IETF Logo Mail Archive

Re: [dhcwg] A new draft of draft-jiang-dhc-secure-dhcpv6 is submitted. Comments are welcome!

"Bernie Volz (volz)" <volz@cisco.com> Mon, 14 July 2008 13:10 UTC

Return-Path: <dhcwg-bounces@ietf.org>
X-Original-To: dhcwg-archive@megatron.ietf.org
Delivered-To: ietfarch-dhcwg-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AC89F28C13D; Mon, 14 Jul 2008 06:10:20 -0700 (PDT)
X-Original-To: dhcwg@core3.amsl.com
Delivered-To: dhcwg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 23CE928C0F2 for <dhcwg@core3.amsl.com>; Mon, 14 Jul 2008 06:10:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.358
X-Spam-Level:
X-Spam-Status: No, score=-6.358 tagged_above=-999 required=5 tests=[AWL=0.241, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7iOMZV9qAmr1 for <dhcwg@core3.amsl.com>; Mon, 14 Jul 2008 06:10:16 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id A902A3A6A04 for <dhcwg@ietf.org>; Mon, 14 Jul 2008 06:10:15 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.30,359,1212364800"; d="scan'208";a="14204988"
Received: from rtp-dkim-1.cisco.com ([64.102.121.158]) by rtp-iport-1.cisco.com with ESMTP; 14 Jul 2008 13:10:40 +0000
Received: from rtp-core-2.cisco.com (rtp-core-2.cisco.com [64.102.124.13]) by rtp-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m6EDAem0004924; Mon, 14 Jul 2008 09:10:40 -0400
Received: from xbh-rtp-201.amer.cisco.com (xbh-rtp-201.cisco.com [64.102.31.12]) by rtp-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m6EDAerb000696; Mon, 14 Jul 2008 13:10:40 GMT
Received: from xmb-rtp-20a.amer.cisco.com ([64.102.31.15]) by xbh-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 Jul 2008 09:10:18 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 14 Jul 2008 09:10:15 -0400
Message-ID: <8E296595B6471A4689555D5D725EBB21080C9F85@xmb-rtp-20a.amer.cisco.com>
In-Reply-To: <004d01c8e59f$3b223f00$c80c6f0a@china.huawei.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dhcwg] A new draft of draft-jiang-dhc-secure-dhcpv6 is submitted. Comments are welcome!
Thread-Index: AcjhyiklbzF0c7YrS/ijkgl+dVxjowAq0nDgAJ66m+AAK5BiQAAE9gFw
References: <8E296595B6471A4689555D5D725EBB21080C9EAC@xmb-rtp-20a.amer.cisco.com> <004d01c8e59f$3b223f00$c80c6f0a@china.huawei.com>
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Sean Shuo Shen <sshen@huawei.com>, "Mark Stapp (mjs)" <mjs@cisco.com>, Sheng Jiang <shengjiang@huawei.com>
X-OriginalArrivalTime: 14 Jul 2008 13:10:18.0209 (UTC) FILETIME=[F6787D10:01C8E5B2]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=12959; t=1216041041; x=1216905041; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=volz@cisco.com; z=From:=20=22Bernie=20Volz=20(volz)=22=20<volz@cisco.com> |Subject:=20RE=3A=20[dhcwg]=20A=20new=20draft=20of=20draft- jiang-dhc-secure-dhcpv6=20is=20submitted.=20Comments=20are=2 0welcome! |Sender:=20 |To:=20=22Sean=20Shuo=20Shen=22=20<sshen@huawei.com>,=20=22 Mark=20Stapp=20(mjs)=22=20<mjs@cisco.com>,=0A=20=20=20=20=20 =20=20=20=22Sheng=20Jiang=22=20<shengjiang@huawei.com>; bh=e6xIyJ0YR9BUZyzP5VJrAGo5n30SVispxg3Mm/H7TAk=; b=YIfPslRdxJPGUvfiVd6ec86Frlyg59hxkZcceSHCLZ90Dy6ht5ardukDbs M7RRbWgNMOFnXNbf++S/WdP3FyXWSGSmt7Y7e2zemzzkspXLeaFjFE5ehgAe tzRSlngqVg;
Authentication-Results: rtp-dkim-1; header.From=volz@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Cc: dhcwg@ietf.org
Subject: Re: [dhcwg] A new draft of draft-jiang-dhc-secure-dhcpv6 is submitted. Comments are welcome!
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/dhcwg>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dhcwg-bounces@ietf.org
Errors-To: dhcwg-bounces@ietf.org

If you want to extend the AUTH option to handle relay-agent to
relay-agent or relay-agent-to-server authentication, I don't think that
means you'd have to use a new option.

---

>option, more options MAY add other options after the relay message
option
>and these more options are option of B (not of A).  It is comply and
>consistent with RFC3315. See RFC3315, Section 7 :
>      options        MUST include a "Relay Message option" (see
>                     section 22.10); MAY include other options added by
>                     the relay agent. 

You'll note that this text in RFC 3315 states nothing about ordering.

- Bernie

-----Original Message-----
From: Sean Shuo Shen [mailto:sshen@huawei.com] 
Sent: Monday, July 14, 2008 6:49 AM
To: Bernie Volz (volz); Mark Stapp (mjs); 'Sheng Jiang'
Cc: dhcwg@ietf.org
Subject: RE: [dhcwg] A new draft of draft-jiang-dhc-secure-dhcpv6 is
submitted. Comments are welcome!

Hi, Bernie

> -----Original Message-----
> From: Bernie Volz (volz) [mailto:volz@cisco.com]
> Sent: Sunday, July 13, 2008 10:08 PM
> To: Sean Shuo Shen; Mark Stapp (mjs); Sheng Jiang
> Cc: dhcwg@ietf.org
> Subject: RE: [dhcwg] A new draft of draft-jiang-dhc-secure-dhcpv6 is
submitted.
> Comments are welcome!
> 
> Sean:
> 
> Regarding point 1 and 2, the AUTH option was designed to carry
> authentication data. What that data is and how it is used depends on
the
> *protocol* field. The existing protocols are just the CURRENTLY
defined
> possibilities. New protocols can define new mechanisms. As 21.2 of RFC
> 3315 states:
> 
>    The Authentication option provides a framework for multiple
>    authentication protocols.  Two such protocols are defined here.
>    Other protocols defined in the future will be specified in separate
>    documents.
> 
I think your question is: can the CGA signature be put into the current
DHCPv6 auth framwork as the 3rd auth protocol besides the current two.  
This is a good question and actually we tried to fit the signature
option
into current AUTH framework at the beginning. The AUTH framework is open
for
more auth protocols and is a good place to carry more auth mechanisms.
But
there is a issues should be noticed:  DHCPv6 AUTH only allow one auth
option, thus only client and server can authenticate each other via auth
option. The relay agents have to be authenticated via IPSEC.  Our
proposal
trys to avoid this IPSEC requirement and makes sure that all the relay
agents in the middle can be authenticated and be trusted by the
receiver.
> 
> >However, in that
> >way, it is much more complicated for verifier to tell what contents
are
> >covered by this signature or not (especially when more options are
> added
> >during transmission).
> 
> As I keep trying to tell you this does NOT happen in DHCPv6. Messages
> are ENCAPSULATED; options are not "added" along the way (such as is
done
> in DHCPv4 with the relay-agent option). Once a message is formed (yes,
> the entity forming the message adds options), that's it - nothing else
> (no other entity) adds anything to the message. And, having the
complete
> message be part of the "signature" is the proper way to go.
> 
> For DHCPv6, the intent was that the way one handles options that have
> positional requirements is to ENCAPSULATE them within other options.
> That's why we have IA options (IA_NA, IA_TA, and IA_PD) which
> encapsulate the addresses (prefixes) and why those IAADDR/IAPREFIX
> options can encapsulate other options. The ordering of options at a
> particular level is immaterial and should NEVER need to be in any
> specific order.
We have been clarified before that once a message A with signature was
sent
by the client, no more options is added to this message A. The relay
agents
will generate relay message B which encapsulate A in B's relay message
option, more options MAY add other options after the relay message
option
and these more options are option of B (not of A).  It is comply and
consistent with RFC3315. See RFC3315, Section 7 :
      options        MUST include a "Relay Message option" (see
                     section 22.10); MAY include other options added by
                     the relay agent.
Regard,
Sean

> - Bernie
> 
> -----Original Message-----
> From: dhcwg-bounces@ietf.org [mailto:dhcwg-bounces@ietf.org] On Behalf
> Of Sean Shuo Shen
> Sent: Thursday, July 10, 2008 6:19 AM
> To: Mark Stapp (mjs); 'Sheng Jiang'
> Cc: dhcwg@ietf.org
> Subject: Re: [dhcwg] A new draft of draft-jiang-dhc-secure-dhcpv6 is
> submitted. Comments are welcome!
> 
> Hi Mark,
> Thanks for the detailed comments. Please see answers in lines.
> 
> >it's certainly worthwhile to explore use of asymmetric keys to secure
> >dhcpv6, so it's helpful to see this work. but there are a number of
> >issues with the details in this draft:
> 
> Before going through each problem, it will be helpful to clarify a
> point:
> the mechanism we proposed is not just an alternate auth which uses
> asymmetric keys (instead of symmetric keys), it also prevent IP
spoofing
> because CGA (rfc3972) provides bound between public key and IP
address.
> 
> >1. it's not clear why the existing extensible authentication option
> >couldn't be used. I believe I could map everything proposed for the
new
> 
> >"Signature Option" into the existing option, so I have to ask: why
not
> >do that? I suspect that you can make a case that it would be awkward
to
> 
> >try to fit the CGA parameters data into the body of the
authentication
> >option, and so make the case for the new CGA params option. but I'd
> like
> >to see that tradeoff discussed.
> 
> There was a similar discussion with Bernie Volz yesterday and the day
> before
> yesterday. For unknown reasons, mails from Sheng did not show up on
the
> mail
> list. However, we paste some discussion context the following:
> 
> Overall, we are aiming to provide additional security on top of
current
> DHCPv6 by using CGA. A CGA address is designed cryptographically bound
> with
> the client (or server) public key, this public/private key pair can be
> used
> to provide IP address verification and data integrity WITHOUT any
> separate
> key management mechanisms. (I don't think any current DHC options can
do
> IP
> address verification.)
> 
> When CGA is used as a secure and identity-bound IPv6 address, no extra
> authentication key mechanism is needed. Also public key management is
> very
> easy and does not need to transmit key related material in plaintext
> like
> DHCP AUTH does. In summary, the newly proposed Signature Option can
> achieve
> the same security purposes with a simpler and safer foundations - key
> management.
> 
> Additionally, CGA can be used not particularly for DHCPv6, but also
used
> for
> other scenarios when a save and identity-bound IPv6 address (like
SEND)
> is
> desired.
> 
> >2. an important benefit of using the existing option and
specification
> >that supports it is that the text in rfc3315 is much more detailed
and
> >rigorous than the text in this draft. the 3315 text is clear and
> correct
> >about the actual computations based on the structure of dhcpv6
> messages.
> >I don't think there'd be much benefit in extending this draft so that
> it
> >duplicates that existing specification text. I'd much rather see a
> focus
> >on the specifics of the steps required to produce and verify the
> >key-pair-based hash and signatures.
> 
> The same answer for point 1. We provide new security mechanisms
> DIFFERENT
> from the current.
> According to the verifications, there are rigorous descriptions in
> rfc3971
> and rfc3972. Surely we can make a clear reference or give short
> descriptions
> for sender/receiver activities.
> 
> >2a. doing (2) would help get you out of thinking that you depend on
the
> 
> >ordering of options - the text in 3315 is correct about that. I
second
> >Bernie's point that there's no need to require special ordering.
> 
> The order design is to simplify the verification processing at the
> receiver
> side. It is certainly doable if the signature option is somewhere in
the
> middle and still protect message contents after itself. However, in
that
> way, it is much more complicated for verifier to tell what contents
are
> covered by this signature or not (especially when more options are
added
> during transmission).
> 
> >3. there are an unusual number of instances of direct quotation from
> >RFCs. IMO, it's generally better to refer to RFCs because small
quotes
> >can be misleading without the context of an entire protocol. it's one
> >thing to use quotations if you're trying to establish a clarification
> of
> >the meaning of a specific passage, but I don't think that's what's
> >happening here.
> 
> The reason we do these direct quotations is because DHCPv6 has more
> security
> issues than our mechanism can solve. What we are quoting is what
DHCPv6
> [RFC3315] states as security issues and we can solve it.
> 
> >4. it would be more useful to describe a general-purpose way to use
> >asymmetric key pairs. the only things specific about the CGA
> application
> >as described here is the details of the use of the CGA parameters
> >structure and the dependency on seeing the client's original IP
source
> >address. but isn't that really just a specialized case, that only
> >extends the general case in a couple of ways?
> 
> As we state at the beginning, our proposal is not only substitute
> symmetric
> key with asymmetric key, but also verification of IP address and
simpler
> also safer key management.
> 
> >5. do you intend this only to be used when DHCPv6 is used to convey
> >configuration options? are there any differences required to support
> >address configuration, or prefix delegation?
> 
> Any scenarios that the sender can use certain source address rather
than
> unspecific addresses can be protected.
> 
> >6. what happens in relayed environments - where the client's original
> IP
> >source address is no longer visible to the DHCP server? is this just
> >meant to be hop-by-hop integrity protection?
> 
> Reply agents will add its own CGA option and Signature option out of
> encapsulated client/server DHCP message.
> 
> >7. I don't see anything here about authorization. anyone who can
> >generate a key pair can use this, right? so ... it's just message
> >integrity protection? do you propose to configure clients with server
> or
> >relay public keys? something like SEND, would it be interesting to
> >authorize relays and servers via certs? or validate clients' keys
with
> >certs?
> 
> I think you are talking about authentication of the message sender.
This
> is
> exactly what the signature does. A malicious node can certainly
generate
> a
> key pair, sign the message with private key and send the public key
with
> the
> message. But the receiver can find out that this public key is not
> trustworthy according to local public key list or certs. Certificate
is
> a
> safe way to use asymmetric cryptosystem and it's not the only way.
> 
> 
> Thank you!
> 
> Sheng & Sean
> 
> 
> 
> 
> Sheng Jiang wrote:
> > A new draft of draft-jiang-dhc-secure-dhcpv6 is submitted. Comments
> are
> > welcome!
> >
> > Filename:    draft-jiang-dhc-secure-dhcpv6
> > Version:    00
> > Staging URL:
> >
>
http://www3.ietf.org/proceedings/staging/draft-jiang-dhc-secure-dhcpv6-0
> 0.tx
> t
> > Title:     Secure DHCPv6 Using CGAs
> > Creation_date:    2008-07-04
> > WG ID:     Indvidual Submission
> > Number_of_pages: 14
> > Abstract:
> > The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) enables
DHCP
> 
> > servers to pass configuration parameters. It offers configuration
> > flexibility. If not secured, DHCPv6 is vulnerable to various attacks
> > particularly fake attack. This document analyzes the security issues
> of
> > DHCPv6 and specifies security mechanisms, mainly using CGAs.
> >
> > Best regards,
> >
> > Sheng JIANG, Ph.D.
> >
> > IP Research Department, Networking Research Department, Network
> Product
> > Line, Huawei Technologies Co. Ltd.
> >
> >
> >
> >
> >
>
------------------------------------------------------------------------
> >
> > _______________________________________________
> > dhcwg mailing list
> > dhcwg@ietf.org
> > https://www.ietf.org/mailman/listinfo/dhcwg
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg
> 
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg


_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www.ietf.org/mailman/listinfo/dhcwg

v2.23.0 | Report a Bug | By Email