Re: [dhcwg] A new draft of draft-jiang-dhc-secure-dhcpv6 is submitted. Comments are welcome!
Mark Stapp <mjs@cisco.com> Wed, 09 July 2008 13:43 UTC
Return-Path: <dhcwg-bounces@ietf.org>
X-Original-To: dhcwg-archive@megatron.ietf.org
Delivered-To: ietfarch-dhcwg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AE6FE3A6A86; Wed, 9 Jul 2008 06:43:04 -0700 (PDT)
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D36473A68DB for <dhcwg@core3.amsl.com>; Wed, 9 Jul 2008 06:43:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v40-3FJhduKI for <dhcwg@core3.amsl.com>; Wed, 9 Jul 2008 06:43:02 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id 50F2B3A6950 for <dhcwg@ietf.org>; Wed, 9 Jul 2008 06:43:02 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.30,331,1212364800"; d="scan'208";a="13655437"
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-1.cisco.com with ESMTP; 09 Jul 2008 13:43:12 +0000
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m69DhC9D006086; Wed, 9 Jul 2008 09:43:12 -0400
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m69DhCJ6011811; Wed, 9 Jul 2008 13:43:12 GMT
Received: from xfe-rtp-202.amer.cisco.com ([64.102.31.21]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Jul 2008 09:43:12 -0400
Received: from [10.86.240.3] ([10.86.240.3]) by xfe-rtp-202.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 9 Jul 2008 09:43:11 -0400
Message-ID: <4874C06F.5090302@cisco.com>
Date: Wed, 09 Jul 2008 09:43:11 -0400
From: Mark Stapp <mjs@cisco.com>
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: Sheng Jiang <shengjiang@huawei.com>
References: <000f01c8ddb4$23370800$6a0c6f0a@china.huawei.com>
In-Reply-To: <000f01c8ddb4$23370800$6a0c6f0a@china.huawei.com>
X-OriginalArrivalTime: 09 Jul 2008 13:43:11.0871 (UTC) FILETIME=[BACCA8F0:01C8E1C9]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4159; t=1215610992; x=1216474992; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mjs@cisco.com; z=From:=20Mark=20Stapp=20<mjs@cisco.com> |Subject:=20Re=3A=20[dhcwg]=20A=20new=20draft=20of=20draft- jiang-dhc-secure-dhcpv6=20is=20submitted.=0A=20Comments=20ar e=20welcome! |Sender:=20 |To:=20Sheng=20Jiang=20<shengjiang@huawei.com>; bh=4ZuyC0rJc2wfIKkA4LheL4eG2ynO9zMHcOlno6Y9iM8=; b=MrZBmFLaHathabcAfPjECoDHoAwM/Zru32YdG3M9xvjr5ggwrgAr/mznz5 OVsJ4pwoevIzQOI1Fm9AFw/LKQ/C+KykmXIkOxNz925bgBg5dMYiA5QGKB40 q5NN2bOPof;
Authentication-Results: rtp-dkim-2; header.From=mjs@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
Cc: dhcwg@ietf.org
Subject: Re: [dhcwg] A new draft of draft-jiang-dhc-secure-dhcpv6 is submitted. Comments are welcome!
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
Hello, it's certainly worthwhile to explore use of asymmetric keys to secure dhcpv6, so it's helpful to see this work. but there are a number of issues with the details in this draft: 1. it's not clear why the existing extensible authentication option couldn't be used. I believe I could map everything proposed for the new "Signature Option" into the existing option, so I have to ask: why not do that? I suspect that you can make a case that it would be awkward to try to fit the CGA parameters data into the body of the authentication option, and so make the case for the new CGA params option. but I'd like to see that tradeoff discussed. 2. an important benefit of using the existing option and specification that supports it is that the text in rfc3315 is much more detailed and rigorous than the text in this draft. the 3315 text is clear and correct about the actual computations based on the structure of dhcpv6 messages. I don't think there'd be much benefit in extending this draft so that it duplicates that existing specification text. I'd much rather see a focus on the specifics of the steps required to produce and verify the key-pair-based hash and signatures. 2a. doing (2) would help get you out of thinking that you depend on the ordering of options - the text in 3315 is correct about that. I second Bernie's point that there's no need to require special ordering. 3. there are an unusual number of instances of direct quotation from RFCs. IMO, it's generally better to refer to RFCs because small quotes can be misleading without the context of an entire protocol. it's one thing to use quotations if you're trying to establish a clarification of the meaning of a specific passage, but I don't think that's what's happening here. 4. it would be more useful to describe a general-purpose way to use asymmetric key pairs. the only things specific about the CGA application as described here is the details of the use of the CGA parameters structure and the dependency on seeing the client's original IP source address. but isn't that really just a specialized case, that only extends the general case in a couple of ways? 5. do you intend this only to be used when DHCPv6 is used to convey configuration options? are there any differences required to support address configuration, or prefix delegation? 6. what happens in relayed environments - where the client's original IP source address is no longer visible to the DHCP server? is this just meant to be hop-by-hop integrity protection? 7. I don't see anything here about authorization. anyone who can generate a key pair can use this, right? so ... it's just message integrity protection? do you propose to configure clients with server or relay public keys? something like SEND, would it be interesting to authorize relays and servers via certs? or validate clients' keys with certs? Thanks, Mark Sheng Jiang wrote: > A new draft of draft-jiang-dhc-secure-dhcpv6 is submitted. Comments are > welcome! > > Filename: draft-jiang-dhc-secure-dhcpv6 > Version: 00 > Staging URL: > http://www3.ietf.org/proceedings/staging/draft-jiang-dhc-secure-dhcpv6-00.txt > Title: Secure DHCPv6 Using CGAs > Creation_date: 2008-07-04 > WG ID: Indvidual Submission > Number_of_pages: 14 > Abstract: > The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) enables DHCP > servers to pass configuration parameters. It offers configuration > flexibility. If not secured, DHCPv6 is vulnerable to various attacks > particularly fake attack. This document analyzes the security issues of > DHCPv6 and specifies security mechanisms, mainly using CGAs. > > Best regards, > > Sheng JIANG, Ph.D. > > IP Research Department, Networking Research Department, Network Product > Line, Huawei Technologies Co. Ltd. > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] A new draft of draft-jiang-dhc-secure-dhc… Sheng Jiang
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Shane Kerr
- Re: [dhcwg] FW: A new draft of draft-jiang-dhc-se… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Sean Shuo Shen
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Sean Shuo Shen
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Mark Stapp
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Sean Shuo Shen
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- [dhcwg] FW: A new draft of draft-jiang-dhc-secure… Sean Shuo Shen
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Ted Lemon
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Sean Shuo Shen
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… John Schnizlein
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Bernie Volz (volz)
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Robert Elz
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Sean Shuo Shen
- Re: [dhcwg] A new draft of draft-jiang-dhc-secure… Jari Arkko