Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-17.txt
Lishan Li <lilishan48@gmail.com> Thu, 20 October 2016 07:57 UTC
Return-Path: <lilishan48@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 874FE129427 for <dhcwg@ietfa.amsl.com>; Thu, 20 Oct 2016 00:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RJYSPmtWtpfx for <dhcwg@ietfa.amsl.com>; Thu, 20 Oct 2016 00:57:43 -0700 (PDT)
Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 58C04129424 for <dhcwg@ietf.org>; Thu, 20 Oct 2016 00:57:43 -0700 (PDT)
Received: by mail-qt0-x22d.google.com with SMTP id q7so43609149qtq.1 for <dhcwg@ietf.org>; Thu, 20 Oct 2016 00:57:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=U/7eHN3ECPYVdCD8U1pr7WLT0lR6VdRAWq2o/ax9mfA=; b=tOoiZ8vL353mi2M9Q80weNrhgszsQpSPlvrUAXXivzaGIDPrTJyakbiGg0NhV3o/+T STsNQrly2d2O0A97Q8DWRqe4nJy6//ykAQ/Gd+/nBP54psvhdNlLakitwMyhdz2gL1xU 0Uwajzt0y8zGUGKZYOCVgGC52OSdQmb7nrNdzz6/oNwFUlZwlipx5aqtqsnIzDGo8wzO qV5e1ZqARSsh0lvCvxfuA4tVqBnKRMgJ74g+ZFVsNJ3WB/lUF8Kxt4M+FRouPihf5zbH zE48uUz1U/4K0TLZuW7zlS+ArrCkJRoMYyFTOdHk4GknsKi8xmlz0PfX6DEkg3qtqbbc mPkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=U/7eHN3ECPYVdCD8U1pr7WLT0lR6VdRAWq2o/ax9mfA=; b=UBfxiJ7x++PDZAdOSIlv0hK4CN5ucsijOUxJzqfSf5oLSrxmGpjgQ6Ot13sbCCDVsz a9vXOjYLq11Yp7pdaC3RYNZxkNGtru9inmbf2W0RltyHXqrlhpkaRb/YHLCMibcK4qI0 8A95CX5FgBMMAgWYCj4KnlPSrPNBxN5lHkAhQsLgXFHqoDCTTnho9Z5CLasAWUvOoRmw fohRdaG8R7A6WdYHg+cwt0un41d7SWJ3cDHWEV6C29JWHwMgl9YVxklHyWZ1k0OONnhk XvazmYfXSf4CLCbfu59moNugitonjPxt9bQykRpv3qpKVHwFjnW1S9wFrkaaLMBFxqma L6PA==
X-Gm-Message-State: AA6/9RnFdZCI79+SwXEASsHmj7+qxqGUzgIvaRWS8AfLT+A/7i7JGq2QrHZ5PrGEwIAws9Y9QIKrnuDo7hxtrQ==
X-Received: by 10.237.49.198 with SMTP id 64mr10396067qth.113.1476950262205; Thu, 20 Oct 2016 00:57:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.41.197 with HTTP; Thu, 20 Oct 2016 00:57:41 -0700 (PDT)
In-Reply-To: <147694724120.18147.16778012041986441214.idtracker@ietfa.amsl.com>
References: <147694724120.18147.16778012041986441214.idtracker@ietfa.amsl.com>
From: Lishan Li <lilishan48@gmail.com>
Date: Thu, 20 Oct 2016 15:57:41 +0800
Message-ID: <CAJ3w4NfPi4FtrLaz==E5Rh_gAXHxomv=St-Mvq-XDkOb65aTyg@mail.gmail.com>
To: dhcwg <dhcwg@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0bb450bad4ba053f47471d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/pxPkyMohlkixDRJAujCSb0QrExg>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-17.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2016 07:57:46 -0000
Dear All,
We have submitted the new version of secure DHCPv6. After the
last IETF meeting, we have made the following update. Could
you please review the draft? Thanks in advance.
1. According to Bernie's comments, we updated the draft on the
following aspects: Increasing number option is changed into
64 bits; Increasing number check is a separate section;
IncreasingnumFail error status code is changed into
ReplayDetected error status code; Add the section of "caused
change to RFC3315".
2. For the deployment part, we discussed this problem on saag
mail list and then make the following decision: take OS (opportunistic
security) into consideration and make Tofu out of scope.
3. Randy has reviewed the first parts of the draft and gave
us some comments. According to his comments, we
updated the following aspects: Increasing number option only
contains the strictly increasing number; Add some description
about why encryption is needed in Security Issues of DHCPv6
part; For the algorithm agility part, the provider can offer multiple
EA-id, SA-id, HA-id and then receiver choose one from the
algorithm set.
Best Regards,
Lishan
2016-10-20 15:07 GMT+08:00 <internet-drafts@ietf.org>:
>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Dynamic Host Configuration of the IETF.
>
> Title : Secure DHCPv6
> Authors : Sheng Jiang
> Lishan Li
> Yong Cui
> Tatuya Jinmei
> Ted Lemon
> Dacheng Zhang
> Filename : draft-ietf-dhc-sedhcpv6-17.txt
> Pages : 29
> Date : 2016-10-20
>
> Abstract:
> DHCPv6 includes no deployable security mechanism that can protect
> end-to-end communication between DHCP clients and servers. This
> document describes a mechanism for using public key cryptography to
> provide such security. The mechanism provides encryption in all
> cases, and can be used for authentication based on pre-sharing of
> authorized certificates.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-dhc-sedhcpv6/
>
> There's also a htmlized version available at:
> https://tools.ietf.org/html/draft-ietf-dhc-sedhcpv6-17
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-sedhcpv6-17
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg
>
- [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-17.txt internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-sedhcpv6-1… Lishan Li