful.
>
>
>
> I’d also suggest that understanding why other techniques, such as 802.1X,
> would not be appropriate could provide added value in understanding the
> requirements.
>
>
>
> -          Bernie
>
>
>
> *From:* Templin, Fred L [mailto:Fred.L.Templin@boeing.com
> <Fred.L.Templin@boeing.com>]
> *Sent:* Wednesday, July 12, 2017 4:49 PM
> *To:* Bernie Volz (volz) <volz@cisco.com>;; draft-ietf-dhc-sedhcpv6@tools.
> ietf.org; dhcwg@ietf.org
> *Subject:* RE: seDHCPv6 update and next steps ...
>
>
>
> Hi Bernie,
>
>
>
> Unfortunately, my plane does not arrive until ~16:00 CEST on Sunday. But,
> if
>
> this work is going back to first principles I would like to express an
> interest in
>
> an authentication-only mode of operation (i.e., no encryption). It would
>
> avoid a “double-encryption” when encryption is already provided by the
>
> link layer between the client and server (or first-hop relay) and there are
>
> already other securing mechanisms in place between relays and servers.
>
>
>
> Thanks - Fred
>
>
>
>
>
> *From:* dhcwg [mailto:dhcwg-bounces@ietf.org <dhcwg-bounces@ietf.org>] *On
> Behalf Of *Bernie Volz (volz)
> *Sent:* Wednesday, July 12, 2017 1:30 PM
> *To:* draft-ietf-dhc-sedhcpv6@tools.ietf.org; dhcwg@ietf.org
> *Subject:* [dhcwg] seDHCPv6 update and next steps ...
>
>
>
> Hi:
>
>
>
> There has been some discussion (most recently off the dhcwg mailing list)
> about the sedhcpv6 draft.
>
>
>
> Previously, as discussed on the dhcwg mailing list a while back, there are
> some issues with the current draft (including the encryption issue; the key
> can’t be used to encrypt more data than the size of the key). And, while
> some of the co-authors have communicated recently, others have been quiet
> and it is not clear what the level of interest for each is in continuing.
> This work has sadly had a long road with several turns already.
>
>
>
> The discussion raised the question as to what the goals of this work
> should be. Some feel that we need to step back and first develop a
> “requirements document” to clearly detail what the goals of a securing
> DHCPv6 should be (for example, was the fairly recent push to add encryption
> appropriate?).
>
>
>
> Thus, Tomek and I feel that it would be worth having an interested group
> meet before the IETF-99 DHC WG session (which is on Wednesday, 7/19
> afternoon) to discuss this so that we could formulate a strategy. If you
> have interest, let us know. We propose to meet on Sunday at 14:00 (CEST) in
> Chez Louis (Hackathon) room – we can find a table there, or look for
> another place. (If there is remote participation interest, let us know and
> we’ll see what we might be able to accommodate.)
>
>
>
> We may also have extra time in the DHC WG session to discuss in detail
> there, but it could be helpful to have one or more proposals and, if we get
> the slides out quickly, give people some time to think about it before the
> WG session.
>
>
>
> -          Bernie and Tomek
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg
>
>