Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-03.txt

"Bernie Volz (volz)" <volz@cisco.com> Tue, 07 February 2017 15:50 UTC

Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 234F0129C9C for <dhcwg@ietfa.amsl.com>; Tue, 7 Feb 2017 07:50:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.522
X-Spam-Level:
X-Spam-Status: No, score=-14.522 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CP-EMTarQ_eR for <dhcwg@ietfa.amsl.com>; Tue, 7 Feb 2017 07:50:34 -0800 (PST)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 895561279EB for <dhcwg@ietf.org>; Tue, 7 Feb 2017 07:50:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2428; q=dns/txt; s=iport; t=1486482634; x=1487692234; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=nzfIi6qibazMGKKido2bQ7S0BBJEPI3GclNRxHuQKaI=; b=kamonF9THQbEVvBGnVuRHICpoN++t4u0pmxUFFo9SX6AeIM5kuDfHI65 uR/htpH2I+XaoPmchn93ad+/kNSgXMEOUBbmPTveAw13VgEqiUyKlWALq QV02ZyxgLfbPu+RF4ywPUW1MmQFB09NxlWiTPcs/0q4Cy+LWkKvDAAfKB I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AYAQCF7JlY/5pdJa1dGQEBAQEBAQEBAQEBBwEBAQEBg1FhgQkHjVmSD5U2ggwfDYV2AoJSPxgBAgEBAQEBAQFiHQuEaQEBAQQBATg0FwQCAQgRBAEBHwkHJwsUCQgCBBMIiWsOshCLWgEBAQEBAQEBAQEBAQEBAQEBAQEBAR2LO4MXgSABAQVIhTMFm2sBhmmLG4IEU4REiXGIKYplAR84fk8VGCSGQnUBhkaBIYEMAQEB
X-IronPort-AV: E=Sophos;i="5.33,346,1477958400"; d="scan'208";a="205772382"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2017 15:50:05 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v17Fo4ok020356 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for <dhcwg@ietf.org>; Tue, 7 Feb 2017 15:50:04 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Tue, 7 Feb 2017 09:50:04 -0600
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Tue, 7 Feb 2017 09:50:04 -0600
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-03.txt
Thread-Index: AQHSgVk+uhY2BNPi5ESs9BBChIwpqaFdr+Yw
Date: Tue, 07 Feb 2017 15:50:04 +0000
Message-ID: <1087f7cb6aad4840bdbe17757b8579c8@XCH-ALN-003.cisco.com>
References: <148648233413.16188.1096005061921603374.idtracker@ietfa.amsl.com>
In-Reply-To: <148648233413.16188.1096005061921603374.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.131.32.56]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/Nqoorlv_SgYAz_ps02pfhQAlTAk>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-03.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 15:50:36 -0000

Hi:

This update is based on the Int-Dir review (https://www.ietf.org/iesg/directorate/intarea.html)  and fixes a few nits and adjusts the text in section 3 (first paragraphs).

For more details, see https://www.ietf.org/mail-archive/web/dhcwg/current/msg17859.html and the discussion related to this review.

- Bernie

-----Original Message-----
From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org
Sent: Tuesday, February 07, 2017 10:46 AM
To: i-d-announce@ietf.org
Cc: dhcwg@ietf.org
Subject: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-03.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Dynamic Host Configuration of the IETF.

        Title           : Security of Messages Exchanged Between Servers and Relay Agents
        Authors         : Bernie Volz
                          Yogendra Pal
	Filename        : draft-ietf-dhc-relay-server-security-03.txt
	Pages           : 8
	Date            : 2017-02-07

Abstract:
   The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) has no
   guidance for how to secure messages exchanged between servers and
   relay agents.  The Dynamic Host Configuration Protocol for IPv6
   (DHCPv6) states that IPsec should be used to secure messages
   exchanged between servers and relay agents, but does not require
   encryption.  And, with recent concerns about pervasive monitoring and
   other attacks, it is appropriate to require securing relay to relay
   and relay to server communication for DHCPv6 and relay to server
   communication for DHCPv4.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-server-security/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-dhc-relay-server-security-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-relay-server-security-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg