Re: [dhcwg] Open Issues for Secure DHCPv6

神明達哉 <jinmei@wide.ad.jp> Wed, 15 June 2016 17:04 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3648E12D97E for <dhcwg@ietfa.amsl.com>; Wed, 15 Jun 2016 10:04:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.401
X-Spam-Level:
X-Spam-Status: No, score=-2.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSFfleweBYRx for <dhcwg@ietfa.amsl.com>; Wed, 15 Jun 2016 10:04:04 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89F8912D80D for <dhcwg@ietf.org>; Wed, 15 Jun 2016 10:04:04 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id s186so28033301qkc.1 for <dhcwg@ietf.org>; Wed, 15 Jun 2016 10:04:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=tVpIq3+IWNqHrxrFN5rto1yvrvwc3ioqL3Yc9OPOJr8=; b=LpHGZgf8x1neI/3xzX0YFRv0w9hn7FXP95U1uU9R4EBJY7p+2SFwFhVrpgHT8FzI82 +ZAFij1hcVFfcCQmGqMpHD8DMFmq/BhURxqJod9Bl6cv8LbJ3l5v0qOu60f59+jKOryO yMoEDgVgWxkh7yZpj2gWqbqaRXUqkdg7O/20n7dLIiE/orpmEXO61pOttyEZvFZZ4F5k /ysyqUpnmlj+YOGgR+j7BPhtCZ0Q+Yvbs6EPGI3oOYgooEb8PfxNxiXcMrOqbSPQkcil E8PUH2z8utxwt+h++mdbOONpYVsKPSHR1o2nH9NZdbIp0grDFEwJghYKZwmJs/3n0L5H nccQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=tVpIq3+IWNqHrxrFN5rto1yvrvwc3ioqL3Yc9OPOJr8=; b=cUJ9DdYIRi9WUdUKlhxHUVeUZuUk499/UL9Wi9Tb7rVlAgo1IyV7xwhowDozlX4DNv 3qvF12vJLNNt4stz5eNZV46QaxtOGpta5I7mlg9bUXrCKKWYrtv0N3EDfkwFWzxGH8uI tGdN6I6hnFR19+dMJFGVhzairGvsPOxeJJMQcTPQD/Nhic4lmPshJ5RfJeNv1Qx4aMsn E9T5Oq3gYOfuIBInk25yGb168VYb1yTjwaoqktz6WRzOTXjKlCRpywUas+7gFHYAzFXr pNyEbtfiyjW8YIDPRa3kmdW4fsW6bd/QxiFy91u5Nol/qqfwcZN8xY3Co+VT3xwYxk0J RMDQ==
X-Gm-Message-State: ALyK8tIzLEHV3z37AVc+1BhFcOtAoUGeddLo60R2acCGy7PcvuBXR2z/NXaO22KrhLE9vluXGcdEIyPOdijoZA==
X-Received: by 10.200.49.73 with SMTP id h9mr17488170qtb.60.1466010243679; Wed, 15 Jun 2016 10:04:03 -0700 (PDT)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.237.33.166 with HTTP; Wed, 15 Jun 2016 10:04:03 -0700 (PDT)
In-Reply-To: <CAJ3w4NeoF7DC91ST=814wq61cTXd8SYUDT1VvJ73Uy_Vhoqk3A@mail.gmail.com>
References: <CAJ3w4NeoF7DC91ST=814wq61cTXd8SYUDT1VvJ73Uy_Vhoqk3A@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
Date: Wed, 15 Jun 2016 10:04:03 -0700
X-Google-Sender-Auth: e3TU-vHNusRYoBe2r0whbEQ-d6U
Message-ID: <CAJE_bqdQUy3jeTOT2Sb2A9VgRJXYP30mBw6yB4S7iP0jMqO1kQ@mail.gmail.com>
To: Lishan Li <lilishan48@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/ayBdVfwUfdN5sV1SOL_37SaxI78>
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] Open Issues for Secure DHCPv6
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jun 2016 17:04:06 -0000

At Wed, 15 Jun 2016 22:57:11 +0800,
Lishan Li <lilishan48@gmail.com> wrote:

> After the discussion with authors and Stephen Farrell, we have the
> following problems not sure and want to get further comments from WG.
>
> 1. For the applicability part, after the discussion with Jinmei, we want to
> made the following changes:
> (1). Add some opportunistic security related description in applicability
> part;
> (2). Support the following two modes of operations: 1.
> Authentication+Encryption with cert/public key validation; 2. (if #1 isn't
> possible) Encryption-only without cert/public key validation.
>    The current version only includes "Authentication+Encryption" mode. We
> should add the "Encryption-only" mode.

I think some more background explanation is needed here...this is
simply based on my *understanding* (not opinion) of what we agreed at
the Yokohama IETF meeting.  I thought our consensus was to support the
above two modes, while the current sedhcpv6 draft only talks about
Authentication+Encryption.  I guess there is some possible confusion
on what "TOFU is out of scope for now" means
(see agenda #4 of https://www.ietf.org/proceedings/94/minutes/minutes-94-dhc).

My understanding is that it was only about authentication and the
consensus was to add support for "encryption only".  Am I
understanding it correctly?

BTW, if we make this change, I don't think we can simply update the
applicability section - it will lead to quite substantial overhaul for
the entire document.

> 3. The Reply message with an error status code, is not encrypted. So the
> Reply message may contain the client identifier option, then the client's
> privacy information may be disclosed.
> So the solution is that: The Reply message can be encrypted to avoid
> privacy information disclosure.

This is not so trivial.  At least it will be tricky in case of
'AlgorithmNotSupported' - how can the server encrypt it when it
doesn't support the encryption algorithm?

--
JINMEI, Tatuya