RE: [dhcwg] Restrictions of information flow in leasequery messages
"Bernie Volz" <volz@cisco.com> Fri, 09 April 2004 16:43 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07097 for <dhcwg-archive@odin.ietf.org>; Fri, 9 Apr 2004 12:43:43 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BBz64-0008Qb-Ul for dhcwg-archive@odin.ietf.org; Fri, 09 Apr 2004 12:43:16 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i39GhGiM032393 for dhcwg-archive@odin.ietf.org; Fri, 9 Apr 2004 12:43:16 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BBz64-0008QO-QY for dhcwg-web-archive@optimus.ietf.org; Fri, 09 Apr 2004 12:43:16 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA07065 for <dhcwg-web-archive@ietf.org>; Fri, 9 Apr 2004 12:43:13 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1BBz62-0007KJ-00 for dhcwg-web-archive@ietf.org; Fri, 09 Apr 2004 12:43:14 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BBz3g-00073Z-00 for dhcwg-web-archive@ietf.org; Fri, 09 Apr 2004 12:40:49 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BBz00-0006cu-00 for dhcwg-web-archive@ietf.org; Fri, 09 Apr 2004 12:37:00 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BBz01-0007d8-2j; Fri, 09 Apr 2004 12:37:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BByzS-0007Ym-Bt for dhcwg@optimus.ietf.org; Fri, 09 Apr 2004 12:36:26 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA06487 for <dhcwg@ietf.org>; Fri, 9 Apr 2004 12:36:23 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1BByzQ-0006a9-00 for dhcwg@ietf.org; Fri, 09 Apr 2004 12:36:24 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BBywi-0006G9-00 for dhcwg@ietf.org; Fri, 09 Apr 2004 12:33:36 -0400
Received: from rtp-iport-2.cisco.com ([64.102.122.149]) by ietf-mx with esmtp (Exim 4.12) id 1BByt9-0005qU-00 for dhcwg@ietf.org; Fri, 09 Apr 2004 12:29:55 -0400
Received: from rtp-core-1.cisco.com (64.102.124.12) by rtp-iport-2.cisco.com with ESMTP; 09 Apr 2004 09:25:42 -0700
X-BrightmailFiltered: true
Received: from flask.cisco.com (IDENT:mirapoint@flask.cisco.com [161.44.122.62]) by rtp-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id i39GTLcp009259; Fri, 9 Apr 2004 12:29:21 -0400 (EDT)
Received: from volzw2k (sjc-vpn4-400.cisco.com [10.21.81.144]) by flask.cisco.com (Mirapoint Messaging Server MOS 3.3.6-GR) with ESMTP id AHM46246; Fri, 9 Apr 2004 12:29:19 -0400 (EDT)
From: Bernie Volz <volz@cisco.com>
To: 'Kim Kinnear' <kkinnear@cisco.com>, 'Ralph Droms' <rdroms@cisco.com>, dhcwg@ietf.org
Subject: RE: [dhcwg] Restrictions of information flow in leasequery messages
Date: Fri, 09 Apr 2004 12:29:18 -0400
Organization: Cisco
Message-ID: <002e01c41e4f$cf1de8b0$6401a8c0@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
In-Reply-To: <4.3.2.7.2.20040408164627.0283bf48@goblet.cisco.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Kim: I agree with you - this information is generally available. Perhaps a solution is that a server always has the option of not returning data it considers too sensitive - such as GEOPRIV information. Perhaps something like the following should be added to the Security Considerations: In some environments it may be appropriate to configure a DHCP server with option numbers that MUST not be returned in response to DHCPLEASEQUERY messages because these options are considered to contain sensitive information. I do think that once security options exists for relay to server communication, if this was a concern at a site, the site should use those options (and restrict who the server responds to for a DHCPLEASEQUERY). - Bernie -----Original Message----- From: dhcwg-admin@ietf.org [mailto:dhcwg-admin@ietf.org] On Behalf Of Kim Kinnear Sent: Thursday, April 08, 2004 4:52 PM To: Ralph Droms; dhcwg@ietf.org Cc: kkinnear@cisco.com Subject: Re: [dhcwg] Restrictions of information flow in leasequery messages At 08:16 PM 4/6/2004, Ralph Droms wrote: >Ted Hardie: > >Discuss: >This whole method has "invitation to mischief" printed in large, block >letters across its shirt. After being told repeatedly that there is no >restriction on the use cases for this mechanism, this text: > > For this query, the requester supplies only an IP address in the > DHCPLEASEQUERY message. The DHCP server will return any > information that it has on the most recent client to have been > assigned that IP address. > >sets off lots of alarm bells. If I read this right, *any information* >associated with that IP address is returned? If information used to >construct a location object is present (as in the geopriv dhcp-li >draft), that would get returned? That seems kind of excessive for an >access concentrator, but very, very nice for a black hat. This whole >section on Parameter Request List options: > > The Parameter Request List option (option 55) SHOULD be set to > the options of interest to the requester. The interesting > options are likely to include the IP Address Lease Time option > (option 51), the Relay Agent Information option (option 82) and > possibly the Vendor class identifier option (option 60). In the > absence of a Parameter Request List option, the server SHOULD > return the same options it would return for a DHCPREQUEST > message which didn't contain a DHCPLEASEQUERY message, which > includes those mandated by [RFC 2131, Section 4.3.1] as well as > any options which the server was configured to always return to > a client. > >has no restrictions of any type on the return of any data. Why is all >of this data being made available via this method? I suppose because all of this data is already available on the wire (and sometimes broadcast) if you just watch it go by. Of course, you have to *be* on the wire to see it that way. What do the rest of you think about this issue? Cheers -- Kim >It's too bad that SNMP is off the table here, as that would give you a >realistic way to limit data to specific queries and queriers. > >Limiting the protocol to a very specific use that fits the demonstrated >need seems like it would make getting the security mechanisms right >easier; if this is meant to be truly general purpose, it needs a >general purpose mechanism that would give it the same level of security >as SNMP would for this same purpose. > > >_______________________________________________ >dhcwg mailing list >dhcwg@ietf.org >https://www1.ietf.org/mailman/listinfo/dhcwg _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Restrictions of information flow in lease… Ralph Droms
- Re: [dhcwg] Restrictions of information flow in l… Kim Kinnear
- RE: [dhcwg] Restrictions of information flow in l… Bernie Volz
- RE: [dhcwg] Restrictions of information flow in l… Richard Barr Hibbs