IETF Logo Mail Archive

Re: [dhcwg] Lifetime draft: refresh time should never be more thanIRT_DEFAULT

Ted Lemon <Ted.Lemon@nominum.com> Wed, 17 November 2004 01:48 UTC

Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA22517; Tue, 16 Nov 2004 20:48:20 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CUErB-0004eA-Mk; Tue, 16 Nov 2004 20:43:37 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CUEoy-0004JP-SA for dhcwg@megatron.ietf.org; Tue, 16 Nov 2004 20:41:21 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA21677 for <dhcwg@ietf.org>; Tue, 16 Nov 2004 20:41:19 -0500 (EST)
Received: from shell-ng.nominum.com ([81.200.64.181]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CUErI-0001nw-2Y for dhcwg@ietf.org; Tue, 16 Nov 2004 20:43:44 -0500
Received: from [81.200.65.109] (dhcp-109.wl.nominum.com [81.200.65.109]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client did not present a certificate) by shell-ng.nominum.com (Postfix) with ESMTP id 7417B56884 for <dhcwg@ietf.org>; Tue, 16 Nov 2004 17:40:46 -0800 (PST) (envelope-from Ted.Lemon@nominum.com)
Mime-Version: 1.0 (Apple Message framework v619)
In-Reply-To: <200411161050.55774.jdq@lucent.com>
References: <002a01c4c6ac$654323f0$be878182@amer.cisco.com> <D0FDE6C2-32A2-11D9-AA52-000A95D6A618@nominum.com> <20041116132415.GF26517@sverresborg.uninett.no> <200411161050.55774.jdq@lucent.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <B30EA72A-3839-11D9-8CDB-000A95D6A618@nominum.com>
Content-Transfer-Encoding: 7bit
From: Ted Lemon <Ted.Lemon@nominum.com>
Subject: Re: [dhcwg] Lifetime draft: refresh time should never be more thanIRT_DEFAULT
Date: Tue, 16 Nov 2004 17:40:45 -0800
To: dhcwg@ietf.org
X-Mailer: Apple Mail (2.619)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 93238566e09e6e262849b4f805833007
Content-Transfer-Encoding: 7bit
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
Content-Transfer-Encoding: 7bit

On Nov 16, 2004, at 7:50 AM, Joe Quanaim wrote:
> A rogue
> dhcpv6 server could do much worse than to set the lifetime option to an
> excessive value.

Or it could do both, for a triple word score.   This is my concern - 
clients that don't restrict the length of the lifetime option simply 
never recover from an attack like this, where as clients that do 
restrict it do recover.

> And if a client does not implement the lifetime option
> (which will probably be true for the near term), it is still 
> vulnerable to
> this attack whatever we decide the maximum value should be.

I think such clients are unlikely to be an issue in practice at this 
stage of deployment.

I think that it should be sufficient to say that clients SHOULD 
restrict the lifetime to a day, and explain why, and let the 
implementor decide how to handle it.   Or maybe just say "clients MAY 
limit the lifetime", not specify any particular limit, and explain the 
tradeoffs.


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.29.0 | Report a Bug | By Email | System Status