IETF Logo Mail Archive

RE: [dhcwg] Response to IESG comments on draft-ietf-dhc-isnsoptio n-08.txt

Charles Monia <cmonia@NishanSystems.com> Sat, 30 August 2003 15:28 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA18217 for <dhcwg-archive@odin.ietf.org>; Sat, 30 Aug 2003 11:28:14 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19t7GV-00019F-KS for dhcwg-archive@odin.ietf.org; Sat, 30 Aug 2003 11:03:48 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7UF3lAs004404 for dhcwg-archive@odin.ietf.org; Sat, 30 Aug 2003 11:03:47 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19t6gb-0007aZ-4T for dhcwg-web-archive@optimus.ietf.org; Sat, 30 Aug 2003 10:26:41 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA14910 for <dhcwg-web-archive@ietf.org>; Sat, 30 Aug 2003 10:26:33 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19t6gY-0005nY-00 for dhcwg-web-archive@ietf.org; Sat, 30 Aug 2003 10:26:38 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19t6gX-0005nT-00 for dhcwg-web-archive@ietf.org; Sat, 30 Aug 2003 10:26:37 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19t648-0006Km-7y; Sat, 30 Aug 2003 09:46:56 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19sqeC-0004za-An for dhcwg@optimus.ietf.org; Fri, 29 Aug 2003 17:19:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA06192 for <dhcwg@ietf.org>; Fri, 29 Aug 2003 17:19:00 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19sqe9-0007j2-00 for dhcwg@ietf.org; Fri, 29 Aug 2003 17:19:05 -0400
Received: from ultrex.nishansystems.com ([12.36.127.195] helo=ariel.nishansystems.com) by ietf-mx with esmtp (Exim 4.12) id 19sqe8-0007fu-00 for dhcwg@ietf.org; Fri, 29 Aug 2003 17:19:04 -0400
Received: by ariel.nishansystems.com with Internet Mail Service (5.5.2653.19) id <RZCMK12Z>; Fri, 29 Aug 2003 14:18:22 -0700
Message-ID: <B300BD9620BCD411A366009027C21D9BE86EE4@ariel.nishansystems.com>
From: Charles Monia <cmonia@NishanSystems.com>
To: "'Elizabeth G. Rodriguez'" <ElizabethRodriguez@ieee.org>, Charles Monia <cmonia@NishanSystems.com>, 'Ralph Droms' <rdroms@cisco.com>, 'Steven Bellovin' <smb@research.att.com>
Cc: "'Thomas Narten (E-mail)'" <narten@us.ibm.com>, "'DHCP (E-mail)'" <dhcwg@ietf.org>, "'Ips (E-mail)'" <ips@ece.cmu.edu>, "'David Black (E-mail)'" <Black_David@emc.com>, "'Allison Mankin (E-mail)'" <mankin@isi.edu>, Joshua Tseng <jtseng@NishanSystems.com>, Kevin Gibbons <kgibbons@NishanSystems.com>
Subject: RE: [dhcwg] Response to IESG comments on draft-ietf-dhc-isnsoptio n-08.txt
Date: Fri, 29 Aug 2003 14:18:12 -0700
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>

See embedded response.

> -----Original Message-----
> From: Elizabeth G. Rodriguez [mailto:ElizabethRodriguez@ieee.org] 
> Sent: Friday, August 29, 2003 9:56 AM
> To: 'Charles Monia'; 'Ralph Droms'; 'Steven Bellovin'
> Cc: 'Thomas Narten (E-mail)'; 'DHCP (E-mail)'; 'Ips 
> (E-mail)'; 'David Black (E-mail)'; 'Allison Mankin (E-mail)'; 
> 'Joshua Tseng'; 'Kevin Gibbons'
> Subject: RE: [dhcwg] Response to IESG comments on 
> draft-ietf-dhc-isnsoption-08.txt
> 
> 
> Hi all,
> 
> I am struggling with the new wording here.
> I understand Ralph Droms' concerns, but not sure that this is 
> the right solution.  In addition, the current wording is 
> mandating use, something that in general we try to avoid in 
> IETF documents.
> 
> I have added Steve Bellovin to the distribution, and hope he 
> will comment on this proposed change -- he is the AD who 
> questioned making RFC 3118 optional.  If he is OK with the 
> proposed change to keep RFC 3118 optional, then I recommend 
> changes to the effect of:
> 
> 1) It is RECOMMENDED that RFC 3118 be implemented.  
> 
> 2) It is recommended that if RFC 3118 is available on both 
> the client and server, it be used.
> 
> Elizabeth Rodriguez
> 
> 

Here's the original text from rev 08:

===================================
[RFC3118] should be consulted to determine the requirements for
additional security measures to authenticate the iSNS option message
received by the DHCP client. If necessary, the authentication
option described in [RFC3118] should be utilized.

With regard to security considerations specific to the use of this
DHCP option for iSNS server discovery, exposure to a "man-in-themiddle"
attack by a hostile entity modifying or replacing the
original iSNS option message should be considered a potential
security exposure. If the authentication option in [RFC3118] is not
implemented, then an attacker may trick the iSNS client into
connecting into rogue iSNS servers.

If the authentication option for DHCP is not implemented and it is
determined that the potential exists for a "man-in-the-middle"
attack, then the DHCP option message for iSNS should not be
utilized.
======================

What's wrong with that?

Charles

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email