Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt
Lishan Li <lilishan48@gmail.com> Wed, 19 October 2016 16:13 UTC
Return-Path: <lilishan48@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BF111294C0 for <dhcwg@ietfa.amsl.com>; Wed, 19 Oct 2016 09:13:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c1loIdnRtT7i for <dhcwg@ietfa.amsl.com>; Wed, 19 Oct 2016 09:13:48 -0700 (PDT)
Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 292991294ED for <dhcwg@ietf.org>; Wed, 19 Oct 2016 09:13:48 -0700 (PDT)
Received: by mail-qk0-x22b.google.com with SMTP id o68so44083517qkf.3 for <dhcwg@ietf.org>; Wed, 19 Oct 2016 09:13:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=d5PawDTjXHO0aN2nnbDKoKWGVCS+A9Hs643d4xBtgV4=; b=gxYMYu2ZrQsyifLiu8xHOmrsjYe4aGcxiexSR7/HUhx7l54Vg4uNpHbyoO1iymIxO7 OZzbOSyvLsntwyH5+zHsheF5EJf+WnhZlR4pzV3rDGHckFDyFq9Glflh+3LglLzz0l39 J4zDCTSpyowhHUs4OWGkSzl1Z3djY5VD9WIi+URFJTR/3Jffm0aBLhiR8CC76ecsTKn8 Sm7B70OPn9MCaiH0PnlOY04QfwTlddAw4XojSfhmLK7iKuKVozWoiWjoQEiCMnXgrG+n R8OoQqG5++Et417f6eSZcJ6GoLwbsczrU4ElJHCIablSr6gdUYi3PN/CjeMV9OXZT3yT U/gA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=d5PawDTjXHO0aN2nnbDKoKWGVCS+A9Hs643d4xBtgV4=; b=Cl2Xg2LTx+XfmJ0IW/1dkwgda2bvJ5AjVW59lEtN9kMeztok0jzju1NJS8SWd2vSBt hTrIqdeuCi19wy2hYaVpls7Em44Sl3oBXe2HLMJ4xznpnqQfBmIoBAHcB4uUdr820vpQ d9nLYPJ4KtS2rxw2POG6AS2So+hz3ir8xL8yyFEmFub5yJz63/x4JVVtX37/96JX7wp6 mKRLiKHzUuiYre3PaoNeRtpv+hXNdwglQFBt6tDqyFmR22Ise95tHEeC2RRGJ9dZNX16 de2xMR44r4+QIbc9YdtCShxu4qjiAEkCx0CnEEWUtyqdtWja38Hja19CZ3P6FWNavpQ7 dL9g==
X-Gm-Message-State: AA6/9RkbZgcHFDhaTF9v5cluDPkBW//PNrpzStQ2TCMqKqhZKjXddzyW2A5FahNC28KV5aS6tkN5BO4iMqvo4g==
X-Received: by 10.55.159.19 with SMTP id i19mr6728435qke.60.1476893627271; Wed, 19 Oct 2016 09:13:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.41.197 with HTTP; Wed, 19 Oct 2016 09:13:46 -0700 (PDT)
In-Reply-To: <D42CFD46.3A213%volz@cisco.com>
References: <147684844953.30770.2998767837995922327.idtracker@ietfa.amsl.com> <4eee93582e894ba1b195d1a9b027516f@XCH-ALN-003.cisco.com> <D42CFD46.3A213%volz@cisco.com>
From: Lishan Li <lilishan48@gmail.com>
Date: Thu, 20 Oct 2016 00:13:46 +0800
Message-ID: <CAJ3w4NdV0Z8-UT9FbsS-cNTBr+s4Bezf83poCoT5sjdgrty_HQ@mail.gmail.com>
To: "Bernie Volz (volz)" <volz@cisco.com>
Content-Type: multipart/alternative; boundary="001a114d38e80654dc053f3a1851"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/HhH9djpSOry9iqk5oJKtpc-Ma90>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-sedhcpv6@tools.ietf.org" <draft-ietf-dhc-sedhcpv6@tools.ietf.org>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2016 16:13:50 -0000
The size of certificate is not very large. The reason of changing one cert to multiple certs is that: Once the AlgorithmNotSupported error status code, the server has to encrypt the message with the mandatory encryption algorithm. So the certificate with the mandatory algorithm should be contained. So the number of the contained certificates is just a little. Randy and Stephen have reviewed this draft and did't not propose this problem. For this problem, maybe we can ask for their comments. Best Regards, Lishan 2016-10-19 22:44 GMT+08:00 Bernie Volz (volz) <volz@cisco.com>: > BTW: > > I haven’t looked into it myself, but I wonder whether having a > “compressed” certificate is possible (i.e., using the LZ or similar > compression (perhaps zlib) on the certificate)? Perhaps the certificates > are already in some kind of compressed format? > > There’s also an interesting question whether compressing the entire DHCPv6 > message before encrypting it has any value? That might also avoid the need > for a compressed certificate. > > The cost to doing this (cpu and code) would likely be fairly minor, but it > could avoid generating (as many) fragments on the network. > > - Bernie > > On 10/19/16, 10:04 AM, "Bernie Volz (volz)" <volz@cisco.com> wrote: > > > > >-----Original Message----- > >From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of > >internet-drafts@ietf.org > >Sent: Tuesday, October 18, 2016 11:41 PM > >To: i-d-announce@ietf.org > >Cc: dhcwg@ietf.org > >Subject: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt > > > > > >A New Internet-Draft is available from the on-line Internet-Drafts > >directories. > >This draft is a work item of the Dynamic Host Configuration of the IETF. > > > > Title : Secure DHCPv6 > > Authors : Sheng Jiang > > Lishan Li > > Yong Cui > > Tatuya Jinmei > > Ted Lemon > > Dacheng Zhang > > Filename : draft-ietf-dhc-sedhcpv6-16.txt > > Pages : 29 > > Date : 2016-10-18 > > > >Abstract: > > DHCPv6 includes no deployable security mechanism that can protect > > end-to-end communication between DHCP clients and servers. This > > document describes a mechanism for using public key cryptography to > > provide such security. The mechanism provides encryption in all > > cases, and can be used for authentication based on pre-sharing of > > authorized certificates. > > > > > >The IETF datatracker status page for this draft is: > >https://datatracker.ietf.org/doc/draft-ietf-dhc-sedhcpv6/ > > > >There's also a htmlized version available at: > >https://tools.ietf.org/html/draft-ietf-dhc-sedhcpv6-16 > > > >A diff from the previous version is available at: > >https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-sedhcpv6-16 > > > > > >Please note that it may take a couple of minutes from the time of > >submission > >until the htmlized version and diff are available at tools.ietf.org. > > > >Internet-Drafts are also available by anonymous FTP at: > >ftp://ftp.ietf.org/internet-drafts/ > > > >_______________________________________________ > >dhcwg mailing list > >dhcwg@ietf.org > >https://www.ietf.org/mailman/listinfo/dhcwg > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg >
- [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-16.txt internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-1… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-1… Lishan Li