Re: [dhcwg] Commentsondraft-cadar-dhc-dhcpv6-opt-email-00.txt/draft-cadar-dhc-opt-imap-00.txt

"David W. Hankins" <David_Hankins@isc.org> Thu, 10 March 2005 15:45 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA27143 for <dhcwg-web-archive@ietf.org>; Thu, 10 Mar 2005 10:45:40 -0500 (EST)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D9Ptt-0006Ph-3F for dhcwg-web-archive@ietf.org; Thu, 10 Mar 2005 10:48:38 -0500
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D9Pop-0004UE-NG; Thu, 10 Mar 2005 10:43:23 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1D9Poo-0004U7-89 for dhcwg@megatron.ietf.org; Thu, 10 Mar 2005 10:43:22 -0500
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA26829 for <dhcwg@ietf.org>; Thu, 10 Mar 2005 10:43:19 -0500 (EST)
Received: from farside.isc.org ([204.152.187.5]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1D9Prd-0006HY-KC for dhcwg@ietf.org; Thu, 10 Mar 2005 10:46:17 -0500
Received: by farside.isc.org (Postfix, from userid 10200) id 1FD40677F8; Thu, 10 Mar 2005 15:43:21 +0000 (UTC)
Date: Thu, 10 Mar 2005 15:43:21 +0000
From: "David W. Hankins" <David_Hankins@isc.org>
To: dhcwg@ietf.org
Subject: Re: [dhcwg] Commentsondraft-cadar-dhc-dhcpv6-opt-email-00.txt/draft-cadar-dhc-opt-imap-00.txt
Message-ID: <20050310154320.GB49693@isc.org>
References: <421CB3B9B2D2F645B548D213C0A90E5501168D0C@edgmsmsg01.eu.thmulti.com> <200503082231.APQ72270@flask.cisco.com> <20050308231750.GB15202@storhaugen.uninett.no>
Mime-Version: 1.0
In-Reply-To: <20050308231750.GB15202@storhaugen.uninett.no>
User-Agent: Mutt/1.4.2.1i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1301256257=="
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f607d15ccc2bc4eaf3ade8ffa8af02a0

Before I forget...

We discussed in the WG meeting (5 minutes ago) today that there are many
security considerations for this draft.

In addition to the obvious denial-of-service or man-in-the-middle
opportunity (which one might point out is already present at a visited
network, but is more pervasive since any host may respond to a DHCPINFORM
containing such an option so it need not be the site's administration), a
laptop visiting another network, may be offered an SMTP server that does
not support SSL/TLS, or MAY require username/password authorization in
order to accept mail (and the user may not realize what password they are
being asked to provide).

Either scenario may expose information the user would rather keep private.

-- 
David W. Hankins		"If you don't do it right the first time,
Operations Engineer			you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg