Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt
"Templin, Fred L" <Fred.L.Templin@boeing.com> Mon, 17 October 2016 16:48 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0F0E129967 for <dhcwg@ietfa.amsl.com>; Mon, 17 Oct 2016 09:48:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tJG-QNKYV69b for <dhcwg@ietfa.amsl.com>; Mon, 17 Oct 2016 09:48:47 -0700 (PDT)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFDD9129952 for <dhcwg@ietf.org>; Mon, 17 Oct 2016 09:48:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u9HGmkfR039876; Mon, 17 Oct 2016 09:48:46 -0700
Received: from XCH15-06-09.nw.nos.boeing.com (xch15-06-09.nw.nos.boeing.com [137.136.239.172]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u9HGmbLj039744 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Mon, 17 Oct 2016 09:48:37 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (2002:8988:eede::8988:eede) by XCH15-06-09.nw.nos.boeing.com (2002:8988:efac::8988:efac) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 17 Oct 2016 09:48:36 -0700
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Mon, 17 Oct 2016 09:48:36 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt
Thread-Index: AQHSKH3lz/OzTPzvyE2kKLhsROBcOaCtIS2A//+5WMA=
Date: Mon, 17 Oct 2016 16:48:36 +0000
Message-ID: <ccbfe561da43469e8f894e2235c4b429@XCH15-06-08.nw.nos.boeing.com>
References: <147671242179.4527.12337010225582460227.idtracker@ietfa.amsl.com> <7e03afc26a08461e8308d5bdf985bed9@XCH-ALN-003.cisco.com>
In-Reply-To: <7e03afc26a08461e8308d5bdf985bed9@XCH-ALN-003.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/bxJ5d0lcxvzu34v9TKvdNkcav2M>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 16:48:50 -0000
Hi Bernie, Just so I can understand the intent of this document, if the relay(s) and server already know that some form of encryption is already in use (e.g., if the client and server are using sedhcpv6) then it should be OK to omit encryption between the Relay and Server. Does this draft intend to mandate the use of encryption in all cases? Thanks - Fred > -----Original Message----- > From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Bernie Volz (volz) > Sent: Monday, October 17, 2016 6:58 AM > To: dhcwg@ietf.org > Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt > > Hi: > > This update was a very minor change suggested by Stephen Farrell. In section 3, the last sentence in the 1st paragraph was updated to > add "and other attacks", since this not only protects against pervasive monitoring. > > - Bernie > > -----Original Message----- > From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org > Sent: Monday, October 17, 2016 9:54 AM > To: i-d-announce@ietf.org > Cc: dhcwg@ietf.org > Subject: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Dynamic Host Configuration of the IETF. > > Title : Security of Messages Exchanged Between Servers and Relay Agents > Authors : Bernie Volz > Yogendra Pal > Filename : draft-ietf-dhc-relay-server-security-01.txt > Pages : 8 > Date : 2016-10-17 > > Abstract: > The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) has no > guidance for how to secure messages exchanged between servers and > relay agents. The Dynamic Host Configuration Protocol for IPv6 > (DHCPv6) states that IPsec should be used to secure messages > exchanged between servers and relay agents, but does not recommend > encryption. And, with recent concerns about pervasive monitoring it > is appropriate to provide recommendations for DHCPv4 and also improve > the recommendations for DHCPv6. This document updates RFC1542 and > RFC3315. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-server-security/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-dhc-relay-server-security-01 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-relay-server-security-01 > > > Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at > tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] I-D Action: draft-ietf-dhc-relay-server-s… internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… yogendra pal
- [dhcwg] WGLC on draft-ietf-dhc-relay-server-secur… Tomek Mrugalski
- Re: [dhcwg] WGLC on draft-ietf-dhc-relay-server-s… Bernie Volz (volz)
- [dhcwg] Comments on draft-ietf-dhc-relay-server-s… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Timothy Carlin
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- [dhcwg] WGLC on draft-ietf-dhc-relay-server-secur… Tomek Mrugalski