Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt
"Bernie Volz (volz)" <volz@cisco.com> Mon, 17 October 2016 13:57 UTC
Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06D1312968F for <dhcwg@ietfa.amsl.com>; Mon, 17 Oct 2016 06:57:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.952
X-Spam-Level:
X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eRaVlhIrarSI for <dhcwg@ietfa.amsl.com>; Mon, 17 Oct 2016 06:57:38 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8630B129688 for <dhcwg@ietf.org>; Mon, 17 Oct 2016 06:57:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2321; q=dns/txt; s=iport; t=1476712658; x=1477922258; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=SaT7JO3WN9dQGKwxiDDU6v6IuVrbb9bGe9JkcjCbPUc=; b=VrGA/8WledrqtBPB+wS8VbUOc2ZL/B3DeDmTo0V8azpZzKeQ9oflvdO7 rRk2Rnk3QgpLapzVupt+X4kC+w0RzOLxlZLNmLXKvUGXCm5TgdMbgbyU4 KOLfMXtJ+t1RtlNihcSApXz4dWEkfFwlKWnd5RB/L6ZAdh7MQ9FC+B+h8 I=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AqAQCL2ARY/4cNJK1cGQEBAQEBAQEBAQEBBwEBAQEBgzwBAQEBAR1XfAeNLZcDlDiCCB0NhXgCghY4FAECAQEBAQEBAV4cC4RhAQEBBAEBATc0FwQCAQgRBAEBHwkHJwsUCQgCBBMIiEoOwkUBAQEBAQEBAQEBAQEBAQEBAQEBAQEdixKEMYV1BZoGAYYniVWBdU6EGYkghxCFa4N/AR42UoRtcogBgQABAQE
X-IronPort-AV: E=Sophos;i="5.31,357,1473120000"; d="scan'208";a="160783590"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 17 Oct 2016 13:57:34 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id u9HDvYcs019941 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for <dhcwg@ietf.org>; Mon, 17 Oct 2016 13:57:34 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 17 Oct 2016 08:57:34 -0500
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1210.000; Mon, 17 Oct 2016 08:57:33 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt
Thread-Index: AQHSKH3w1/3ia17nOkO1pDvYv33g36CsqvKA
Date: Mon, 17 Oct 2016 13:57:33 +0000
Message-ID: <7e03afc26a08461e8308d5bdf985bed9@XCH-ALN-003.cisco.com>
References: <147671242179.4527.12337010225582460227.idtracker@ietfa.amsl.com>
In-Reply-To: <147671242179.4527.12337010225582460227.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.98.1.203]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/u1SuGgcNUMFWT_zJi_HjkcOMtLI>
Subject: Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 13:57:40 -0000
Hi: This update was a very minor change suggested by Stephen Farrell. In section 3, the last sentence in the 1st paragraph was updated to add "and other attacks", since this not only protects against pervasive monitoring. - Bernie -----Original Message----- From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Monday, October 17, 2016 9:54 AM To: i-d-announce@ietf.org Cc: dhcwg@ietf.org Subject: [dhcwg] I-D Action: draft-ietf-dhc-relay-server-security-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Dynamic Host Configuration of the IETF. Title : Security of Messages Exchanged Between Servers and Relay Agents Authors : Bernie Volz Yogendra Pal Filename : draft-ietf-dhc-relay-server-security-01.txt Pages : 8 Date : 2016-10-17 Abstract: The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) has no guidance for how to secure messages exchanged between servers and relay agents. The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) states that IPsec should be used to secure messages exchanged between servers and relay agents, but does not recommend encryption. And, with recent concerns about pervasive monitoring it is appropriate to provide recommendations for DHCPv4 and also improve the recommendations for DHCPv6. This document updates RFC1542 and RFC3315. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dhc-relay-server-security/ There's also a htmlized version available at: https://tools.ietf.org/html/draft-ietf-dhc-relay-server-security-01 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-relay-server-security-01 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] I-D Action: draft-ietf-dhc-relay-server-s… internet-drafts
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… Templin, Fred L
- Re: [dhcwg] I-D Action: draft-ietf-dhc-relay-serv… yogendra pal
- [dhcwg] WGLC on draft-ietf-dhc-relay-server-secur… Tomek Mrugalski
- Re: [dhcwg] WGLC on draft-ietf-dhc-relay-server-s… Bernie Volz (volz)
- [dhcwg] Comments on draft-ietf-dhc-relay-server-s… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Tomek Mrugalski
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Timothy Carlin
- Re: [dhcwg] Comments on draft-ietf-dhc-relay-serv… Bernie Volz (volz)
- [dhcwg] WGLC on draft-ietf-dhc-relay-server-secur… Tomek Mrugalski