[dhcwg] Security review of draft-ietf-dhc-sedhcpv6-08.txt
Brian Haberman <brian@innovationslab.net> Wed, 15 July 2015 18:26 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 214C31AD065 for <dhcwg@ietfa.amsl.com>; Wed, 15 Jul 2015 11:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27TZTUT7fbdk for <dhcwg@ietfa.amsl.com>; Wed, 15 Jul 2015 11:26:11 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1517C1A6EDC for <dhcwg@ietf.org>; Wed, 15 Jul 2015 11:26:11 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id E912D880EA; Wed, 15 Jul 2015 11:26:10 -0700 (PDT)
Received: from brians-mbp.jhuapl.edu (swifi-nat.jhuapl.edu [128.244.87.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 9EB7E3520395; Wed, 15 Jul 2015 11:26:10 -0700 (PDT)
From: Brian Haberman <brian@innovationslab.net>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>, Russ Housley <housley@vigilsec.com>
References: <m2h9pewm8j.wl%randy@psg.com>
Message-ID: <55A6A5C6.7090809@innovationslab.net>
Date: Wed, 15 Jul 2015 14:26:14 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <m2h9pewm8j.wl%randy@psg.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="nWE7k6I60B96nqbFlTjKAwHIjDFnCgNlj"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/tICk34cF_Dc4SXz85ueEaP67GUY>
Subject: [dhcwg] Security review of draft-ietf-dhc-sedhcpv6-08.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 18:26:12 -0000
All, Russ Housley has reviewed the sedhcp draft from a security perspective. His comments are below. I have included him on the distribution so that he can engage in the discussion. Regards, Brian ------ I was surprised by the use of "public key signatures"; we usually say "digital signatures". Also, please use the terms in RFC 5280: CA = Certification Authority (not Certificate Authority). Section 3 should be recast as the things that need improvement in DHCPv6. A different intro paragraph may be sufficient. Section 4 says that TOFU is an option. I like leap-of-faith mechanisms in some situations, but I am not convinced that this is one of them. The discussion in Security Considerations provide useful advice to an implementer, but it does not tell what risk an operator is accepting or what risk a client is accepting. This analysis is needed for an educated decision about actually using TOFU or not. The document really says that we know how to do TOFU today, but it does not explain the residual risks associated with it. It says that PKI will resolve mitigate those additional risks, but the ability to deploy PKI in this context is for further study. I'm not sure we are really improving things if the only approach that we know how to do today involve manual key management. You can't do manual key management for some coffee shop WiFi that you did not know you would be visiting in advance. One possible way forward is to look at the certificates that are being discussed in 802.1 for MACsec. They bind a MAC address to a public key. Can the 802.1 certificate be used here too?
- [dhcwg] Security review of draft-ietf-dhc-sedhcpv… Brian Haberman
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… 神明達哉
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… Brian Haberman
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… Bernie Volz (volz)