Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
神明達哉 <jinmei@wide.ad.jp> Fri, 09 May 2014 18:39 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D5F1A0099 for <dhcwg@ietfa.amsl.com>; Fri, 9 May 2014 11:39:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uqBPMOm2XQaW for <dhcwg@ietfa.amsl.com>; Fri, 9 May 2014 11:39:35 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) by ietfa.amsl.com (Postfix) with ESMTP id 0EA541A00B0 for <dhcwg@ietf.org>; Fri, 9 May 2014 11:39:34 -0700 (PDT)
Received: by mail-wi0-f182.google.com with SMTP id r20so1787289wiv.3 for <dhcwg@ietf.org>; Fri, 09 May 2014 11:39:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=XtA6z8W6tOZxjDlSskkFZ6krq13SXo5UobxBagpWUTc=; b=aLc74oQCtJSeJTnr7IhNcoC9CTaqKVzxn6MhNsTihct5x7blrbxgo0ZIzMzZlb98Mj LXFGj+fmLr6mHdONz8LN1vIYF41KkJZs7qtTucPiAykL58zdGpSCsi0HcM/606XXJF/x nTn31o8pYiMZKFPjhRSXWAsDDZjLQlHPJAR2pj/74ph58YSQccFCXGfPXKaPyYOFYHmf AFq/c5PQkMgkvcjaN8Q70it6EhntuNDrqoayFMCcnSOOJShwfRw3NeYKzVMZ71EAuEhc xXKKlc2AaMFbobfZvudFGTlgo3CM/4SVzP+FSUnAOoitpUePrexKYL3VTN0ZKCQQk2au j1yg==
MIME-Version: 1.0
X-Received: by 10.194.242.66 with SMTP id wo2mr4509730wjc.37.1399660769615; Fri, 09 May 2014 11:39:29 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.194.95.5 with HTTP; Fri, 9 May 2014 11:39:29 -0700 (PDT)
In-Reply-To: <5D53E8BB-F692-4752-A1B2-9BB09747C58B@nominum.com>
References: <535FEDAD.5010103@gmail.com> <CAJE_bqen37j5UCsKZj6syVyvk2Xed4V_xGp-t4xY8shjmS+H5g@mail.gmail.com> <5D36713D8A4E7348A7E10DF7437A4B923AE43272@nkgeml512-mbx.china.huawei.com> <CAJE_bqe75D7oRJq=XmjPR9Dfvu3-AcL8kF9Pkm3JEOVsyxhr5A@mail.gmail.com> <5D36713D8A4E7348A7E10DF7437A4B923AE442FD@nkgeml512-mbx.china.huawei.com> <CAJE_bqc+Z8awb5773OLs8QtXuCRxYCWFRAKuQ9YP8anFwEQqsQ@mail.gmail.com> <5D53E8BB-F692-4752-A1B2-9BB09747C58B@nominum.com>
Date: Fri, 09 May 2014 11:39:29 -0700
X-Google-Sender-Auth: YYKB-IegiNyXF57h-kGpZIbTKlE
Message-ID: <CAJE_bqeNNW1=dSnj4f=t7Fx9waG81cDeHdcikqk0ECUoLvgVzQ@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Ted Lemon <ted.lemon@nominum.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/oOkimr5FqmtS1dHVnRxw5pYO4GA
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 May 2014 18:39:36 -0000
At Thu, 8 May 2014 13:30:01 -0500, Ted Lemon <ted.lemon@nominum.com> wrote: > >>> - whether we really need (public key) authentication in that > >>> direction, and if we do, why > > Public key authentication makes sense in both directions. Servers > may be configured to grant different access to clients that > authenticate than to clients that don't. Clients may have lists of Okay, I can see that usage. > servers that either are known to be legitimate, or that are known to > have worked in the past (leap of faith). Being able to > discriminate between a good server and a rogue server using this > mechanism is desirable. I have no problem with this either. My main concern is the combination of authenticating clients with the leap of faith model. This model isn't suitable for the "grant different access" usage, since anyone can pretend to be an authenticated client with that model. > >>> - also if we do, what's the commonly expected model of "trust anchor": > >>> leap of faith or use of CA or something else, and if it's more > >>> likely to be a weaker model like leap of faith (I suspect so, for > >>> the direction of clients to servers), whether the motivation (1st > >>> bullet) is worth the weaker security > > This seems to be out of scope for the current document, which just specifies a mechanism for authenticating transactions given that a key is known. It's possible that this needs to be stated more clearly. The reason (IMHO) why it's out of scope is that there are a variety of mechanisms that might make sense and that could be implemented. I'm okay with separating such discussions outside of this document. But then I'd personally like to see a "threat analysis" document first (covering these points), not the other way around. As a believer of the YAGNI principle, I personally cannot be so enthusiastic about defining/implementing something that just *might* make sense somewhere. Especially so, if we need to worry about a security impact as mentioned in the security considerations section of the draft. > For instance, a DHCP server might give an unknown client an address in a walled garden where it could arrange to pay for service, and then its key would be known to the DHCP server and could be used to authenticate service in the future without requiring registration. I'm impressed with your imagination:-) Although I'm not sure if this example is persuasive enough, I see we can come up with some *possible* usage of client authentication with leap of faith. > >>> - and, if it's more likely to rely on leap of faith, what kind of > >>> consideration is needed > > You mean in terms of risk assessments? Considerations like the possibility of resource exhaustion attacks as mentioned in Section 7 of the draft. -- JINMEI, Tatuya
- [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Res… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Liubing (Leo)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Declan Ma
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… liuzilong8266
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- [dhcwg] WGLC summary for draft-ietf-dhc-sedhcpv6-… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- [dhcwg] Deployment consideration for SeDHCPv6 Sheng Jiang
- Re: [dhcwg] Deployment consideration for SeDHCPv6 神明達哉
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Ralph Droms
- Re: [dhcwg] Deployment consideration for SeDHCPv6 神明達哉
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Sheng Jiang
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Ralph Droms