Re: SAVA arguments (Was: Re: [Int-area] Re: [dhcwg] Discussion of dhc WGrecharteringforDHCPauthentication)
Richard Pruss <ric@cisco.com> Sun, 02 December 2007 22:52 UTC
Return-path: <dhcwg-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iyxfk-0002oz-1I; Sun, 02 Dec 2007 17:52:24 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iyxfh-0002eg-Tf; Sun, 02 Dec 2007 17:52:21 -0500
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Iyxfh-0004A5-CD; Sun, 02 Dec 2007 17:52:21 -0500
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 02 Dec 2007 14:52:20 -0800
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id lB2MqKFP022637; Sun, 2 Dec 2007 14:52:20 -0800
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id lB2MqKqZ017770; Sun, 2 Dec 2007 22:52:20 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 2 Dec 2007 14:52:20 -0800
Received: from Rics-MacBook-Pro.local ([10.21.120.138]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 2 Dec 2007 14:52:19 -0800
Message-ID: <4753370C.2080506@cisco.com>
Date: Mon, 03 Dec 2007 08:51:56 +1000
From: Richard Pruss <ric@cisco.com>
Organization: Cisco Systems
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8.0.8) Gecko/20061025 Thunderbird/1.5.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
To: Jari Arkko <jari.arkko@piuha.net>
Subject: Re: SAVA arguments (Was: Re: [Int-area] Re: [dhcwg] Discussion of dhc WGrecharteringforDHCPauthentication)
References: <0MKp8S-1Is4bk42Da-0005t9@mrelay.perfora.net> <473A31FF.20504@cisco.com> <474ED26F.8080705@piuha.net>
In-Reply-To: <474ED26F.8080705@piuha.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 02 Dec 2007 22:52:19.0989 (UTC) FILETIME=[FE877C50:01C83535]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1295; t=1196635940; x=1197499940; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ric@cisco.com; z=From:=20Richard=20Pruss=20<ric@cisco.com> |Subject:=20Re=3A=20SAVA=20arguments=20(Was=3A=20Re=3A=20[Int-area]=20Re= 3A=20[dhcwg]=20Discussion=20of=0A=20dhc=20WGrecharteringforDHCPauthenticat ion) |Sender:=20; bh=lti5Cdcbl8XxP1P1wD13v5VG6ZNh5t0wLO4bLfIQF2w=; b=cokWX9zN1d9r/kWw2WvYz/C4oWMUYCJ62PH+48Q/ppi083bYoBdcFU+IB0srIB+/siaUGJ5/ CbB399+Ak9/cBEhRKMleh24KXLgORGfB6sxMKeLkogdS6486SNlV5tdd;
Authentication-Results: sj-dkim-2; header.From=ric@cisco.com; dkim=pass (sig from cisco.com/sjdkim2002 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Cc: dhcwg@ietf.org, 'Internet Area' <int-area@ietf.org>
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: ric@cisco.com
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org
Jari Arkko wrote, around 30/11/07 12:53 AM: > Ric, Alper, > > "SAVA" as in the IETF effort? Or the specific approach that DSL networks > use to guard against address spoofing? I think the latter... lets keep > the SAVA arguments out of this discussion. There's a BOF in this IETF > about this, and it is far too early to state anything about the end > results. But so far all the designs we have talked about in that group > for IPv6 have involved support for both stateless and DHCP. > Jari the "SAVA" argument is not really about "SAVA" in the IETF but the fact that DHCP Authentication uses the Source IP Spoofing protections in Access Nodes to protect the layer 2 network as well as authenticate the IP session the layer 3 edge. DHCP authentication protects the layer 2 which can be very large in some DSL networks from unauthenticated sessions where other proposals would need some additional protocol or changes to the access nodes to secure them from malicious unauthenticated sessions. The mechanism is that access nodes only introduce ARP entries into their APP tables they snooped from DHCP. Thus with DHCP authentication if you do not authenticate you cannot attack other services or end-devices on your layer 2. - Ric > Jari > _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- RE: [Int-area] Re: [dhcwg] Discussion of dhc WG r… Alper Yegin
- RE: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Alper Yegin
- Re: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Richard Pruss
- RE: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Peter Arberg
- RE: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Alper Yegin
- Re: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Richard Pruss
- RE: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Alper Yegin
- Re: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Alexandru Petrescu
- RE: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Alper Yegin
- Re: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Shin Miyakawa
- Re: [Int-area] Re: [dhcwg] Discussion of dhc WGre… Shin Miyakawa
- SAVA arguments (Was: Re: [Int-area] Re: [dhcwg] D… Jari Arkko
- Re: SAVA arguments (Was: Re: [Int-area] Re: [dhcw… Richard Pruss