IETF Logo Mail Archive

Re: [dhcwg] Open Issues for Secure DHCPv6

Lishan Li <lilishan48@gmail.com> Sat, 07 May 2016 15:04 UTC

Return-Path: <lilishan48@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 529C112D1CB for <dhcwg@ietfa.amsl.com>; Sat, 7 May 2016 08:04:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LgXRgh-X92xU for <dhcwg@ietfa.amsl.com>; Sat, 7 May 2016 08:04:51 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC72912D186 for <dhcwg@ietf.org>; Sat, 7 May 2016 08:04:50 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id j8so159594009lfd.2 for <dhcwg@ietf.org>; Sat, 07 May 2016 08:04:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=wisTXU3OKeCCqneJNwgzqHuHAlx6lqz6y2JZGFdy8ss=; b=Za7IhRawqPrUDRrdNbp+4MoE3yImF20rRqyFoX0dp4iLXi65fA5aclvAZp4RVzsN6r vntUYKaD5JbcDCMZyX2JxHqLuXxDHz15sxftdK9FSW4b1CvTwAREyVEU1A4Bsm212rup FRj1CCFwrBBeAQWt/KzoBzF+MMrctOz0xuu0C/aYUNzZtFnricYsLmycjI3M2P8W8/1s s/apvn+fXjR8huMsh8akSG4m89bYRPT+miiSrhEpIMWQrYevozhIp/lOEP7a1U15J3ms US6UZ4MYC8KMpqh5Ug3XFllSW06MjqLOYTL5zhEbDBa918FIMfw5S4qS2nN+0vYjqq2A /TJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=wisTXU3OKeCCqneJNwgzqHuHAlx6lqz6y2JZGFdy8ss=; b=FsuNnv1iXa2D6o8Hpmcj7EU+9VD45Z5lMQrGkbXsV9mjieZIHKV7scw0rFk6cDA1me NCNcDLVU3Aq6TKa9Ux7oEL2PIx1NlSuKRKmsMTXfOD8Ulp/YxgkMGjniL4KaNwLbFNLa czrLAWRwHM8eseSR/WN560gKIp6iVNXl1jAOr8sZ/c2Un/s3kFMefOYRUTegRthbxV59 G6t3hHOQkD9oi6rxoGi6fkJp5mAN08CHbIM8hdL6yDWxhSfY8tCIDCM4sQ5b4+W3mIuI Dyc+Zlx5kgbYjjUJvXwkuKuk7u6rGyhcGBxcs2J0/cQ4j4KDxYrWjJ8Kl6Q1DVRT65mf wO4A==
X-Gm-Message-State: AOPr4FWN+KWcBeKguuUOZ4lzZKPkS0YNjUeyPoaJ5L5rwUZ7nwXcV8SQ8No70tPB48pubdFgf807v04OtBLcFw==
MIME-Version: 1.0
X-Received: by 10.25.212.6 with SMTP id l6mr11759595lfg.163.1462633489061; Sat, 07 May 2016 08:04:49 -0700 (PDT)
Received: by 10.114.173.71 with HTTP; Sat, 7 May 2016 08:04:49 -0700 (PDT)
In-Reply-To: <25322a5ec897409093e904a7dc4549d3@XCH-ALN-003.cisco.com>
References: <CAJ3w4NcCu0J3_+8x0FuzoUK2=HxVaCddW3s5e9oL535BH0NKTA@mail.gmail.com> <25322a5ec897409093e904a7dc4549d3@XCH-ALN-003.cisco.com>
Date: Sat, 07 May 2016 23:04:49 +0800
Message-ID: <CAJ3w4NenOEwz0wqXSGQW_TtBJQB8_VnX_QyasBRUYo0Ler37HA@mail.gmail.com>
From: Lishan Li <lilishan48@gmail.com>
To: "Bernie Volz (volz)" <volz@cisco.com>
Content-Type: multipart/alternative; boundary="001a114212608d5f5c053241e565"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/iX6ghHKF-4ks_IW81Y6W_DL3Qfo>
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] Open Issues for Secure DHCPv6
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 May 2016 15:04:54 -0000

Dear Bernie,

Thanks a lot for your nice reply. Please see in line.

Best Regards,
Lishan

2016-04-28 21:48 GMT+08:00 Bernie Volz (volz) <volz@cisco.com>:

> Hi:
>
>
>
> A few comments below (BV>). For those questions I did not have a comment
> on, it means I’m not yet sure what to say.
>
>
>
> -          Bernie
>
>
>
> *From:* dhcwg [mailto:dhcwg-bounces@ietf.org] *On Behalf Of *Lishan Li
> *Sent:* Tuesday, April 26, 2016 8:15 AM
> *To:* dhcwg <dhcwg@ietf.org>
> *Subject:* [dhcwg] Open Issues for Secure DHCPv6
>
>
>
> Dear All,
>
>
>
> After the discussion with Ted and Jinmei, there are still some open
> issues. Regarding these open issues, could you please give us you
> suggestions? Looking forward to your guidance! The following are the
> current open issues:
>
>
>
> 1. A single DHCPv6 server selection for authentication at the beginning.
>
> If the two servers share one common certificate with the same public key,
> then the client should be able to send an encrypted request to both
> servers, and both the servers can decrypt the encrypted request and letting
> client select one of them in a compatible way to the original DHCPv6.
>
> So in this way, there is no need to contain the Server Identifier option
> in the Encrypted-Query message. The disadvantage is that the extra
> decryption cost is caused for the DHCPv6 server not for it.
>
>
>
> BV> How about adding the server-identifier option when it is in the client
> message (i.e. Request, Renew, Decline, Release). That way, once a server is
> selected the other servers can ignore without needing to decrypt? That
> reduces the load a bit.
>
[LS]: Thanks for your valuable suggestion.  In this way, only after server
selection process, the server identifier option is contained to avoid the
extra decryption for the servers not for it.

>
>
2. Regarding timestamp, what about a strictly-increasing serial number
> (with rollover)?
>
> The advantage of a strictly increasing number is that the server can just
> discard messages from the client with lower numbers, and the client can do
> the same.  The disadvantage is that the strictly-increasing number has to
> be committed to stable storage on the client.
>
>
>
> BV> This seems a bit tricky. What happens if the stable storage is lost? A
> time based value (when possible – i.e., client has time) seems like a
> better option to me? For clients that don’t have the current time (i.e.,
> need DHCP to get the time), perhaps the timestamp is optional to
> accommodate them – this does mean there is the replay risk (at least until
> a time is available). I prefer we use existing techniques for this and I
> think they are generally time based?
>
[LS]: Generally, the timestamp is used to defend against replay attack. I
also prefer the existing techniques for this.

>
>
> 3. For the DHCPv6 client, how about a bare key not a certificate?
>
> If the client uses certificate for authentication. The client has to
> generate a key and then submit it to a certificate authority to be signed.
> It would make sense for two different companies to trust all certs signed
> by the same authority. For the client which is no longer authorized, they
> still have a key signed by the authority.   How do we stop that one client
> from authenticating? The answer is that we have to have a record of every
> client that is authorized to use the network.
>
>
>
> There are two ways to do client authentication: first, we can have the
> certificate authority remember all of the clients, and maintain a
> certificate revocation list (CRL) for clients whose certificates should no
> longer grant access to the network. Second, we can simply keep a list of
> all the client keys that are granted access to the network, and the DHCP
> server can check that list before granting access.
>
>
>
> The first one is more easy, so we think a bare key is enough not a
> certificate.
>
>
>
> 4. Whether we should mention opportunistic security in secure DHCPv6?
>
>
>
> 5. For the clients which has multiple certs, whether the transaction-id
> can work as the identifier of the client's public key for encryption, and
> server's  private key for decryption?
>
>
>
> BV> I’m not sure I understand this one.
>
>
>
> 6. The format of Encrypted-Query and Encrypted-Response messages.
>
> For the encrypted-query and encrypted-response messages, in the current
> version, the payload is a series of options, which may cause unnecessary
> attack. So according to Ted's suggestion, It is better that the payload is
> encrypted message with some fixed field. But DHCPv6 message's format are a
> series of options. If the encrypted-query and encrypted-response use the
> above format, are they still DHCPv6 messages?
>
>
>
> BV> I really prefer we keep it as a series of options. I don’t see that
> fixed fields help anything (especially if fields are variable length, why
> are they any easier to parse than options?). Options are easy enough to
> parse.
>
>
>
> I don’t see this as “are these DHCPv6 messages” or not argument – the
> Relay-Forw/Relay-Reply messages use a combination of fixed fields and
> options and we consider these as DHCPv6 messages.
>
>
>
> Perhaps if you can provide an example of how these messages would be
> formatted with the fixed fields, we could better evaluate as to whether
> this may make sense or not. (For example, perhaps you want to add some
> “identifier” into the messages to address issue #5 above?)
>
[LS]: If the encrypted message contains a series of options, then a client
may send additional options and a server may also do it. So this way may
create an unnecessary attack surface.
Compared with a series of options, I think fixed fields may be better.

Best Regards,
Lishan

v2.23.0 | Report a Bug | By Email