Re: [dhcwg] more thoughts about draft-ietf-dhc-sedhcpv6-02.txt
Sten Carlsen <stenc@s-carlsen.dk> Thu, 26 June 2014 18:36 UTC
Return-Path: <stenc@s-carlsen.dk>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CC721B2CC3 for <dhcwg@ietfa.amsl.com>; Thu, 26 Jun 2014 11:36:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.892
X-Spam-Level:
X-Spam-Status: No, score=-0.892 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DK=1.009, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfbT4q29_nnV for <dhcwg@ietfa.amsl.com>; Thu, 26 Jun 2014 11:36:28 -0700 (PDT)
Received: from mail2.s-carlsen.dk (0134100024.0.fullrate.dk [90.185.128.210]) by ietfa.amsl.com (Postfix) with ESMTP id 89BBD1B2FC3 for <dhcwg@ietf.org>; Thu, 26 Jun 2014 11:14:07 -0700 (PDT)
Received: from [IPv6:2001:16d8:dd00:81ac:1c73:991a:1fed:b58b] (unknown [IPv6:2001:16d8:dd00:81ac:1c73:991a:1fed:b58b]) by mail2.s-carlsen.dk (Postfix) with ESMTPA id 72DFC154C3; Thu, 26 Jun 2014 20:13:35 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Sten Carlsen <stenc@s-carlsen.dk>
X-Mailer: iPhone Mail (11D201)
In-Reply-To: <201406261728.s5QHSP1A091330@givry.fdupont.fr>
Date: Thu, 26 Jun 2014 20:13:35 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <2F80E61F-10A9-4CC1-A0A4-1545E453766A@s-carlsen.dk>
References: <201406261728.s5QHSP1A091330@givry.fdupont.fr>
To: Francis Dupont <Francis.Dupont@fdupont.fr>
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/n0G5hd68arQsIL680mBpmHbTQKk
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] more thoughts about draft-ietf-dhc-sedhcpv6-02.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 18:36:32 -0000
> On 26 Jun 2014, at 19:28, Francis Dupont <Francis.Dupont@fdupont.fr> wrote: > > In your previous mail you wrote: > >>> => I can't see why you say that or do you mean timestamps have another >>> role than anti-replay? >> My point is that giving the attacker the means to synchronise the >> replay attack with the target will give replay attacks a considerable >> time window in which to play. > > => synchronization allows to offer a smaller window. On the contrary. Synchronisation allows me(the attacker) to change the victim's time to suit my replay. > I have two other arguments: > - IMHO it is better to consider clients will be synchronize than > to allow a large window and expect attackers to be never synchronized Attackers will synchronise but to their liking, in effect the attacker will always be synchronised. > - it is clear timestamps by themselves are not enough, this is why > I proposed to add nonces (note transaction IDs already provides > 24 bit of unpredictable data but 24 bits are not enough for high > speed LANs) > >> If signing messages in itself protects against replays, why bother >> with synchronising time? > > => signing is for origin and integrity, timestamps and/or nonces > are for anti-replay. Note it seems we need more analysis about > the usefulness of the anti-replay (I thought about the obvious > RELEASE replayed after a long delay but anyway a good security > threat analysis is (*again*) hardly needed... argh!) > > Regards > > Francis.Dupont@fdupont.fr
- [dhcwg] more thoughts about draft-ietf-dhc-sedhcp… Francis Dupont
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Sheng Jiang
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Francis Dupont
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Francis Dupont
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Sten Carlsen
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Sheng Jiang
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Francis Dupont
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Sten Carlsen
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Francis Dupont
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Francis Dupont
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… 神明達哉
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Sten Carlsen
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Francis Dupont
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Sten Carlsen
- Re: [dhcwg] more thoughts about draft-ietf-dhc-se… Francis Dupont