RE: [dhcwg] RE: I-D ACTION:draft-droms-dhcp-relay-agent-ipsec-00. txt

"Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se> Mon, 04 November 2002 17:39 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24416 for <dhcwg-archive@odin.ietf.org>; Mon, 4 Nov 2002 12:39:16 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gA4HfGO09947 for dhcwg-archive@odin.ietf.org; Mon, 4 Nov 2002 12:41:16 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gA4HfGv09944 for <dhcwg-web-archive@optimus.ietf.org>; Mon, 4 Nov 2002 12:41:16 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24385 for <dhcwg-web-archive@ietf.org>; Mon, 4 Nov 2002 12:38:45 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gA4HY4v09017; Mon, 4 Nov 2002 12:34:04 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gA4HXwv09002 for <dhcwg@optimus.ietf.org>; Mon, 4 Nov 2002 12:33:58 -0500
Received: from imr1.ericy.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA23979 for <dhcwg@ietf.org>; Mon, 4 Nov 2002 12:31:28 -0500 (EST)
Received: from mr6.exu.ericsson.se (mr6u3.ericy.com [208.237.135.123]) by imr1.ericy.com (8.11.3/8.11.3) with ESMTP id gA4HXrd23365; Mon, 4 Nov 2002 11:33:53 -0600 (CST)
Received: from eamrcnt761.exu.ericsson.se (eamrcnt761.exu.ericsson.se [138.85.133.39]) by mr6.exu.ericsson.se (8.11.3/8.11.3) with ESMTP id gA4HXrF03818; Mon, 4 Nov 2002 11:33:53 -0600 (CST)
Received: by eamrcnt761.exu.ericsson.se with Internet Mail Service (5.5.2656.59) id <WCRS93SC>; Mon, 4 Nov 2002 11:33:53 -0600
Message-ID: <A1DDC8E21094D511821C00805F6F706B0499F93E@eamrcnt715.exu.ericsson.se>
From: "Bernie Volz (EUD)" <Bernie.Volz@am1.ericsson.se>
To: "'Thomas Narten'" <narten@us.ibm.com>
Cc: "'Ralph Droms'" <rdroms@cisco.com>, dhcwg@ietf.org
Subject: RE: [dhcwg] RE: I-D ACTION:draft-droms-dhcp-relay-agent-ipsec-00. txt
Date: Mon, 4 Nov 2002 11:32:50 -0600
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2656.59)
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C28428.3272084C"
Sender: dhcwg-admin@ietf.org
Errors-To: dhcwg-admin@ietf.org
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Id: <dhcwg.ietf.org>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>

Thomas:

I agree that as you get closer to the server, the security is likely to improve,
but are you willing to allow this to be the default? How can we be sure that these
parts of the network are secured?

My feeling is that we should never allow (by default) security to INCREASE. If you
do, you are giving a false sense of security.

I used SHOULD NOT because that should be the default behavior. Sure, it is fine
to allow the relay agent to be configurable to allow this but it should not be
the default.

- Bernie

-----Original Message-----
From: Thomas Narten [mailto:narten@us.ibm.com]
Sent: Monday, November 04, 2002 12:21 PM
To: Bernie Volz (EUD)
Cc: 'Ralph Droms'; dhcwg@ietf.org
Subject: Re: [dhcwg] RE: I-D
ACTION:draft-droms-dhcp-relay-agent-ipsec-00.txt 


> Yes, that was the text I was referring to. And, I think we are in
> agreement. I just feel it is better to state it the other way around
> - a relay agent SHOULD NOT relay a relayed message (giaddr field is
> no-zero) using IPsec unless the relay received that message secured
> by IPsec.

So if you have three DHC "hops" in your path, but one of them is
unprotected, it makes no sense to protect the other two ? That doesn't
follow at all.

The threats one is concerned about may vary on each "hop". It may well
make sense to protect the hop(s) that traverse paths where one is
particularly worried about threats, while not being as worried about
certain other hop on the overal path.

Right?

Thomas