Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th

"Bernie Volz (volz)" <volz@cisco.com> Sun, 26 March 2017 02:05 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F0751294A5; Sat, 25 Mar 2017 19:05:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.523
X-Spam-Level:
X-Spam-Status: No, score=-14.523 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uM7V8YhZRdfr; Sat, 25 Mar 2017 19:05:54 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F41F126D73; Sat, 25 Mar 2017 19:05:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=9290; q=dns/txt; s=iport; t=1490493954; x=1491703554; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=4O14CMkKuXqAZ0k3FjXu48UZNtmHq5ClmjeQyRbq9GI=; b=c8NW7aMTlE4FOzmvhAH+Y6+4osa21WYhAdZhr2dGlZqrL8WfMYOiXVnS gR1kt0G0l3VC8UgUosBMzSBMVDOMJFKjByCx1pHPwT8DBvc7dkzbAgXSz 2hpdk//6+AUCFdjT0WyNpQneiNo0kGYE5Sll61StGe1V/YtWZp6aqJIeB 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0ATAQBoIddY/5ldJa1cGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBg1RhgQsHjWqRTZVLgg4fC4V4AoMpPxgBAgEBAQEBAQFrKIUVAQE?= =?us-ascii?q?BAQMBASUTNAsMBAIBCA4DAwEBAR8JBycLFAkIAgQBDQUIiX8OrFI6ijkBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEYBYo0gQmBPIMChXsFhmuCK4gXiy4BhnqDKoMnhHe?= =?us-ascii?q?CBYUqiguTZAEfOEs5WRUYKYRYHYFjdYdfK4EDgQ0BAQE?=
X-IronPort-AV: E=Sophos;i="5.36,223,1486425600"; d="scan'208";a="402051456"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Mar 2017 02:05:53 +0000
Received: from XCH-ALN-002.cisco.com (xch-aln-002.cisco.com [173.36.7.12]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id v2Q25rnj031293 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Sun, 26 Mar 2017 02:05:53 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-ALN-002.cisco.com (173.36.7.12) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Sat, 25 Mar 2017 21:05:52 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Sat, 25 Mar 2017 21:05:52 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>, dhcwg <dhcwg@ietf.org>
CC: draft-ietf-dhc-sedhcpv6 authors <draft-ietf-dhc-sedhcpv6@ietf.org>
Thread-Topic: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th
Thread-Index: AQHSmBEofEj8/aGJckKkKaGWH1j71aGmX41w
Date: Sun, 26 Mar 2017 02:05:52 +0000
Message-ID: <7db55e6f55e34408a1816887c22e28d3@XCH-ALN-003.cisco.com>
References: <e08be0f6-f1b4-4f57-6cdf-ddd546f8b793@gmail.com>
In-Reply-To: <e08be0f6-f1b4-4f57-6cdf-ddd546f8b793@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.86.252.148]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/BhAldejIyj_n8Ut-znpShyIln6s>
Subject: Re: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 02:05:56 -0000

Hi:

I have reviewed the draft and support it moving forward. However, I do have some issues I think need to be addressed but they are mostly fairly small.

I do want to thank the authors for addressing my earlier issues. I think the document is in MUCH better shape now!!

So here goes ...

Section 6:
The sentence: "The encryption text SHOULD be formatted as explain in [RFC5652]." Isn't clear. RFC5652 doesn't use "text" except to mean actual wording in the RFC. Could "encryption text" be clarified? Is this the client's message? Or what exactly is this and which part of RFC 5652 has this "format"? I am not following what this sentence means and what I should do (if I were implementing this).

Note: This same text is also in Section 7 (last paragraph) and needs similar attention.

Section 7:

   option.  Then, the server checks the Server Identifier option.  The
   DHCPv6 server drops the message that is not for it, thus not paying
   cost to decrypt messages.  If it is the target server, according to

I think here you also want the server to proceed if there is NO Server Identifier option? It should only ignore it if there is a Server Identifier option and it does not match this server's identifier?

Section 8

   those present in the innermost encapsulated messages from the client
   or server.

I think messages should just be message as there is only one message?

Section 9.1:

Might be better to split out requirements for a client and server into separate paragraphs (1st paragraph)? Might also be best to be clear that you address:
1. What a client must remember about its own increasing number (i.e., what it sends to the server).
2. What a client must remember about the server's increasing number (i.e., what it receives from server).
3. What a server must remember about a client's increasing number (i.e., what it receives from client).
4. What a server must remember about its own increasing number (i.e., what it sends to clients). I assume a server does NOT need to keep a unique increasing number set for each client it communicates with - a server can use one set for all clients?
Please also be clear about how each of these 4 (2 numbers on client, 2 on server) are handled. The text presently is not very clear -- for example a client can't forget what it sent if the server remembers it.

Later, be clear that this is modulo 2^64 math:

   The Increasing-number option in the received message passes the
   increasing number check if NUM.REC is more than NUM.STO.  And then,
   the value of NUM.STO is changed into the value of NUM.REC.

   The increasing number check fails if NUM.REC is equal with or less
   than NUM.STO.

"More" here is in the modulo arithmetic "more" -- perhaps use "more (modulo 2^64)" and "or less (modulo 2^64)"?

Section 9.2:

I wonder if you should revise the code to make it more appropriate for this document? RDATA/RDLENGTH aren't really appropriate? 

Section 10

There are now only three (not six) status codes.

Section 10.2

   msg-type        Identifier of the message type.  It can be either
                   Encrypted-Query (TBA7) or DHCPv6-Response (TBA8).

Change DHCPv6-Response to Encrypted-Response.


Section 11

   There are some mandatory algorithm for encryption algorithm in this

Change (first) algorithm to algorithms? Or, change "are some" to "is a"


   Likewise, since the Encryption-Key-Tag Option isn't protected, an
   attacker that can intercept the message can forge the value without
   detection.

Isn't this generally useless? As the message is encrypted, the validation will fail?


Some even more MINOR comments (these would perhaps improve readability but would likely be addressed by the RFC editor):

Section 6:

Perhaps replace "contained" and "contain" with "included" and "include" in the sentences later in that same paragraph (with the "The encryption text...").


   For the received Encrypted-Response message, the client MUST drop the
   Encrypted-Response message if other DHCPv6 option except Encrypted-
   message option is contained.

How about:

   For the received Encrypted-Response message, the client MUST drop the
   Encrypted-Response message if it contains any option other than a single
   Encrypted-message option.

Note: There are some other odd uses of contain (when at least I think the text should use include). But it may not be worth trying to change these (the usage is tricky - you can google for "english contain vs include" if you like). We will leave it to the RFC editor to perhaps clean these up if appropriate.


      The client MAY use the AuthenticationFail as a hint and switch
      to other DHCPv6 server if it has another one.  

Change to "to another DHCP server if it has one"?

Section 7:

   Upon the receipt of Encrypted-Query message, the server MUST drop the
   message if the other DHCPv6 option is contained except Server

Here "the other" should change to "another".

Note: There are several other places where contained/contain would (at least in my mind) be more "standard" if the text used included/include. Same goes for use of "other" (-> another).

Last paragraph of section 7, "then the server set the". Set should be sets.

Section 10.1.1

For EA-len, might be good to add "(must be a multiple of 2)"
For SHA-len, might be good to add "(must be a multiple of 4)"

Also, I think you should change all "2-octets value" to "2-octet value".

Section 11

   For this security item, It is RECOMMENDED that client certificates
   could be tied to specific server certificates by configuration.

Lower case "It"?


General

There are uses of "cert" and "certs" and "certificate(s)". Are these one in the same? Shouldn't we just use "certificate" throughout? Or perhaps you should add "cert(s)" to terminology section?


- Bernie

-----Original Message-----
From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Tomek Mrugalski
Sent: Wednesday, March 08, 2017 8:37 AM
To: dhcwg <dhcwg@ietf.org>
Cc: draft-ietf-dhc-sedhcpv6 authors <draft-ietf-dhc-sedhcpv6@ietf.org>
Subject: [dhcwg] WGLC on draft-ietf-dhc-sedhcpv6-21 - Respond by March 29th

Hi,
draft-ietf-dhc-sedhcpv6-21 describes a mechanism for using public key cryptography to provide end-to-end security between DHCPv6 clients and servers. The mechanism provides encryption in all cases, and can be used for authentication based on pre-sharing of authorized certificates. This draft has started in 2013, but the whole DHCPv6 security saga is much longer and begins in 2008. This draft was submitted to IESG in mid-2015.
The guidance received was clear that  substantial changes are needed. As a result, "encrypt everywhere, authenticate if you can" approach was used.

Authors believe this draft to be ready for working group last call.

Please send your substantial comments to the mailing list and express your opinion whether this draft is ready for publication. Feel free to send nitpicks and minor corrections to the authors directly. This is a complex draft, so the chairs believe 3 weeks WGLC is in order. Please send your comments no later than March 29th. Bernie and I will determine consensus and will discuss during Chicago meeting as needed.

To initiate the discussion, I have two related questions. The chairs would love to hear your opinions on those.

1. The "encrypt everywhere" paradigm means that in deployments that do snooping on relay will break down. To solve this problem, we need a assignment notification mechanism, similar to the one described in draft-ietf-dhc-dhcpv6-agentopt-delegate-04. That draft expired many years ago. This matter was discussed in Seoul and the minutes describe the conclusion as:

  The discussion gravitated towards not resurrecting until the sedhcpv6
  I-D progresses further. We will reevaluate this once sedhcpv6 is done.

Do you want the WG to resurrect agentopt-delegate a) now, b) when
sedhcpv6 is sent to IESG or c) when sedhcpv6 is published as RFC? d) we need a completely new draft and I'm volunteering to work on it.

2. One of the authors suggested that this protocol is quite complex and having a feedback from an implementation (or ideally two interoperating) would be very important and would likely result in some changes to the draft. It's probably too late for Chicago, but we can organize a
sedhcpv6 hackathon in Prague. Two likely implementations would be WIDE and Kea, as those two are open source and have an old version of the draft partially implemented. Do you think such a hackathon would be useful? Are you willing to participate?

Title: Secure DHCPv6
Authors: L. Li, S. Jiang, Y.Cui, T.Jinmei, T.Lemon, D.Zhang
Filename: draft-ietf-dhc-sedhcpv6-21
Pages: 31
Date: 2017-02-21
Link: https://datatracker.ietf.org/doc/draft-ietf-dhc-sedhcpv6/

Responses by March 29th are appreciated.

Thanks,
Bernie and Tomek

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg