IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18

Sheng Jiang <jiangsheng@huawei.com> Thu, 08 May 2014 08:57 UTC

Return-Path: <jiangsheng@huawei.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 241BE1A04A7 for <dhcwg@ietfa.amsl.com>; Thu, 8 May 2014 01:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.552
X-Spam-Level:
X-Spam-Status: No, score=-4.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mIbQ0ByBSsOb for <dhcwg@ietfa.amsl.com>; Thu, 8 May 2014 01:57:22 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 2121A1A04A3 for <dhcwg@ietf.org>; Thu, 8 May 2014 01:57:20 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml203-edg.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BGN28561; Thu, 08 May 2014 08:57:16 +0000 (GMT)
Received: from LHREML405-HUB.china.huawei.com (10.201.5.242) by lhreml203-edg.huawei.com (172.18.7.221) with Microsoft SMTP Server (TLS) id 14.3.158.1; Thu, 8 May 2014 09:55:33 +0100
Received: from NKGEML404-HUB.china.huawei.com (10.98.56.35) by lhreml405-hub.china.huawei.com (10.201.5.242) with Microsoft SMTP Server (TLS) id 14.3.158.1; Thu, 8 May 2014 09:57:12 +0100
Received: from NKGEML512-MBX.china.huawei.com ([169.254.7.206]) by nkgeml404-hub.china.huawei.com ([10.98.56.35]) with mapi id 14.03.0158.001; Thu, 8 May 2014 16:57:01 +0800
From: Sheng Jiang <jiangsheng@huawei.com>
To: 神明達哉 <jinmei@wide.ad.jp>
Thread-Topic: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
Thread-Index: AQHPY9fqOkQX2Up+wk+VaPjsYGUK15sp5cSAgAlKLTCAAZYjAIABm4uA
Date: Thu, 08 May 2014 08:56:59 +0000
Message-ID: <5D36713D8A4E7348A7E10DF7437A4B923AE442FD@nkgeml512-mbx.china.huawei.com>
References: <535FEDAD.5010103@gmail.com> <CAJE_bqen37j5UCsKZj6syVyvk2Xed4V_xGp-t4xY8shjmS+H5g@mail.gmail.com> <5D36713D8A4E7348A7E10DF7437A4B923AE43272@nkgeml512-mbx.china.huawei.com> <CAJE_bqe75D7oRJq=XmjPR9Dfvu3-AcL8kF9Pkm3JEOVsyxhr5A@mail.gmail.com>
In-Reply-To: <CAJE_bqe75D7oRJq=XmjPR9Dfvu3-AcL8kF9Pkm3JEOVsyxhr5A@mail.gmail.com>
Accept-Language: en-GB, zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.98.145]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/L0keuQYsEtTnUeQK3WpWMr7ldeQ
Cc: dhcwg <dhcwg@ietf.org>, Ted Lemon <ted.lemon@nominum.com>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 May 2014 08:57:24 -0000

Hi, Jinmei,

In the common scenario that we expect, the leap of faith model is not deployed independent. In the deployment of secure DHCPv6 server, the server serves three types of clients: 1) full authenticated clients, 2) clients trusted by leap of faith model, 3) un-authenticated clients. Hence, the clients are in different class for limited resource assignment and access priority. It provides fine-grained client management.

Regards,

Sheng + Dacheng

>-----Original Message-----
>From: jinmei.tatuya@gmail.com [mailto:jinmei.tatuya@gmail.com] On Behalf
>Of 神明達哉
>Sent: Wednesday, May 07, 2014 11:35 PM
>To: Sheng Jiang
>Cc: Tomek Mrugalski; dhcwg
>Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May
>18
>
>At Tue, 6 May 2014 07:36:34 +0000,
>Sheng Jiang <jiangsheng@huawei.com> wrote:
>
>> >- In Section 6.2:
>> >
>> >   On the recipient that supports the leap of faith model, the number of
>> >   cached public keys or unverifiable certificates MUST be limited in
>> >   order to protect against resource exhaustion attacks.  If the
>> >
>> >  This is mainly concerned about servers, correct?  If so, I'm not
>> >  sure how severe this "attacks" are; DHCP servers generally need to
>> >  maintain some state for each client (unless that's stateless only
>> >  server) and would naturally already have some limitation on that
>> >  resource.  Shouldn't the general defense be enough for this
>> >  particular resource, too?
>>
>> The "MUST" here seems not proper. Let us replace is with "MAY". It makes
>this point optional and should address your concern.
>
>I don't think my main point is MUST vs MAY.  It's about a more
>general point of authenticating messages from clients to servers:
>
>- whether we really need (public key) authentication in that
>  direction, and if we do, why
>
>- also if we do, what's the commonly expected model of "trust anchor":
>  leap of faith or use of CA or something else, and if it's more
>  likely to be a weaker model like leap of faith (I suspect so, for
>  the direction of clients to servers), whether the motivation (1st
>  bullet) is worth the weaker security
>
>- and, if it's more likely to rely on leap of faith, what kind of
>  consideration is needed
>
>The discussion on caching the public keys is just a part of the third
>bullet.  What I'm missing in the current draft is more comprehensive
>and higher level discussions on all of these points.  It's far from
>obvious to me compared to authenticating messages from servers to
>clients.
>
>--
>JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email