Re: [dhcwg] Martin Duke's Discuss on draft-ietf-dhc-v6only-05: (with DISCUSS and COMMENT)
"Ms. Li HUANG" <bleuoisou@gmail.com> Thu, 30 July 2020 08:30 UTC
Return-Path: <bleuoisou@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 231CA3A0FAA; Thu, 30 Jul 2020 01:30:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wp6jcNoRvz5b; Thu, 30 Jul 2020 01:30:31 -0700 (PDT)
Received: from mail-il1-x144.google.com (mail-il1-x144.google.com [IPv6:2607:f8b0:4864:20::144]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07DE23A1157; Thu, 30 Jul 2020 01:29:55 -0700 (PDT)
Received: by mail-il1-x144.google.com with SMTP id x1so1461239ilp.7; Thu, 30 Jul 2020 01:29:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZgLy1X6y+Ihaf7fcOXV9085zAY+fRX7sKpy/tQfGb3Q=; b=P5NuLsKTmvGNO82eUgcwxeLWXfYWU4r4UivhGnBmyVU7NV4VUrUvIAxyYsUbjInzes T8JUnn32dquBmxyUbX6xdnh34W1S7XBNP0qkTANNY/XXps2hGlr1y3SR8hk9Om3UmJDa kIZu9Lz+YYTQ+XG7IgO/TObUiyJ3hr0ZHUIwGd0Mn+tPt6FxC0mYWA2VYfz1+RsCZLSj kecwtAnskfBBETNniN0J0L1Gg9bE6rHWQb/zTWwTwYbGtX6+8r49R3nu98ubpjdp9+G0 9Vp2kvMeBMXwTwtkc5tF3OKqABJX/8agCOSSQ3CNomYLLhacF+rZRgmR+TiLt7UYrwer GM+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZgLy1X6y+Ihaf7fcOXV9085zAY+fRX7sKpy/tQfGb3Q=; b=gvTGoHLY/ZdHXrsBkkiXoCsvSjBXfQ3KJT4kx8Yev7235cw7KlVTIwY2GEjmMZ+IEb dq/iGWIaSJnsQ7RKxBtvjyz1eHMiyVj94fiPhlHzdP94KhAQhtpcYIG/YtKSc9O2HXtD 0b0lfigYAmeHGA+HnvgjplCK5JR4CCD/mP6NLmM2tsffqM4E+gzW8ddVQVKFp4cfQ2qO 9R3dJnraEC09ooml36E1MIcUJMHg1I0acNYCIUu2mAPcAXAwD1rMb/oMYZZtWHGW2u29 3kNlFA5nXyToSrFnvLlBGmt/G2bGtjnsj/sSsetA8CcWXIt0v4nGIpSPo1I3flG72e92 dn4w==
X-Gm-Message-State: AOAM531oleNHjCbM92bKB9140g5hvdQ3rU4GJEUmE0MAEBdILWQXc7pU j1Pll+SE8tOl6+H1AlFP1TbztT7kiNazbxlYrAc=
X-Google-Smtp-Source: ABdhPJx5El75l5cfzl48aUOYHdGzHo49LBKeaon3OS1DtaS/AlxJXiS4drBRzPot4kfWHWWZiaqP8k5sND2nWOUIeOI=
X-Received: by 2002:a92:d3ce:: with SMTP id c14mr10091775ilh.16.1596097795172; Thu, 30 Jul 2020 01:29:55 -0700 (PDT)
MIME-Version: 1.0
References: <159606370302.11342.6386305944714261698@ietfa.amsl.com> <CAFU7BATqgZBJs5MaE-C9b6N28=bFS1m4rJQxpVEYX3y29NOFRg@mail.gmail.com> <CAM4esxSGf8fnnMn_JJqPjyns2+jG9nbPXH8ewo_eV0Qra-2u4w@mail.gmail.com> <CAFU7BASLzWfXLxtLWtYn1nsuW7CMnPNwe_X4yK976dt908a5KQ@mail.gmail.com>
In-Reply-To: <CAFU7BASLzWfXLxtLWtYn1nsuW7CMnPNwe_X4yK976dt908a5KQ@mail.gmail.com>
From: "Ms. Li HUANG" <bleuoisou@gmail.com>
Date: Thu, 30 Jul 2020 16:29:43 +0800
Message-ID: <CAGGiuEbVAaraYBFKWM4H1WdDffT+mk=PYSX+Th-tRiYL3NYtUQ@mail.gmail.com>
To: Jen Linkova <furry13@gmail.com>
Cc: Martin Duke <martin.h.duke@gmail.com>, draft-ietf-dhc-v6only@ietf.org, dhc-chairs@ietf.org, "Bernie Volz (volz)" <volz@cisco.com>, dhcwg <dhcwg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001bae2205aba47ad2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/Qkdv4olTXg1aXlPPTm7xLw9FIVo>
Subject: Re: [dhcwg] Martin Duke's Discuss on draft-ietf-dhc-v6only-05: (with DISCUSS and COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2020 08:30:33 -0000
July 30 2020 S8 ipv6 only at changed , or perhaps dynamically mac alternative status, how the current dhcpv6 workaround ? Example 2019 to 2020 ipcfg has had 2 lladd defaulted gateway on the endpoint after the modem.isp which is suspected copying external route_device mac interface, included the modem device supplier and mim... ISP, DEVICE SUPPLIERS ...NONE WARRANTY UNIQUE MAC.INT TIME, HOW TO MOVE IN IPv6 SECURE ENV.? Sincerely Li HUANG On Thu, Jul 30, 2020, 11:47 Jen Linkova <furry13@gmail.com> wrote: > On Thu, Jul 30, 2020 at 1:09 PM Martin Duke <martin.h.duke@gmail.com> > wrote: > > >> How about we change the first paragraph of the Security Considerations > >> (https://tools.ietf.org/html/draft-ietf-dhc-v6only-05#section-6) to: > >> > >> "An attacker might send a spoofed DHCPOFFER containing IPv6-only > >> Preferred option with the value field set to 0xffffffff, disabling > >> DHCPv4 on clients supporting the option. If the network is IPv4-only > >> such clients would lose connectivity, while on a dual-stack network > >> without NAT64 service only connectivity to IPv4-only destinations > >> would be affected. The recovery would require triggering a network > >> attachment event. However it should be noted that if the network does > >> not provide protection from a rogue DHCPv4 server the similar attack > >> vector can be executed by setting the Lease Time option value field to > >> 0xffffffff. The latter attack would also affect hosts without > >> IPv6-only Preferred option support. Therefore the security measures > >> against rogue DHCPv4 servers would be sufficient to prevent the > >> attacks specific to IPv6-only Preferred option." > > > > > > I would be satisfied with that additional text to close the DISCUSS. > > Great, the text above will be added to -06 which I'll submit close to > the next Telechat date so more feedback could be incorporated. > > >> > Sec 3.1 In client-generated messages, what is in the "Value field"? I > presume > >> > this is one of those "client MUST set to zero and server MUST ignore" > cases? > >> > >> The client does not send the full option. The client includes the > >> option code into the Parameter Request List option (see > >> https://tools.ietf.org/html/draft-ietf-dhc-v6only-05#section-3.2). > >> > > > > Oh wow, that is very subtly worded so I totally missed that. Sorry! If > this is very much the pattern for other DHCP options (client uses a code, > server has a full option) then carry on; if it's not the pattern, a little > text in version 3.1 that only servers send this would be helpful. > > I've updated the Code field description in Section 3.1 with the following > text: > "The client includes the Code in the Parameter Request List in > DHCPDISCOVER and DHCPREQUEST messages as described in Section 3.2." > > I hope this text makes it more explicit that the client is not sending > the full option. > > -- > SY, Jen Linkova aka Furry > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg >
- [dhcwg] Martin Duke's Discuss on draft-ietf-dhc-v… Martin Duke via Datatracker
- Re: [dhcwg] Martin Duke's Discuss on draft-ietf-d… Jen Linkova
- Re: [dhcwg] Martin Duke's Discuss on draft-ietf-d… Jen Linkova
- Re: [dhcwg] Martin Duke's Discuss on draft-ietf-d… Ms. Li HUANG
- Re: [dhcwg] Martin Duke's Discuss on draft-ietf-d… Lorenzo Colitti
- Re: [dhcwg] Martin Duke's Discuss on draft-ietf-d… Jen Linkova