IETF Logo Mail Archive

Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-10.txt

神明達哉 <jinmei@wide.ad.jp> Thu, 25 February 2016 17:53 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A4A81B2F0E; Thu, 25 Feb 2016 09:53:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id do3RSE2mugaQ; Thu, 25 Feb 2016 09:53:30 -0800 (PST)
Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D3401B2EFF; Thu, 25 Feb 2016 09:53:30 -0800 (PST)
Received: by mail-ig0-x233.google.com with SMTP id hb3so18338468igb.0; Thu, 25 Feb 2016 09:53:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=PEbmYWNVhqCBhD4XIO1Mvqoai2hFoqGFdGjcw7qp/TI=; b=vPyEVrrSRCvZomZ4zlkylflBFSqf7csSOZJ+wSLygTCiVnpA5aX88Dieh+tQ9ee9A1 346tFieQBAApddIXT++SliO1NgRIX9uveifXamSS5SGr6+kBmCij/X7Aqxon5/40ItYM ICzr+FJKTRfxejyaJleJTxc+DDTG07H6SjrPgzeFSz+HiZVqBTTkxOCMqPq/YoSqDW+q piVV2Ph19n5F8SQHcFopk1Mnnuu3YObT7pn1Ak9sebQc6Zn9U0nq8x/vbaCJGyrg9Fp9 hE9nu8AnqqA5O6HS4/1cPiWd1AGG5aOGuf0KJlKizeVwEYa8/klu+7cozv1NsRDFI+De eosw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=PEbmYWNVhqCBhD4XIO1Mvqoai2hFoqGFdGjcw7qp/TI=; b=ZAWZf583xzfT96k/q4LVMSaxjxOOb98Dh9w+36s8cOTghY9/EYwjA2AiqR1EyqP+0e d08JJh520wK0nOv7FUJG4OdbWD2VwboMmZi2XqDCgXB4IneBfvqv1OTUXzAxTPD+ouME JK5W+k1wmcskMKGHQe6xKWUZvVET2FNOmunEbrPZjn6zKFpfqaXWeNsWpcpbdzOti9Nj miVGt9aFU0tX9jVROUnwz3ZpEsGi1iss+ECoa5ZGrKaCkZsI5EcTZSWzBX0oZtdQf/8Z mTBVUlUwSh2Dmz32NOCHCYqZkhsPzQ7RsfL/nRmoiC9E3aKpID7YkTpm8Aeb2GLHKRIm FQ2g==
X-Gm-Message-State: AG10YORptUCHedCzT+l+tioVcceUyRBRmwHZoUtUcKn1kkwaLzYWwuT8haGgEW9ZEVDZqDQYJgZp855Gp6ZBXg==
MIME-Version: 1.0
X-Received: by 10.50.150.106 with SMTP id uh10mr3267834igb.41.1456422809470; Thu, 25 Feb 2016 09:53:29 -0800 (PST)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.169.35 with HTTP; Thu, 25 Feb 2016 09:53:29 -0800 (PST)
In-Reply-To: <CAJ3w4Nd+PbmQ3+fXGgMZHrh3NNejZmBaV0ytECjRc5KJ57HzPw@mail.gmail.com>
References: <CAJE_bqdZTc57BGzVq8-EaOa7kT2ME9_3bXNKFr0WGk_MzLNOBQ@mail.gmail.com> <CAJ3w4NermaJtDzf3V4+WQcpJ5kEdWX6RQ9CyWiFmOmKw8+QZSQ@mail.gmail.com> <CAJE_bqc+1=CT66f88tB_DbavBmvnnYcK3a+LR_OwUWu_O-WnVw@mail.gmail.com> <CAJ3w4Ne8rU-cnvNqeM0x0PFw+mAD-TEmyegOJDgQuCiccFY2hg@mail.gmail.com> <CAJE_bqdBqjSG0UnGuKfjtQMB-Rp81pU7n_+Eq_Fb=yar+673hA@mail.gmail.com> <CAJ3w4NcmG18puJpzPFFvn4U8P7eQwh2WeMvcvH+UJHNPQd_BRw@mail.gmail.com> <CAJE_bqc9JHcUGCGW9VSPrHTBUe4tKowh9OHVbUA1qWwanWyYBg@mail.gmail.com> <CAJ3w4Nd+PbmQ3+fXGgMZHrh3NNejZmBaV0ytECjRc5KJ57HzPw@mail.gmail.com>
Date: Thu, 25 Feb 2016 09:53:29 -0800
X-Google-Sender-Auth: fw7WbAReCJTE-Mf9vYCk9tocKWo
Message-ID: <CAJE_bqdH_0G+2RWz8H4k8qsgK3iSHrzKnMG+jP-Kjp7Ka5rtjw@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Lishan Li <lilishan48@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/LExAieUjekIJWRy8I8wuIdSbiYA>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, draft-ietf-dhc-sedhcpv6@ietf.org
Subject: Re: [dhcwg] comments on draft-ietf-dhc-sedhcpv6-10.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 17:53:31 -0000

At Thu, 25 Feb 2016 20:45:16 +0800,
Lishan Li <lilishan48@gmail.com> wrote:

> > Okay.  So focusing on the Reply message (#2): my point was:
> >
> > - in effect, its only content is the certificate (or public key).
> > - the recipient is already expected to validate this only content
> >   directly (by comparing it with locally pre-configured info, by using
> >   a PKI, etc), so we do not necessarily need to provide additional
> >   integrity protection for it by signing the message.
> > - on the other hand, if we eliminate the signing and the signature
> >   option from this, we'll completely eliminate this option from the
> >   protocol.  This will help make the protocol simpler and reduce
> >   development costs.
> >
> > If you still disagree, perhaps it helps if you can show a specific
> > attack vector because of the lack of the signature.
> >
> > [LS]: Agree. But if we don't need the signature option, then the timestamp
> option makes no sense, which is used to defend against anti-replay
> attack before.

For #2, correct.  We'll still need the timestamp option, though, for
the anti-reply protection of encrypted messages. (We might be able to
make it simpler such as a trivial sequence number, exploiting the fact
that the message is encrypted.  In that sense, it may not have to be a
"time stamp").

> > > Right, but this argument also holds even if we have TOFU...
[...]
> > > > [LS]: In consideration of the support of TOFU and the add of all such
> > > discussions and consensus, the better way for us is to add the public key
> > > option as the before secure DHCPv6 version.
> > > Am I correct?
> >
> > No, I just didn't see why the public key option was removed (the
> > explanation regarding TOFU didn't make sense to me).  As I already
> > said, I'm not necessarily opposed to removing it if there's a
> > convincing reason that can outweigh its cons.
> >
> > [LS]: The self-signed certificate is the argument of the remove of the
> public
> key option. And we also need to supply some text to illustrate that it can
> outweigh its cons. For the drawback of the method, the size of the DHCPv6
> message is increased when we actually only need the public key, not the
> certificate. However, the size of the X.509 certificate is not very large,
> such as 1KB, which will not cause IPv6 fragment and other problem.

Repeating my previous point just to make it sure that we are on the
same page: the argument that a self-signed certificate should make a
public key option redundant isn't new in our recent changes.  So I'd
wonder why we are now bothering it.  If this is a completely new
attempt of cleanup, I suggest making it very clear (i.e., it has
nothing to do with mandated encryption etc) and discussing it
accordingly.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email