Re: [dhcwg] Martin Duke's Discuss on draft-ietf-dhc-v6only-05: (with DISCUSS and COMMENT)

Jen Linkova <> Thu, 30 July 2020 03:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AE2993A0C79; Wed, 29 Jul 2020 20:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id isaOPQ_iu0n3; Wed, 29 Jul 2020 20:47:34 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E0B8C3A0C76; Wed, 29 Jul 2020 20:47:33 -0700 (PDT)
Received: by with SMTP id l64so17655007qkb.8; Wed, 29 Jul 2020 20:47:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=QhmUNqvhquLGzVO6Ge0JGj/uDuqMP6KwEdkPpqeN5+A=; b=Tkz7fFVbkJjab3eDx/fCQgfz1aitLo0M4sFdjLN3enMCSGOWWGDPfBX6TvIvonWLmT 8O+TT+o3mprcGwgmce6CHsqHZH/LYzofMQhl822Srd+F5pq/CizJ4gU8RZHPBerQaFNC LQ6PDOTzCtd9UocDCv/Fudcdls3tnuAaqwESvnc3IvscfKRokRWqAC0dCWjdALOxdY13 yz6Qs9aoDkkOnIziejyDXyccZE7iUVYvWU3DB1NYEmA7y8SNgQB4ZVqdM5Br9ItNBten YEjg+w59+n+sXfT7caQCk2ViLXwD2gMQK7g2Go09Wk0PuUmkBKnsw5wfA0BDX4PZwH+P AEig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=QhmUNqvhquLGzVO6Ge0JGj/uDuqMP6KwEdkPpqeN5+A=; b=Zwzp3RoHf3sTvhyN9iXBbQC45HjY7UQNmG0GHCqhBxmkU3ZYwIqt49O78p8CcNazQY 0zAeQg0D+13xavKD7XkCr5N82ncotKvMEaBz+AHjoyOncwg03Sz9yGVTRdHFAAoPJvJF PCBNX01FnIlx/es+2IOpPafermIhHndVlmUxVPPsw9WFhjkW4JUmpc/FAeZe/0y/4AF6 8zrc7UGU4C3s5M91Eox7+EBxWF+nyMCorC+8NAtzme3Ia7l5Icu8GgWDhTkiiE99YwlX FvtKdCCUpE8SRoMw/2CAJ8Ry2+Zc8+ON5d72eNEPXuz8pm4ZEKY/gz7BkYJdNSSqQqPY RTIg==
X-Gm-Message-State: AOAM533+/S+6rLzcJEzVorpFYjbg1HMjCYgmLgEHWRDKu/o901XS87xE MHx+fDUE/47OKkv7WeiLBLt2N/C9ASF6037ULnU=
X-Google-Smtp-Source: ABdhPJxjVVf4QkfiLeupvmVnZeN6hEJs4g+V016zERgmPZJyZ2E4vnfUqWE/dlxDxnO0Y3+xxO0/k0WskuzZ9wcrzdA=
X-Received: by 2002:a37:9c4b:: with SMTP id f72mr30179836qke.332.1596080852856; Wed, 29 Jul 2020 20:47:32 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Jen Linkova <>
Date: Thu, 30 Jul 2020 13:47:21 +1000
Message-ID: <>
To: Martin Duke <>
Cc:,, "Bernie Volz (volz)" <>,
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [dhcwg] Martin Duke's Discuss on draft-ietf-dhc-v6only-05: (with DISCUSS and COMMENT)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 30 Jul 2020 03:47:37 -0000

On Thu, Jul 30, 2020 at 1:09 PM Martin Duke <> wrote:

>> How about we change the first paragraph of the Security Considerations
>> (  to:
>> "An attacker might send a spoofed DHCPOFFER containing IPv6-only
>> Preferred option with the value field set to 0xffffffff, disabling
>> DHCPv4 on clients supporting the option. If the network is IPv4-only
>> such clients would lose connectivity, while on a dual-stack network
>> without NAT64 service only connectivity to IPv4-only destinations
>> would be affected. The recovery would require triggering a network
>> attachment event. However it should be noted that if the network does
>> not provide protection from a rogue DHCPv4 server the similar attack
>> vector can be executed by setting the Lease Time option value field to
>> 0xffffffff. The latter attack would also affect hosts without
>> IPv6-only Preferred option support. Therefore the security measures
>> against rogue DHCPv4 servers would be sufficient to prevent the
>> attacks specific to IPv6-only Preferred option."
> I would be satisfied with that additional text to close the DISCUSS.

Great, the text above will be added to -06 which I'll submit close to
the next Telechat date so more feedback could be incorporated.

>> > Sec 3.1 In client-generated messages, what is in the "Value field"? I presume
>> > this is one of those "client MUST set to zero and server MUST ignore" cases?
>> The client does not send the full option. The client includes the
>> option code into the Parameter Request List option (see
> Oh wow, that is very subtly worded so I totally missed that. Sorry! If this is very much the pattern for other DHCP options (client uses a code, server has a full option) then carry on; if it's not the pattern, a little text in version 3.1 that only servers send this would be helpful.

I've updated the Code field description in Section 3.1 with the following text:
"The client includes the Code in the Parameter Request List in
DHCPDISCOVER and DHCPREQUEST messages as described in Section 3.2."

I hope this text makes it more explicit that the client is not sending
the full option.

SY, Jen Linkova aka Furry