IETF Logo Mail Archive

Re: [dhcwg] draft-wkumari-dhc-addr-notification and the secops problem

Michael Richardson <mcr+ietf@sandelman.ca> Mon, 15 August 2022 14:12 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2720EC1524B2 for <dhcwg@ietfa.amsl.com>; Mon, 15 Aug 2022 07:12:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.706
X-Spam-Level:
X-Spam-Status: No, score=-1.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JbVzNoiRkz0e for <dhcwg@ietfa.amsl.com>; Mon, 15 Aug 2022 07:12:27 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C69FC1524B4 for <dhcwg@ietf.org>; Mon, 15 Aug 2022 07:12:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 319C61838E; Mon, 15 Aug 2022 10:31:49 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 19hl0WrjLus0; Mon, 15 Aug 2022 10:31:44 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 0CDF418238; Mon, 15 Aug 2022 10:31:44 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sandelman.ca; s=mail; t=1660573904; bh=QIMKpOXS4p1HcOxxhTxvI4wNCLTa7K9ZbfINbOUTKQE=; h=From:To:Subject:In-Reply-To:References:Date:From; b=Lk+/EgPx8vca4O5XlPQ/ibPhxOY/2su2i+DIDrWTC/hM5leiGB2rd6PJMZCDo5Bvb 0DJOvqKdwU+Dzg1i0dIodoRhj4eFeRf8TI1HAOlyD5r+k29Qr2ZQHhzQUEavoCOVgC 5iBj2xBZjGCirF9omUyVDwQAC/T7MyEi/B6hGtAsCHHXnU2X6Z6Xf9XpNN0xOLaK26 fzKzUHSV1tc/j+/xAapxsIwbfd7Z8aMRlrLarpaYwnVlW2eIPrDTq+17mefoiKGU4w MR5JGX3CV0wne4hWS5z14Db5j56SsOSIvCbkw8HqZOkKMZ6WWggglJMapqLWE0ZZkQ H8uEvWMcrJQoQ==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id DBA8E6EE; Mon, 15 Aug 2022 10:12:14 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Lorenzo Colitti <lorenzo@google.com>, dhcwg <dhcwg@ietf.org>
In-Reply-To: <CAKD1Yr0qeQUnwZaYDr6cbdz2UrkRG1k2k+rWAWDKsAwnTs=0cg@mail.gmail.com>
References: <20220813011208.08A4A18017@tuna.sandelman.ca> <4190.1660352619@localhost> <CAKD1Yr0qeQUnwZaYDr6cbdz2UrkRG1k2k+rWAWDKsAwnTs=0cg@mail.gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Mon, 15 Aug 2022 10:12:14 -0400
Message-ID: <17205.1660572734@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/LKVIUKFSTkd9TqdmjGpRso9chT4>
Subject: Re: [dhcwg] draft-wkumari-dhc-addr-notification and the secops problem
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Dynamic Host Configuration <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2022 14:12:31 -0000

TL;DR> Let's have a virtual interim meeting, cross fertilize with 6man and
       maybe even RATS.  We need to agree on the goals.  I wouldn't want to
       wait for 115, and a BOF there would be too conflicted.

Lorenzo Colitti <lorenzo@google.com> wrote:
    > On Sat, Aug 13, 2022 at 10:03 AM Michael Richardson <mcr@sandelman.ca>
    > wrote:

    >> This document seems to require many changes to many systems.  Do I
    >> hear that Google is willing to do this for Android?  I am very
    >> enthusiastic about having better information.
    >>

    > I think Android would be willing to implement this if it became an RFC,
    > yes.

Wow.  Stateless DHCPv6 for Android.

    > Networks that are happy with SLAAC-only are not really the goal of this
    > draft. The goal is to provide some functionality to networks that
    > already use DHCPv6 for address accounting and forensics - which as Ted
    > has pointed out is an oft-cited reason for not being able to use
    > SLAAC. In practice, if this proposal were implemented in Android, then
    > virtually all implementations of interest would support some way for
    > the DHCPv6 server to know the addresses of all devices on link. Some
    > hosts would use IA_NA, some hosts would use this new message type, but
    > the DHCP server would know either way.

I'm all for this.
I am still a bit skeptical about the security of this opt-in system.

    > The reason we are proposing to do this in DHCPv6 is that it requires
    > the least amount of change in those networks compared to alternative
    > proposals such as a new ND option, "just do this in the network" (with

A new ND option is not, for me the alternative.

    > Another way would be to send the proposed DHCPv6 message along the
    >> DHCPv6-relay path.  This is very much akin to the Accounting records
    >> that radius sends.  Doing it this way links the v6 address more
    >> directly to the MAC address, while not requiring the host to actually
    >> know what it is doing.
    >>

    > Are you suggesting that the relay could send this message of its own
    > accord, based on ND cache entry snooping? I guess we could say that in
    > the draft as well. But the server then wouldn't be able to get any
    > information from the client, such as the hostname.

It's true that the hostname would be missing.
I think that the advantage of such a system from the routers is that will
catch all existing hosts, and that really does help the helpdesk *today*
Warren has demonstrated that we might even be able to get this information
without any code changes, even if it is chatty.  To me, it seems like it's a
virtuous circle here.

I'm not sure if hostnames are that relevant.  Yes, I delve into my phone
settings and give my Android phone a new 'droid name from a list of star wars
droids that I have... but for most people it's nonsense.  Enterprises
desktops tend to have asset numbers of some kind, which change when the MAC
address changes, because they are are linked together.

It would also be interesting if we could have some attestation Evidence in
the option signed by a TPM.  There might be some utility to define a new ND
nonce option to get freshness.

    >> And...if I was going to upload all the source code, the first thing
    >> I'd do is send one of these messages saying that I'm either the CEO,
    >> or the new hire, and then do it.
    >>

    > You can already do this by sending a DHCPv6 IA_NA request with a
    > spoofed DUID. We're not trying to fix that problem here. What we are
    > trying to do is get SLAAC and static addresses closer to parity with
    > DHCPv6-assigned addressing.

It sounded like there was a SECOPS problem that we did want to fix.
If I just self-assign a privacy enhanced address and don't register it, then
I win, right?  The reason to claim to be someone else is distract the
investigation.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [



--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email