Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt
"Bernie Volz (volz)" <volz@cisco.com> Wed, 19 October 2016 14:44 UTC
Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC1F51299A5 for <dhcwg@ietfa.amsl.com>; Wed, 19 Oct 2016 07:44:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.953
X-Spam-Level:
X-Spam-Status: No, score=-14.953 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1T6A5xpckeO4 for <dhcwg@ietfa.amsl.com>; Wed, 19 Oct 2016 07:44:45 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3AC51299A1 for <dhcwg@ietf.org>; Wed, 19 Oct 2016 07:44:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3626; q=dns/txt; s=iport; t=1476888284; x=1478097884; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=FcQrovX+mHBRWUuK2elZdqf5Or/3tuisRz8Qs8ww5Vo=; b=ggNwwGsygzZOcztpE25YmYVz2QNzt6Jn7K1UR7u1PCEVPrEG+fzc19RE L1AyqF+WK0u1oNxsR6hssduBCQDRGZD9o38zgbqmyiBDGOPgIKrbMLHZ5 8fsJYQe+G+81c44XoKZvD5ETJWuCOwBtaiWnuX89aaLfEPNN7NNBgErG2 A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CCAQDohQdY/5hdJa1cGgEBAQECAQEBAQgBAQEBgzwBAQEBAR1XfAeNLZZ7lDqCCBwLhXoCGoFdOBQBAgEBAQEBAQFiHAuEYQEBAQQBAQEgEToLDAQCAQgRBAEBAwIjAwICAiULFAEICAIEDgWIUg62aY0HAQEBAQEBAQEBAQEBAQEBAQEBAQEBHIEHiguERxeCbYJbBZoLAYYoiWGBbk6EG4kijH6DfwEeNlWEdHKHPYEAAQEB
X-IronPort-AV: E=Sophos;i="5.31,514,1473120000"; d="scan'208";a="165132391"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Oct 2016 14:44:43 +0000
Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u9JEih63004564 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 19 Oct 2016 14:44:43 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 19 Oct 2016 09:44:43 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Wed, 19 Oct 2016 09:44:43 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "draft-ietf-dhc-sedhcpv6@tools.ietf.org" <draft-ietf-dhc-sedhcpv6@tools.ietf.org>
Thread-Topic: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt
Thread-Index: AQHSKbqZyqHHViWYOUO7NnoOAjQUV6CvzqUwgAAdSwA=
Date: Wed, 19 Oct 2016 14:44:43 +0000
Message-ID: <D42CFD46.3A213%volz@cisco.com>
References: <147684844953.30770.2998767837995922327.idtracker@ietfa.amsl.com> <4eee93582e894ba1b195d1a9b027516f@XCH-ALN-003.cisco.com>
In-Reply-To: <4eee93582e894ba1b195d1a9b027516f@XCH-ALN-003.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.9.160926
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.86.240.157]
Content-Type: text/plain; charset="utf-8"
Content-ID: <46C01E6DA16BC048918ADB45607BF676@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/EdNVBEH952z9CabMoBLjk33LAI8>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2016 14:44:47 -0000
BTW: I haven’t looked into it myself, but I wonder whether having a “compressed” certificate is possible (i.e., using the LZ or similar compression (perhaps zlib) on the certificate)? Perhaps the certificates are already in some kind of compressed format? There’s also an interesting question whether compressing the entire DHCPv6 message before encrypting it has any value? That might also avoid the need for a compressed certificate. The cost to doing this (cpu and code) would likely be fairly minor, but it could avoid generating (as many) fragments on the network. - Bernie On 10/19/16, 10:04 AM, "Bernie Volz (volz)" <volz@cisco.com> wrote: > >-----Original Message----- >From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of >internet-drafts@ietf.org >Sent: Tuesday, October 18, 2016 11:41 PM >To: i-d-announce@ietf.org >Cc: dhcwg@ietf.org >Subject: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt > > >A New Internet-Draft is available from the on-line Internet-Drafts >directories. >This draft is a work item of the Dynamic Host Configuration of the IETF. > > Title : Secure DHCPv6 > Authors : Sheng Jiang > Lishan Li > Yong Cui > Tatuya Jinmei > Ted Lemon > Dacheng Zhang > Filename : draft-ietf-dhc-sedhcpv6-16.txt > Pages : 29 > Date : 2016-10-18 > >Abstract: > DHCPv6 includes no deployable security mechanism that can protect > end-to-end communication between DHCP clients and servers. This > document describes a mechanism for using public key cryptography to > provide such security. The mechanism provides encryption in all > cases, and can be used for authentication based on pre-sharing of > authorized certificates. > > >The IETF datatracker status page for this draft is: >https://datatracker.ietf.org/doc/draft-ietf-dhc-sedhcpv6/ > >There's also a htmlized version available at: >https://tools.ietf.org/html/draft-ietf-dhc-sedhcpv6-16 > >A diff from the previous version is available at: >https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-sedhcpv6-16 > > >Please note that it may take a couple of minutes from the time of >submission >until the htmlized version and diff are available at tools.ietf.org. > >Internet-Drafts are also available by anonymous FTP at: >ftp://ftp.ietf.org/internet-drafts/ > >_______________________________________________ >dhcwg mailing list >dhcwg@ietf.org >https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-1… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-1… Lishan Li