[dhcwg] Security review of draft-ietf-dhc-sedhcpv6-08.txt
Brian Haberman <brian@innovationslab.net> Wed, 15 July 2015 18:26 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 214C31AD065 for <dhcwg@ietfa.amsl.com>; Wed, 15 Jul 2015 11:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27TZTUT7fbdk for <dhcwg@ietfa.amsl.com>; Wed, 15 Jul 2015 11:26:11 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1517C1A6EDC for <dhcwg@ietf.org>; Wed, 15 Jul 2015 11:26:11 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id E912D880EA; Wed, 15 Jul 2015 11:26:10 -0700 (PDT)
Received: from brians-mbp.jhuapl.edu (swifi-nat.jhuapl.edu [128.244.87.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 9EB7E3520395; Wed, 15 Jul 2015 11:26:10 -0700 (PDT)
From: Brian Haberman <brian@innovationslab.net>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>, Russ Housley <housley@vigilsec.com>
References: <m2h9pewm8j.wl%randy@psg.com>
Message-ID: <55A6A5C6.7090809@innovationslab.net>
Date: Wed, 15 Jul 2015 14:26:14 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <m2h9pewm8j.wl%randy@psg.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="nWE7k6I60B96nqbFlTjKAwHIjDFnCgNlj"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/tICk34cF_Dc4SXz85ueEaP67GUY>
Subject: [dhcwg] Security review of draft-ietf-dhc-sedhcpv6-08.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 18:26:12 -0000
All,
Russ Housley has reviewed the sedhcp draft from a security
perspective. His comments are below. I have included him on the
distribution so that he can engage in the discussion.
Regards,
Brian
------
I was surprised by the use of "public key signatures"; we usually say
"digital signatures". Also, please use the terms in RFC 5280: CA =
Certification Authority (not Certificate Authority).
Section 3 should be recast as the things that need improvement in
DHCPv6. A different intro paragraph may be sufficient.
Section 4 says that TOFU is an option. I like leap-of-faith mechanisms
in some situations, but I am not convinced that this is one of them.
The discussion in Security Considerations provide useful advice to an
implementer, but it does not tell what risk an operator is accepting or
what risk a client is accepting. This analysis is needed for an
educated decision about actually using TOFU or not.
The document really says that we know how to do TOFU today, but it does
not explain the residual risks associated with it. It says that PKI
will resolve mitigate those additional risks, but the ability to deploy
PKI in this context is for further study. I'm not sure we are really
improving things if the only approach that we know how to do today
involve manual key management. You can't do manual key management for
some coffee shop WiFi that you did not know you would be visiting in
advance.
One possible way forward is to look at the certificates that are being
discussed in 802.1 for MACsec. They bind a MAC address to a public key.
Can the 802.1 certificate be used here too?
- [dhcwg] Security review of draft-ietf-dhc-sedhcpv… Brian Haberman
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… 神明達哉
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… Brian Haberman
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… Bernie Volz (volz)