Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6
Francis Dupont <Francis.Dupont@fdupont.fr> Wed, 07 June 2017 23:17 UTC
Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AE681270B4 for <dhcwg@ietfa.amsl.com>; Wed, 7 Jun 2017 16:17:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A_C0KE8yMxKg for <dhcwg@ietfa.amsl.com>; Wed, 7 Jun 2017 16:17:27 -0700 (PDT)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F826126D45 for <dhcwg@ietf.org>; Wed, 7 Jun 2017 16:17:27 -0700 (PDT)
Received: from givry.fdupont.fr (localhost [IPv6:::1]) by givry.fdupont.fr (8.14.7/8.14.7) with ESMTP id v57N2XbZ076691; Thu, 8 Jun 2017 01:02:33 +0200 (CEST) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201706072302.v57N2XbZ076691@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: Ted Lemon <mellon@fugue.com>
cc: Tomek Mrugalski <tomasz.mrugalski@gmail.com>, dhcwg@ietf.org
In-reply-to: Your message of Wed, 07 Jun 2017 17:49:25 -0400. <F9256C35-FED1-4CFC-B6EF-103576976177@fugue.com>
Date: Thu, 08 Jun 2017 01:02:33 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/i3XaZ21-pFTt8FZkKE9RfyDd-M8>
Subject: Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 23:17:29 -0000
In your previous mail you wrote: > On Jun 7, 2017, at 5:25 PM, Francis Dupont <Francis.Dupont@fdupont.fr> = > wrote: > > I am afraid you are replacing the address bootstrap mess by the = > security > > bootstrap mess but there is a security protocol which includes address > > bootstrapping, it is IKEv2 so IMHO we should try it as on the paper > > it has all we need. > > Pretty much everything you said here assumes that the DHCP client has a = > routable address. => requiring a routable address is what I called the "address bootstrap" mess. Note we don't need one, just to be able to send a packet to the server and if possible not using multicast (multicast is where the embedded relay can help). Note that IKE or DTLS works over link-local addresses so you can protect directly client-relay. It's the fact that it doesn't that makes this hard. => yes, the info-request / stateless case is easier. > Also, a key agreement protocol is probably not a good idea if we care = > about privacy. => by key agreement I mean a Diffie-Hellman variant (more ECDH or X25519). Cf Russ Housley's message. I can't see what is the impact on privacy: it is just a parameter saying which variant, and a public random/opaque value which can be changed for each init (DISCOVER/SOLICIT) message. > And we already talked about how to do TOFU, and I think that applies = > just as well here as to the current spec. => TOFU is a server policy. Another problem with all IKE, DTLS and reinvented similar mechanisms is that it is not possible to protect both identities against active attacks (cf the SIGMA conf paper) so if we want mutual authentication we have to choose protocols which protect the client/initiator identity (for instance to put the client public key in clear text in the first message is not good even against passive attacks). Regards Francis.Dupont@fdupont.fr PS: as candidates with have HIP, and also some EAP/PANA extensions to do encryption (IMHO more to get ideas than to use). PPS: before going further it seems we should first agree about what we want...
- [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Tomek Mrugalski
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 神明達哉
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 神明達哉
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 神明達哉
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Tomek Mrugalski
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Ted Lemon
- Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6 Francis Dupont