Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
神明達哉 <jinmei@wide.ad.jp> Mon, 12 May 2014 17:12 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47EC41A0733 for <dhcwg@ietfa.amsl.com>; Mon, 12 May 2014 10:12:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.978
X-Spam-Level:
X-Spam-Status: No, score=-0.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lBvvK7ENSegX for <dhcwg@ietfa.amsl.com>; Mon, 12 May 2014 10:11:55 -0700 (PDT)
Received: from mail-we0-x22e.google.com (mail-we0-x22e.google.com [IPv6:2a00:1450:400c:c03::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 5FBE71A0741 for <dhcwg@ietf.org>; Mon, 12 May 2014 10:11:54 -0700 (PDT)
Received: by mail-we0-f174.google.com with SMTP id k48so7063174wev.5 for <dhcwg@ietf.org>; Mon, 12 May 2014 10:11:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=rHCmto7TQG0K9lPTB1JS2w9gY+NECUdjiO1QufqU5Kc=; b=HT3g634dh0eP1IVFj3zLZ28Py5LgqV9wmgO655IPBHlSrsr6SLbDDgy3xos4B7Ez8w nEuQAqWbEgwkVcbKMitUrpNMwhspXs3aD7nAx0H5eUdTzI0nN1U3l+pODo/UiqzfJEYH 36XCKxUE1O+QT22J01ihJsbwHmRYF0obg+nF+6YsiOztmzORy30pB6k9VrPT7tdfO2Rp XwekSHwAXySj/FBnn+lJK8a2SuVWPhuN9CNSvE5ByTOgjRb6wSv+whc84ibtCofItpx7 oS07x/GAziO6R0S4Ti8+u+znsg6beaZj8nbmmT2SNOpTB7jZwxwwpjC5BPeLIgBlNJ44 MioA==
MIME-Version: 1.0
X-Received: by 10.195.17.169 with SMTP id gf9mr993860wjd.10.1399914707782; Mon, 12 May 2014 10:11:47 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.194.222.9 with HTTP; Mon, 12 May 2014 10:11:47 -0700 (PDT)
In-Reply-To: <86DAC0E6-BC1A-4247-9AD1-C13DA01F170D@nominum.com>
References: <535FEDAD.5010103@gmail.com> <CAJE_bqen37j5UCsKZj6syVyvk2Xed4V_xGp-t4xY8shjmS+H5g@mail.gmail.com> <5D36713D8A4E7348A7E10DF7437A4B923AE43272@nkgeml512-mbx.china.huawei.com> <CAJE_bqe75D7oRJq=XmjPR9Dfvu3-AcL8kF9Pkm3JEOVsyxhr5A@mail.gmail.com> <5D36713D8A4E7348A7E10DF7437A4B923AE442FD@nkgeml512-mbx.china.huawei.com> <CAJE_bqc+Z8awb5773OLs8QtXuCRxYCWFRAKuQ9YP8anFwEQqsQ@mail.gmail.com> <5D53E8BB-F692-4752-A1B2-9BB09747C58B@nominum.com> <CAJE_bqeNNW1=dSnj4f=t7Fx9waG81cDeHdcikqk0ECUoLvgVzQ@mail.gmail.com> <86DAC0E6-BC1A-4247-9AD1-C13DA01F170D@nominum.com>
Date: Mon, 12 May 2014 10:11:47 -0700
X-Google-Sender-Auth: rUGWd1W7xDwr0XNyqxp4TUOLAzw
Message-ID: <CAJE_bqfnOhziaiOzf89gFK3vy_bC+SSWqUFwtLqusNtRRiyFkg@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Ted Lemon <ted.lemon@nominum.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/pz698qvju6I6XEx0WpD46rWyQGE
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 17:12:00 -0000
At Fri, 9 May 2014 18:44:57 -0400, Ted Lemon <ted.lemon@nominum.com> wrote: > > My main concern is the combination of authenticating clients with the > > leap of faith model. [...] > > You are right--I don't think there is a use case for leap-of-faith with clients. Okay. > > I'm okay with separating such discussions outside of this document. > > But then I'd personally like to see a "threat analysis" document > > first (covering these points), not the other way around. [...] > > We are in the awkward situation that lots of DHCP people already know what the threat models are, although I think you are correct that they have not been clearly articulated in a threat analysis document. I think such a document would be a good idea. However, I'm reluctant to delay this document on that basis. It might make sense to do so, but I will leave that up to the working group to debate. I don't want to be a blocker for this document because of this, either. If the rest of the wg thinks this is sufficiently substantial, that's fine; if not, but it's actually to be considered, hopefully a security AD will raise a concern at the time the IESG review; and if that's not even the case, presumably my point is not really that important. I'm okay with any of these possibilities. With noting this, if I may make a specific suggestion for the draft: - provide some specific common use cases of server authentication and client authentication - provide considerations on the applicability of the leap of faith model for these cases. in particular, note that there is no known use case for client authentication with leap of faith These can go to the introduction or a small separate section. And, I believe these can be sufficiently concise to fit in the protocol document without breaking its scope too much (and I think it's a reasonable compromise if we don't want to delay this document for a more formal threat analysis). On top of these, I'd even say: client authentication with leap of faith SHOULD NOT be used until a clear use case is identified. And, for the security considerations section on the resource exhaustion attacks I'd revise it so it will: - note that as long as the above 'SHOULD NOT' is honored this should be less concerned because this "attack" is much less likely/realistic on clients. (in other words, this is another reason why we should discourage the use of client authentication with leap of faith) > > Considerations like the possibility of resource exhaustion attacks as > > mentioned in Section 7 of the draft. > > Leap-of-faith typically involves some kind of act of faith before trusting a key. E.g., with ssh, that's the user saying "yes, go ahead." I don't think you could do a resource exhaustion attack in this situation. True, but this type of "act of faith" is not very feasible for servers since it requires human intervention (ssh itself is a proof of this). In the case of DHCP servers, I'm actually still not sure if this is a real threat (because they should already manage other types of possibly stale client related resources), but if we still consider this as a security matter, we need something else than the ssh kind of "act of faith". My suggestion above is one such thing. -- JINMEI, Tatuya
- [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Res… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Liubing (Leo)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Declan Ma
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… liuzilong8266
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- [dhcwg] WGLC summary for draft-ietf-dhc-sedhcpv6-… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- [dhcwg] Deployment consideration for SeDHCPv6 Sheng Jiang
- Re: [dhcwg] Deployment consideration for SeDHCPv6 神明達哉
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Ralph Droms
- Re: [dhcwg] Deployment consideration for SeDHCPv6 神明達哉
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Sheng Jiang
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Ralph Droms