RE: [dhcwg] Restrictions of information flow in leasequery messages
"Richard Barr Hibbs" <rbhibbs@pacbell.net> Wed, 14 April 2004 18:19 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA12617 for <dhcwg-archive@odin.ietf.org>; Wed, 14 Apr 2004 14:19:52 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BDot8-0000KP-SR for dhcwg-archive@odin.ietf.org; Wed, 14 Apr 2004 14:13:30 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i3EIDUsb001253 for dhcwg-archive@odin.ietf.org; Wed, 14 Apr 2004 14:13:30 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BDokL-0006Bp-Ki for dhcwg-web-archive@optimus.ietf.org; Wed, 14 Apr 2004 14:04:25 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11606 for <dhcwg-web-archive@ietf.org>; Wed, 14 Apr 2004 14:04:22 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1BDokJ-0004cT-00 for dhcwg-web-archive@ietf.org; Wed, 14 Apr 2004 14:04:23 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BDojK-0004W3-00 for dhcwg-web-archive@ietf.org; Wed, 14 Apr 2004 14:03:23 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BDoij-0004RK-00 for dhcwg-web-archive@ietf.org; Wed, 14 Apr 2004 14:02:45 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BDoRZ-0001Ei-W4; Wed, 14 Apr 2004 13:45:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BDoNs-0008Ov-II for dhcwg@optimus.ietf.org; Wed, 14 Apr 2004 13:41:12 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA10008 for <dhcwg@ietf.org>; Wed, 14 Apr 2004 13:41:10 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1BDoNq-00031h-00 for dhcwg@ietf.org; Wed, 14 Apr 2004 13:41:10 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BDoN0-0002zP-00 for dhcwg@ietf.org; Wed, 14 Apr 2004 13:40:19 -0400
Received: from smtp814.mail.sc5.yahoo.com ([66.163.170.84]) by ietf-mx with smtp (Exim 4.12) id 1BDoMY-0002wO-00 for dhcwg@ietf.org; Wed, 14 Apr 2004 13:39:50 -0400
Received: from unknown (HELO BarrH63p601) (rbhibbs@pacbell.net@64.170.116.97 with login) by smtp814.mail.sc5.yahoo.com with SMTP; 14 Apr 2004 17:39:38 -0000
Reply-To: rbhibbs@pacbell.net
From: Richard Barr Hibbs <rbhibbs@pacbell.net>
To: dhcwg@ietf.org
Subject: RE: [dhcwg] Restrictions of information flow in leasequery messages
Date: Wed, 14 Apr 2004 10:47:35 -0700
Message-ID: <EJEFKKCLDBINLKODAFMDIEPMDBAA.rbhibbs@pacbell.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Importance: Normal
In-Reply-To: <002e01c41e4f$cf1de8b0$6401a8c0@amer.cisco.com>
Content-Transfer-Encoding: 7bit
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
comments in-line --Barr > -----Original Message----- > From: Bernie Volz > Sent: Friday, 09 April 2004 09:29 > > Perhaps a solution is that a server always has > the option of not returning data it considers > too sensitive - such as GEOPRIV information. > ...I'd suggest that the option of which information to return be specifically named as a "local policy" issue -- I still carry the bruises from the discussion about provisioning servers with client location information, so am just a bit sensitive to this one in particular. As I've been repeatedly told, in some legal jurisdictions physical location information is required, to be available to emergency responders and others according to statute or ordinance. One method for obtaining this information might be to use the DHCPLEASEQUERY mechanism, so we need to be specific, I think, that the data to be returned ought to be in the realm of local administrative decisions. In some jurisdictions, location information would be considered private or privileged information, while in others it may be mandated to be publicly available. Let's stay away from the policy questions and declared this a local administrative matter. > Perhaps something like the following should be > added to the Security Considerations: > > In some environments it may be appropriate to > configure a DHCP server with option numbers that > MUST not be returned in response to DHCPLEASEQUERY > messages because these options are considered to > contain sensitive information. > ...I like this wording.... > I do think that once security options exists for > relay to server communication, if this was a > concern at a site, the site should use those > options (and restrict who the server responds to > for a DHCPLEASEQUERY). > ...you're almost suggesting that a more complete security model be developed for DHCPv4, including Access Control Lists for DHCPLEASEQUERY requests and responses. While I don't object, I think that we should keep in mind what we might be calling for as a future requirement. _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Restrictions of information flow in lease… Ralph Droms
- Re: [dhcwg] Restrictions of information flow in l… Kim Kinnear
- RE: [dhcwg] Restrictions of information flow in l… Bernie Volz
- RE: [dhcwg] Restrictions of information flow in l… Richard Barr Hibbs