Re: [dhcwg] Open Issues for Secure DHCPv6
Lishan Li <lilishan48@gmail.com> Sat, 07 May 2016 15:04 UTC
Return-Path: <lilishan48@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 529C112D1CB for <dhcwg@ietfa.amsl.com>; Sat, 7 May 2016 08:04:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LgXRgh-X92xU for <dhcwg@ietfa.amsl.com>; Sat, 7 May 2016 08:04:51 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC72912D186 for <dhcwg@ietf.org>; Sat, 7 May 2016 08:04:50 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id j8so159594009lfd.2 for <dhcwg@ietf.org>; Sat, 07 May 2016 08:04:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=wisTXU3OKeCCqneJNwgzqHuHAlx6lqz6y2JZGFdy8ss=; b=Za7IhRawqPrUDRrdNbp+4MoE3yImF20rRqyFoX0dp4iLXi65fA5aclvAZp4RVzsN6r vntUYKaD5JbcDCMZyX2JxHqLuXxDHz15sxftdK9FSW4b1CvTwAREyVEU1A4Bsm212rup FRj1CCFwrBBeAQWt/KzoBzF+MMrctOz0xuu0C/aYUNzZtFnricYsLmycjI3M2P8W8/1s s/apvn+fXjR8huMsh8akSG4m89bYRPT+miiSrhEpIMWQrYevozhIp/lOEP7a1U15J3ms US6UZ4MYC8KMpqh5Ug3XFllSW06MjqLOYTL5zhEbDBa918FIMfw5S4qS2nN+0vYjqq2A /TJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=wisTXU3OKeCCqneJNwgzqHuHAlx6lqz6y2JZGFdy8ss=; b=FsuNnv1iXa2D6o8Hpmcj7EU+9VD45Z5lMQrGkbXsV9mjieZIHKV7scw0rFk6cDA1me NCNcDLVU3Aq6TKa9Ux7oEL2PIx1NlSuKRKmsMTXfOD8Ulp/YxgkMGjniL4KaNwLbFNLa czrLAWRwHM8eseSR/WN560gKIp6iVNXl1jAOr8sZ/c2Un/s3kFMefOYRUTegRthbxV59 G6t3hHOQkD9oi6rxoGi6fkJp5mAN08CHbIM8hdL6yDWxhSfY8tCIDCM4sQ5b4+W3mIuI Dyc+Zlx5kgbYjjUJvXwkuKuk7u6rGyhcGBxcs2J0/cQ4j4KDxYrWjJ8Kl6Q1DVRT65mf wO4A==
X-Gm-Message-State: AOPr4FWN+KWcBeKguuUOZ4lzZKPkS0YNjUeyPoaJ5L5rwUZ7nwXcV8SQ8No70tPB48pubdFgf807v04OtBLcFw==
MIME-Version: 1.0
X-Received: by 10.25.212.6 with SMTP id l6mr11759595lfg.163.1462633489061; Sat, 07 May 2016 08:04:49 -0700 (PDT)
Received: by 10.114.173.71 with HTTP; Sat, 7 May 2016 08:04:49 -0700 (PDT)
In-Reply-To: <25322a5ec897409093e904a7dc4549d3@XCH-ALN-003.cisco.com>
References: <CAJ3w4NcCu0J3_+8x0FuzoUK2=HxVaCddW3s5e9oL535BH0NKTA@mail.gmail.com> <25322a5ec897409093e904a7dc4549d3@XCH-ALN-003.cisco.com>
Date: Sat, 07 May 2016 23:04:49 +0800
Message-ID: <CAJ3w4NenOEwz0wqXSGQW_TtBJQB8_VnX_QyasBRUYo0Ler37HA@mail.gmail.com>
From: Lishan Li <lilishan48@gmail.com>
To: "Bernie Volz (volz)" <volz@cisco.com>
Content-Type: multipart/alternative; boundary="001a114212608d5f5c053241e565"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/iX6ghHKF-4ks_IW81Y6W_DL3Qfo>
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] Open Issues for Secure DHCPv6
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 May 2016 15:04:54 -0000
Dear Bernie, Thanks a lot for your nice reply. Please see in line. Best Regards, Lishan 2016-04-28 21:48 GMT+08:00 Bernie Volz (volz) <volz@cisco.com>: > Hi: > > > > A few comments below (BV>). For those questions I did not have a comment > on, it means I’m not yet sure what to say. > > > > - Bernie > > > > *From:* dhcwg [mailto:dhcwg-bounces@ietf.org] *On Behalf Of *Lishan Li > *Sent:* Tuesday, April 26, 2016 8:15 AM > *To:* dhcwg <dhcwg@ietf.org> > *Subject:* [dhcwg] Open Issues for Secure DHCPv6 > > > > Dear All, > > > > After the discussion with Ted and Jinmei, there are still some open > issues. Regarding these open issues, could you please give us you > suggestions? Looking forward to your guidance! The following are the > current open issues: > > > > 1. A single DHCPv6 server selection for authentication at the beginning. > > If the two servers share one common certificate with the same public key, > then the client should be able to send an encrypted request to both > servers, and both the servers can decrypt the encrypted request and letting > client select one of them in a compatible way to the original DHCPv6. > > So in this way, there is no need to contain the Server Identifier option > in the Encrypted-Query message. The disadvantage is that the extra > decryption cost is caused for the DHCPv6 server not for it. > > > > BV> How about adding the server-identifier option when it is in the client > message (i.e. Request, Renew, Decline, Release). That way, once a server is > selected the other servers can ignore without needing to decrypt? That > reduces the load a bit. > [LS]: Thanks for your valuable suggestion. In this way, only after server selection process, the server identifier option is contained to avoid the extra decryption for the servers not for it. > > 2. Regarding timestamp, what about a strictly-increasing serial number > (with rollover)? > > The advantage of a strictly increasing number is that the server can just > discard messages from the client with lower numbers, and the client can do > the same. The disadvantage is that the strictly-increasing number has to > be committed to stable storage on the client. > > > > BV> This seems a bit tricky. What happens if the stable storage is lost? A > time based value (when possible – i.e., client has time) seems like a > better option to me? For clients that don’t have the current time (i.e., > need DHCP to get the time), perhaps the timestamp is optional to > accommodate them – this does mean there is the replay risk (at least until > a time is available). I prefer we use existing techniques for this and I > think they are generally time based? > [LS]: Generally, the timestamp is used to defend against replay attack. I also prefer the existing techniques for this. > > > 3. For the DHCPv6 client, how about a bare key not a certificate? > > If the client uses certificate for authentication. The client has to > generate a key and then submit it to a certificate authority to be signed. > It would make sense for two different companies to trust all certs signed > by the same authority. For the client which is no longer authorized, they > still have a key signed by the authority. How do we stop that one client > from authenticating? The answer is that we have to have a record of every > client that is authorized to use the network. > > > > There are two ways to do client authentication: first, we can have the > certificate authority remember all of the clients, and maintain a > certificate revocation list (CRL) for clients whose certificates should no > longer grant access to the network. Second, we can simply keep a list of > all the client keys that are granted access to the network, and the DHCP > server can check that list before granting access. > > > > The first one is more easy, so we think a bare key is enough not a > certificate. > > > > 4. Whether we should mention opportunistic security in secure DHCPv6? > > > > 5. For the clients which has multiple certs, whether the transaction-id > can work as the identifier of the client's public key for encryption, and > server's private key for decryption? > > > > BV> I’m not sure I understand this one. > > > > 6. The format of Encrypted-Query and Encrypted-Response messages. > > For the encrypted-query and encrypted-response messages, in the current > version, the payload is a series of options, which may cause unnecessary > attack. So according to Ted's suggestion, It is better that the payload is > encrypted message with some fixed field. But DHCPv6 message's format are a > series of options. If the encrypted-query and encrypted-response use the > above format, are they still DHCPv6 messages? > > > > BV> I really prefer we keep it as a series of options. I don’t see that > fixed fields help anything (especially if fields are variable length, why > are they any easier to parse than options?). Options are easy enough to > parse. > > > > I don’t see this as “are these DHCPv6 messages” or not argument – the > Relay-Forw/Relay-Reply messages use a combination of fixed fields and > options and we consider these as DHCPv6 messages. > > > > Perhaps if you can provide an example of how these messages would be > formatted with the fixed fields, we could better evaluate as to whether > this may make sense or not. (For example, perhaps you want to add some > “identifier” into the messages to address issue #5 above?) > [LS]: If the encrypted message contains a series of options, then a client may send additional options and a server may also do it. So this way may create an unnecessary attack surface. Compared with a series of options, I think fixed fields may be better. Best Regards, Lishan
- Re: [dhcwg] Open Issues for Secure DHCPv6 Lishan Li
- Re: [dhcwg] Open Issues for Secure DHCPv6 神明達哉
- [dhcwg] Open Issues for Secure DHCPv6 Lishan Li
- [dhcwg] Open Issues for Secure DHCPv6 Lishan Li
- Re: [dhcwg] Open Issues for Secure DHCPv6 Bernie Volz (volz)
- Re: [dhcwg] Open Issues for Secure DHCPv6 Lishan Li
- Re: [dhcwg] Open Issues for Secure DHCPv6 Bernie Volz (volz)
- Re: [dhcwg] Open Issues for Secure DHCPv6 Lishan Li
- Re: [dhcwg] Open Issues for Secure DHCPv6 Bernie Volz (volz)
- Re: [dhcwg] Open Issues for Secure DHCPv6 Lishan Li