[dhcwg] Comments on dhc-auth-sigzero
Alper Yegin <alper@docomolabs-usa.com> Tue, 28 October 2003 22:28 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA01775; Tue, 28 Oct 2003 17:28:03 -0500 (EST)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AEcIn-0007FX-S6; Tue, 28 Oct 2003 17:27:01 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1AEcHu-00075h-LW for dhcwg@optimus.ietf.org; Tue, 28 Oct 2003 17:26:06 -0500
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA01679 for <dhcwg@ietf.org>; Tue, 28 Oct 2003 17:25:54 -0500 (EST)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1AEcHs-00016R-00 for dhcwg@ietf.org; Tue, 28 Oct 2003 17:26:04 -0500
Received: from key1.docomolabs-usa.com ([216.98.102.225] helo=fridge.docomolabs-usa.com ident=fwuser) by ietf-mx with esmtp (Exim 4.12) id 1AEcHr-00016L-00 for dhcwg@ietf.org; Tue, 28 Oct 2003 17:26:03 -0500
Date: Tue, 28 Oct 2003 14:26:50 -0800
From: Alper Yegin <alper@docomolabs-usa.com>
To: dhcwg@ietf.org
Message-ID: <BBC42D2A.B75F%alper@docomolabs-usa.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Content-Transfer-Encoding: 7bit
Subject: [dhcwg] Comments on dhc-auth-sigzero
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Here are some comments on the draft-ietf-dhc-auth-sigzero-00.txt... - First of all, the solution is lacking the authorization aspect. As such, it is just providing "authentication to hold accountable", not "authentication to authorize." Imho, while the former is useful to some extent, it is not sufficient for solving the DHCP security problem. - The "envisioned second use" (see introduction section) would generally require interaction with the AAA protocols for the roaming scenarios. Without this, how will the authorization parameters be available to the DHCP server? - " If no preferred offer is seen, then the client MUST select among the offers in a non-deterministic manner (ideally, random). This step is important so that a client that has once been deceived into binding to the wrong DHCP server will have a chance to select a different server." The chances might be still low, as the attacker can send too many DHCPOFFER messages. (Can the client look at the link-layer address and discard them??) - The client configures the IP stack and DNS server IP address during the PROVISIONALLY-BOUND state. These parameters are obtained from potentially malicious nodes, and configuring them even for a brief period of time (what is the timeout value?) opens up a window for abuse. Alper _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www1.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Comments on dhc-auth-sigzero Alper Yegin