Re: [dhcwg] Open Issues for Secure DHCPv6

神明達哉 <> Wed, 15 June 2016 17:04 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3648E12D97E for <>; Wed, 15 Jun 2016 10:04:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.401
X-Spam-Status: No, score=-2.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZSFfleweBYRx for <>; Wed, 15 Jun 2016 10:04:04 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 89F8912D80D for <>; Wed, 15 Jun 2016 10:04:04 -0700 (PDT)
Received: by with SMTP id s186so28033301qkc.1 for <>; Wed, 15 Jun 2016 10:04:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=tVpIq3+IWNqHrxrFN5rto1yvrvwc3ioqL3Yc9OPOJr8=; b=LpHGZgf8x1neI/3xzX0YFRv0w9hn7FXP95U1uU9R4EBJY7p+2SFwFhVrpgHT8FzI82 +ZAFij1hcVFfcCQmGqMpHD8DMFmq/BhURxqJod9Bl6cv8LbJ3l5v0qOu60f59+jKOryO yMoEDgVgWxkh7yZpj2gWqbqaRXUqkdg7O/20n7dLIiE/orpmEXO61pOttyEZvFZZ4F5k /ysyqUpnmlj+YOGgR+j7BPhtCZ0Q+Yvbs6EPGI3oOYgooEb8PfxNxiXcMrOqbSPQkcil E8PUH2z8utxwt+h++mdbOONpYVsKPSHR1o2nH9NZdbIp0grDFEwJghYKZwmJs/3n0L5H nccQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=tVpIq3+IWNqHrxrFN5rto1yvrvwc3ioqL3Yc9OPOJr8=; b=cUJ9DdYIRi9WUdUKlhxHUVeUZuUk499/UL9Wi9Tb7rVlAgo1IyV7xwhowDozlX4DNv 3qvF12vJLNNt4stz5eNZV46QaxtOGpta5I7mlg9bUXrCKKWYrtv0N3EDfkwFWzxGH8uI tGdN6I6hnFR19+dMJFGVhzairGvsPOxeJJMQcTPQD/Nhic4lmPshJ5RfJeNv1Qx4aMsn E9T5Oq3gYOfuIBInk25yGb168VYb1yTjwaoqktz6WRzOTXjKlCRpywUas+7gFHYAzFXr pNyEbtfiyjW8YIDPRa3kmdW4fsW6bd/QxiFy91u5Nol/qqfwcZN8xY3Co+VT3xwYxk0J RMDQ==
X-Gm-Message-State: ALyK8tIzLEHV3z37AVc+1BhFcOtAoUGeddLo60R2acCGy7PcvuBXR2z/NXaO22KrhLE9vluXGcdEIyPOdijoZA==
X-Received: by with SMTP id h9mr17488170qtb.60.1466010243679; Wed, 15 Jun 2016 10:04:03 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 15 Jun 2016 10:04:03 -0700 (PDT)
In-Reply-To: <>
References: <>
From: =?UTF-8?B?56We5piO6YGU5ZOJ?= <>
Date: Wed, 15 Jun 2016 10:04:03 -0700
X-Google-Sender-Auth: e3TU-vHNusRYoBe2r0whbEQ-d6U
Message-ID: <>
To: Lishan Li <>
Content-Type: text/plain; charset=UTF-8
Archived-At: <>
Cc: dhcwg <>
Subject: Re: [dhcwg] Open Issues for Secure DHCPv6
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 15 Jun 2016 17:04:06 -0000

At Wed, 15 Jun 2016 22:57:11 +0800,
Lishan Li <> wrote:

> After the discussion with authors and Stephen Farrell, we have the
> following problems not sure and want to get further comments from WG.
> 1. For the applicability part, after the discussion with Jinmei, we want to
> made the following changes:
> (1). Add some opportunistic security related description in applicability
> part;
> (2). Support the following two modes of operations: 1.
> Authentication+Encryption with cert/public key validation; 2. (if #1 isn't
> possible) Encryption-only without cert/public key validation.
>    The current version only includes "Authentication+Encryption" mode. We
> should add the "Encryption-only" mode.

I think some more background explanation is needed here...this is
simply based on my *understanding* (not opinion) of what we agreed at
the Yokohama IETF meeting.  I thought our consensus was to support the
above two modes, while the current sedhcpv6 draft only talks about
Authentication+Encryption.  I guess there is some possible confusion
on what "TOFU is out of scope for now" means
(see agenda #4 of

My understanding is that it was only about authentication and the
consensus was to add support for "encryption only".  Am I
understanding it correctly?

BTW, if we make this change, I don't think we can simply update the
applicability section - it will lead to quite substantial overhaul for
the entire document.

> 3. The Reply message with an error status code, is not encrypted. So the
> Reply message may contain the client identifier option, then the client's
> privacy information may be disclosed.
> So the solution is that: The Reply message can be encrypted to avoid
> privacy information disclosure.

This is not so trivial.  At least it will be tricky in case of
'AlgorithmNotSupported' - how can the server encrypt it when it
doesn't support the encryption algorithm?

JINMEI, Tatuya