Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6

Francis Dupont <Francis.Dupont@fdupont.fr> Mon, 05 June 2017 22:25 UTC

Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AA6F120721 for <dhcwg@ietfa.amsl.com>; Mon, 5 Jun 2017 15:25:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvKgeZmUgMk4 for <dhcwg@ietfa.amsl.com>; Mon, 5 Jun 2017 15:25:33 -0700 (PDT)
Received: from givry.fdupont.fr (givry.fdupont.fr [IPv6:2001:41d0:1:6d55:211:5bff:fe98:d51e]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14EAA12955D for <dhcwg@ietf.org>; Mon, 5 Jun 2017 15:25:32 -0700 (PDT)
Received: from givry.fdupont.fr (localhost [IPv6:::1]) by givry.fdupont.fr (8.14.7/8.14.7) with ESMTP id v55MAkmV073325; Tue, 6 Jun 2017 00:10:47 +0200 (CEST) (envelope-from dupont@givry.fdupont.fr)
Message-Id: <201706052210.v55MAkmV073325@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
cc: Tomek Mrugalski <tomasz.mrugalski@gmail.com>, dhcwg <dhcwg@ietf.org>
In-reply-to: Your message of Wed, 31 May 2017 11:01:44 -0700. <CAJE_bqfT2nDLPsfGWC2-mKdL0QPB9Gc+bik3Gp1VCQWCcmrVRg@mail.gmail.com>
Date: Tue, 06 Jun 2017 00:10:46 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/u5v_FTaZVkDLxPC3YumQAnpUFBM>
Subject: Re: [dhcwg] DHCP hackathon in Prague: SeDHCPv6
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jun 2017 22:25:37 -0000

 In your previous mail you wrote:

>  I guess there's at least one fundamental open issue to be resolved
>  before even trying to implement it:
>  https://www.ietf.org/mail-archive/web/dhcwg/current/msg18116.html

=> it is more than a fundamental issue: the idea to use RSA encryption
is simply a deadly bad one...

Regards

Francis.Dupont@fdupont.fr

PS: IMHO the current SeDHCPv6 protocol has no chance to go somewhere.
Perhaps we should drop it and restart from the beginning about
address assignment security, for instance using opportunistic DNSSEC
with a client embedded first relay? At least it does not need to
develop a new protocol...