[dhcwg] Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-03.txt
李丽姗 <lilishan48@gmail.com> Mon, 31 August 2015 14:59 UTC
Return-Path: <lilishan48@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6045A1B491D for <dhcwg@ietfa.amsl.com>; Mon, 31 Aug 2015 07:59:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.449
X-Spam-Level:
X-Spam-Status: No, score=-1.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTV6fHJth-JU for <dhcwg@ietfa.amsl.com>; Mon, 31 Aug 2015 07:59:07 -0700 (PDT)
Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C86B1B4CEF for <dhcwg@ietf.org>; Mon, 31 Aug 2015 07:59:07 -0700 (PDT)
Received: by lbbsx3 with SMTP id sx3so62054036lbb.0 for <dhcwg@ietf.org>; Mon, 31 Aug 2015 07:59:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=vFgCxZgL9fgO3bl8G7+vUDFTj+qUg2Lv06BgvfiJn/0=; b=QmQ4jO8DTG0x6th8g9mzkJiOnEmtd4T5MzK+5ZyNHdAOOnS7FX0lDfrvIOakSG966D q7BwYleyrUEv54iuNL+zNZKA9nUX702ekdWDu4OYSqBuftfN3GYui8EyL9f5jLYVEy+D nC+SsfsNej6xrzjtiOYr6V5iov0CSql1uTyBOSGCoslMe+wbel1SvhxRROXmxkg/7Kxy e8D4FpV1lC9hQWCv/3kIkewLKjl/b+SpE/f5YRPCvDcx6kyLGzhUAG/lV4+Vxeoj12d5 zaRQbnPgGuJ1PZ64dcvU2GcDtkjt+jIG4qgLaRGiGsMJFNrCcY4Jz0l8jO2Z1cXb6ZKo RWbg==
MIME-Version: 1.0
X-Received: by 10.112.118.19 with SMTP id ki19mr10651037lbb.108.1441033145609; Mon, 31 Aug 2015 07:59:05 -0700 (PDT)
Received: by 10.114.49.202 with HTTP; Mon, 31 Aug 2015 07:59:05 -0700 (PDT)
Date: Mon, 31 Aug 2015 22:59:05 +0800
Message-ID: <CAJ3w4NdKzvDzFdH2jEmNHuqv9Cq9yZOKD2ixnkdxizd-DkNFxQ@mail.gmail.com>
From: 李丽姗 <lilishan48@gmail.com>
To: dhcwg@ietf.org
Content-Type: multipart/alternative; boundary="047d7bfd001ec0f35b051e9cacd5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/NUI2upCRdRvVyYm9iSdl26WW4mY>
Subject: [dhcwg] Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-03.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Aug 2015 14:59:09 -0000
Dear all, we have submitted a new version of the draft-cui-dhc-dhcpv6-encryption-03.txt. In this version, we add some text about the deployment consideration according to the saag comments. We have discuss the draft on the saag mail list (http://www.ietf.org/mail-archive/web/saag/current/threads.html). Thanks for the constructive comments from many secure area experts, including Stephen Farrell, Randy Bush. The most important concern is regarding to the deployment/applicability consideration. Stephen Farrell suggested us to use TOFU. TOFU calls for accepting and storing a certificate associated with an asserted identity, without authenticating that assertion. And finally we have almost reach an agreement to use TOFU. Although there are cases such as enterprise case, the TOFU cannot work well. But we think that it provide better assurance than we have today. Could you please review the draft and any comments are welcome. Best Regards, Lishan -------- Forwarding messages -------- From: internet-drafts@ietf.org Date: 2015-08-31 11:28:42 To: "Jianping Wu" <jianping@cernet.edu.cn>,"Yiu Lee" < yiu_lee@cable.comcast.com>,"Yong Cui" <yong@csnet1.cs.tsinghua.edu.cn>,"Lishan Li" <lilishan9248@126.com>,"Jianping Wu" <jianping@cernet.edu.cn>,"Lishan Li" <lilishan9248@126.com>,"Yiu Lee" <yiu_lee@cable.comcast.com>,"Yong Cui" <yong@csnet1.cs.tsinghua.edu.cn> Subject: New Version Notification for draft-cui-dhc-dhcpv6-encryption-03.txt A new version of I-D, draft-cui-dhc-dhcpv6-encryption-03.txt has been successfully submitted by Lishan Li and posted to the IETF repository. Name: draft-cui-dhc-dhcpv6-encryption Revision: 03 Title: Authentication and Encryption Mechanism for DHCPv6 Document date: 2015-08-30 Group: Individual Submission Pages: 10 URL: https://www.ietf.org/internet-drafts/draft-cui-dhc-dhcpv6-encryption-03.txt Status: https://datatracker.ietf.org/doc/draft-cui-dhc-dhcpv6-encryption/ Htmlized: https://tools.ietf.org/html/draft-cui-dhc-dhcpv6-encryption-03 Diff: https://www.ietf.org/rfcdiff?url2=draft-cui-dhc-dhcpv6-encryption-03 Abstract: The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) enables DHCPv6 servers to configure network parameters. However, due to the unsecured nature, various critical identifiers used in DHCPv6 are vulnerable to several types of attacks, particularly pervasive monitoring. This document provides a mechanism to secure DHCPv6 messages, which achieves the server authentication and encryption between the DHCPv6 client and server. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat