IETF Logo Mail Archive

Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17

Lishan Li <lilishan48@gmail.com> Sat, 19 November 2016 17:11 UTC

Return-Path: <lilishan48@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0321D1299CE for <dhcwg@ietfa.amsl.com>; Sat, 19 Nov 2016 09:11:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iosz4WIrN_Dz for <dhcwg@ietfa.amsl.com>; Sat, 19 Nov 2016 09:11:20 -0800 (PST)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DB701299C7 for <dhcwg@ietf.org>; Sat, 19 Nov 2016 09:11:20 -0800 (PST)
Received: by mail-qk0-x230.google.com with SMTP id n21so303402952qka.3 for <dhcwg@ietf.org>; Sat, 19 Nov 2016 09:11:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GyabqYK5gW5jQ+hx9qpgFSDCWAgWdXskyj3J2m8ClFc=; b=YyySRBB/ZG2qOLgLlnPFQ6VO+eKml5Q/uzB6FIMt4JjsS56uYxYGAHRo5P/hPk0zgh +Q5mX0RZl0uGj9oOOTHs9NmM63LeuLRHRWsDm/sz0bQ4B36pEMAmFeWRt+za8mUCpcvC XfDQeeCBs5o+lsQF73MMWfObopnBIkp2gjrc4mfgdNDhOLoC3zRv7Ek6XLF2E+OlipkM 4TZjEnRiFFf7pws3+3dA3HVyI1TId1kCvSFU6M3RPzDK8HeKTtaaCLuKR0x1B8nz37s7 KLBZfrtO0fXZvjh+7uT7WcrDDkohc3K72++IgXHw+VTglAkzjFa3ycihk2QFzkIhpYb+ 9Eeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GyabqYK5gW5jQ+hx9qpgFSDCWAgWdXskyj3J2m8ClFc=; b=kJ5e8a09Dfz5iT5oWNqwOxtp8TmhzRoQWeuDge1XkkBWPSITsuTBCOElUGH0HAItIt 1/t+BeRkQSjvSWR9ez0BUf02gIWhN22IoF5405f0rt3RlKAcQk7zSuvXOcizziOx3AGx wfE9raE0gmFgYSSkVdIgrSaR0XqB7pd/ajn/GRO1q1/QdR+bacJ4rOQOo2HE34e7Sp2r w20YXq0Jjrpgov7M0T7uGoOxRsGE2kc4NzVx1amB8Ba9V/qItWr08oZWkFwMSDKHEYcd sy5imyISjfA2zKqkcFThSgX5YwqR0fLdIUiuzGFb7aOgo8nixn6PfM/xEdhTw3nwlsFp rwww==
X-Gm-Message-State: AKaTC029kFpdc1Tye6JSPjB4s2MaXTupx/18hOqjATJTs+RmGpl6zSDeo/CfVum9JlPz2e8m8VS+NdBlDiP/QQ==
X-Received: by 10.55.191.134 with SMTP id p128mr6372455qkf.58.1479575479503; Sat, 19 Nov 2016 09:11:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.237.62.242 with HTTP; Sat, 19 Nov 2016 09:11:18 -0800 (PST)
In-Reply-To: <CAJE_bqceK7YLpMqhgjqrFQh7641a+ZRcnO0F6p6BiM8EMKmA7w@mail.gmail.com>
References: <CAJE_bqebwr2WUUgaNgiYS4_8L77Gxj4Os+oPRG407B6ELMEhCQ@mail.gmail.com> <CAJ3w4Ndi5Gq63n5kZnanRhLM8nWE2wsWGh0kJJLJnq=VoXLuCg@mail.gmail.com> <CAJE_bqegh1DfWjfK2BxeC_fWa0cEk-KJNP0AT-TQuEa39w_wVQ@mail.gmail.com> <CAJ3w4NdM99nv4C19Xj=aosNme+_Ymyys=xQ3UWUfeZReZC4ckA@mail.gmail.com> <CAJE_bqdhGZnK16MooiyujDgthDNnR74EiwW0OevrN6uq4b4ANw@mail.gmail.com> <CAJE_bqfKUZe2yaW1sAq7rrib0M7wz28HHtPLqCHK=vXcN6amgg@mail.gmail.com> <CAJ3w4Nd3s+ZojjiotLkKwys6truhUgK6F-90UYjcpB9iw=fKKQ@mail.gmail.com> <m2r36nuqvn.wl%jinmei.tatuya@gmail.com> <CAJ3w4NeuNYTrX4p5rtZ6UceD5ydQ-B-vY6aqQzxWnXsrDOEFEA@mail.gmail.com> <CAJE_bqdh-bgk7BHZJnaFFBr3PDj4ZnSSGeGNdQ70F7dv91iQrA@mail.gmail.com> <CAJ3w4NfU9PrC9a+MGnJ=Es1yir_asHB3p1=9GfxZZ0iSe+At+Q@mail.gmail.com> <CAJE_bqfRBYkrniWQ+vtPULTURnvyV792QNGvr8JhhZpGQ0MSdA@mail.gmail.com> <CAJ3w4NerRzHYsRqcUAkAjHX23PYVF4Jv0wKcd33vXRRg+-0EAQ@mail.gmail.com> <CAJ3w4NekPk0TuAZW_jmTDYQHd8JP3GsrA0qrKYrnyqSSk3qwxw@mail.gmail.com> <CAJE_bqc8hkrc3dYefTPWi-mUCtZD+oYsrobCK1KjmVGRnNfMCw@mail.gmail.com> <CAJ3w4NejrFAT3RK7i0W46HkQNJjhPxbhzQiL=3fcrceidTzHNQ@mail.gmail.com> <CAJE_bqcCwZWPHuZ0UR8_jyCUsaTrYKzLD8zUKwChYaCL06yT9A@mail.gmail.com> <CAJ3w4NfS8PKOMHcP5s_Nsp5K5eWJfXWRF-vNEau_ekqTRwE=wA@mail.gmail.com> <CAJE_bqfqSXFR9R5wf1USg-zs+nvdohQFq99kQL2DiapXvUdEqA@mail.gmail.com> <CAJ3w4Ncj40JwrW6UB+TVFvymByU5Y9iFv5QroWhwUzkLrS2DTg@mail.gmail.com> <CAJE_bqd38grUh9q57a-H29GsMx5Dpv9VE0iBMO7v_-y97zZZUg@mail.gmail.com> <CAJ3w4Ne63cnqoeTZk=PDmAN9+i6jwzyxbK+up45wB9h+xUDSfw@mail.gmail.com> <CAJE_bqceK7YLpMqhgjqrFQh7641a+ZRcnO0F6p6BiM8EMKmA7w@mail.gmail.com>
From: Lishan Li <lilishan48@gmail.com>
Date: Sun, 20 Nov 2016 01:11:18 +0800
Message-ID: <CAJ3w4Nf65b1zo-smMguZBc_-RbFh2y8kk7Fnu__TKCQEVbs48w@mail.gmail.com>
To: 神明達哉 <jinmei@wide.ad.jp>
Content-Type: multipart/alternative; boundary="94eb2c04397cdfd1040541aa824e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/Cc2vcSXd4QY-YR-VjCAQ-aGmYPI>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] preliminary comments on draft-ietf-dhc-sedhcpv6-17
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Nov 2016 17:11:22 -0000

2016-11-19 3:51 GMT+08:00 神明達哉 <jinmei@wide.ad.jp>:

> At Fri, 18 Nov 2016 00:56:35 +0800,
> Lishan Li <lilishan48@gmail.com> wrote:
>
> > [LS]: Thanks a lot for your explanation.
> > Then, for the next step, the transaction-id of Encrypted-Query and
> > Encrypted-Response message works as identifier for the public key
> > of encryption and private key for decryption.
> > When receiving the first Encrypted-Query message, the server has
> > to try all the private keys that it might use.
> > Could you please check whether my understanding correct?
>
> Hmm...I'm afraid I don't understand your understanding:-)
>
> My understanding of where we are is that we now agree that as of
> sedhcpv6-17 the server can't efficiently identify the private key to
> decrypt a message in an Encrypted-Query message.
>
> I can think of two possible next steps from here:
> 1. leave the inefficiency: let the server try all possible private
>    keys until it can decrypt the message or conclude no key works.

2. introduce some kind of concept of "key ID" (or "key tag", in which
>    case 100% uniqueness isn't required) and have the client include it
>    in Encrypted-Query messages.
>
[LS]: I don't know why in this case, 100% uniqueness isn't required.
Key id is used as the identifier of the private key, can the two private
key (two clients) uses the same key id?

>
> I personally prefer option #2, but in that case I don't like to
> overload the existing transaction-id field for this purpose.
>
[LS]: The standard DHCPv6 message format contains the
transaction-id. If the transaction-id is not contained, then the
message is not DHCPv6 message. Transaction-id field's size
is very small.
In the before presentation, we have showed that Encrypted-Query
and Encrypted-Response messages are DHCPv6 messages.
And no one proposed any problem. And I also think that
there is no problem. If you insist on your opinion, please
states the caused problem and modify the draft. I don't
have any comment on this.

Best Regards,
Lishan

v2.23.0 | Report a Bug | By Email