[dhcwg] RE: I-D ACTION:draft-droms-dhcp-relay-agent-ipsec-00.txt
"Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se> Mon, 28 October 2002 20:41 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28903 for <dhcwg-archive@odin.ietf.org>; Mon, 28 Oct 2002 15:41:29 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id g9SKhP016662 for dhcwg-archive@odin.ietf.org; Mon, 28 Oct 2002 15:43:25 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9SKhOv16659 for <dhcwg-web-archive@optimus.ietf.org>; Mon, 28 Oct 2002 15:43:24 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28784 for <dhcwg-web-archive@ietf.org>; Mon, 28 Oct 2002 15:37:40 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9SKb8v15998; Mon, 28 Oct 2002 15:37:08 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id g9SKZ1v15800 for <dhcwg@optimus.ietf.org>; Mon, 28 Oct 2002 15:35:01 -0500
Received: from imr2.ericy.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28580 for <dhcwg@ietf.org>; Mon, 28 Oct 2002 15:32:34 -0500 (EST)
Received: from mr5.exu.ericsson.se (mr5att.ericy.com [138.85.224.141]) by imr2.ericy.com (8.11.3/8.11.3) with ESMTP id g9SKYtW22610; Mon, 28 Oct 2002 14:34:55 -0600 (CST)
Received: from eamrcnt761.exu.ericsson.se (eamrcnt761.exu.ericsson.se [138.85.133.39]) by mr5.exu.ericsson.se (8.11.3/8.11.3) with ESMTP id g9SKYs619988; Mon, 28 Oct 2002 14:34:55 -0600 (CST)
Received: by eamrcnt761.exu.ericsson.se with Internet Mail Service (5.5.2656.59) id <41PBJK89>; Mon, 28 Oct 2002 14:34:54 -0600
Message-ID: <A1DDC8E21094D511821C00805F6F706B04AF93AB@eamrcnt715.exu.ericsson.se>
From: "Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se>
To: rdroms@cisco.com
Cc: dhcwg@ietf.org
Date: Mon, 28 Oct 2002 14:33:53 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C27EC1.53EE71DE"
Subject: [dhcwg] RE: I-D ACTION:draft-droms-dhcp-relay-agent-ipsec-00.txt
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Ralph: Looks like you've been a bit busy! Regarding this draft, does it make sense when multiple relays are involved to disallow (MUST?) a relay agent from forwarding using IPSec if the relay received the relayed client message without IPSec? (This might also have been a good restriction to add to the DHCPv6 specification.) One potential issue with this is that it would require code changes in the relay or some filtering rules in the stack to assure non-protected relay messages are not processed. But if you don't have it, security could easily be compromised since an attacker can just set up a relay-chaining arrangement. Note that by your description in Section 4, this is already stated but perhaps not as clearly as it should be. Also, we should move to make this a Working Group item. Any objections? - Bernie -----Original Message----- From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org] Sent: Monday, October 28, 2002 6:27 AM Subject: I-D ACTION:draft-droms-dhcp-relay-agent-ipsec-00.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Use of IPsec for Securing DHCPv4 Messages Exchanged Between Relay Agents and Servers Author(s) : R. Droms Filename : draft-droms-dhcp-relay-agent-ipsec-00.txt Pages : 4 Date : 2002-10-25 'DHCP Relay Agent Information Option' (RFC 3046) assumes that DHCP messages exchanged between relay agents and servers are not subject to attack. This document describes how IPsec can be used to protect messages exchanged between relay agents and servers. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-droms-dhcp-relay-agent-ipsec-00.txt To remove yourself from the IETF Announcement list, send a message to ietf-announce-request with the word unsubscribe in the body of the message. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-droms-dhcp-relay-agent-ipsec-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-droms-dhcp-relay-agent-ipsec-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" or a MIME-compliant mail reader. Different MIME-compliant mail readers exhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been split up into multiple messages), so check your local documentation on how to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
- [dhcwg] RE: I-D ACTION:draft-droms-dhcp-relay-age… Bernie Volz (EUD)
- [dhcwg] RE: I-D ACTION:draft-droms-dhcp-relay-age… Ralph Droms
- [dhcwg] RE: I-D ACTION:draft-droms-dhcp-relay-age… Bernie Volz (EUD)