Re: [dhcwg] Security review of draft-ietf-dhc-sedhcpv6-08.txt
Brian Haberman <brian@innovationslab.net> Mon, 27 July 2015 19:16 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6AE61B32A2 for <dhcwg@ietfa.amsl.com>; Mon, 27 Jul 2015 12:16:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.3
X-Spam-Level:
X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3hk2x_SnN4R8 for <dhcwg@ietfa.amsl.com>; Mon, 27 Jul 2015 12:16:48 -0700 (PDT)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BCA21B32A6 for <dhcwg@ietf.org>; Mon, 27 Jul 2015 12:16:48 -0700 (PDT)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id 0693D88132; Mon, 27 Jul 2015 12:16:48 -0700 (PDT)
Received: from clemson.jhuapl.edu (swifi-nat.jhuapl.edu [128.244.87.133]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id 9ACA51368268; Mon, 27 Jul 2015 12:16:47 -0700 (PDT)
To: 神明達哉 <jinmei@wide.ad.jp>
References: <m2h9pewm8j.wl%randy@psg.com> <55A6A5C6.7090809@innovationslab.net> <CAJE_bqe25+vW8VHDou0jgA6uB9YftbJYa-LNgepMvJV0DZLjvw@mail.gmail.com>
From: Brian Haberman <brian@innovationslab.net>
Message-ID: <55B6839B.8030700@innovationslab.net>
Date: Mon, 27 Jul 2015 15:16:43 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <CAJE_bqe25+vW8VHDou0jgA6uB9YftbJYa-LNgepMvJV0DZLjvw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="6ssestHGjrRvoH0C4L0n0mg2wgLH2Q249"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/w21ppuZ4bn8QEvZAft4H66e9b9Y>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, Russ Housley <housley@vigilsec.com>
Subject: Re: [dhcwg] Security review of draft-ietf-dhc-sedhcpv6-08.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2015 19:16:50 -0000
On 7/27/15 2:24 PM, 神明達哉 wrote: >> Russ Housley has reviewed the sedhcp draft from a security >> perspective. His comments are below. I have included him on the >> distribution so that he can engage in the discussion. > >> ------ > >> Section 4 says that TOFU is an option. I like leap-of-faith mechanisms >> in some situations, but I am not convinced that this is one of them. > > Specifically what are you referring to by "this"? The paragraph > beginning with "TOFU can also be used" and talking about hijack > prevention? I interpret the "this" to be referring to the DHCP client/server interaction. Regards, Brian
- [dhcwg] Security review of draft-ietf-dhc-sedhcpv… Brian Haberman
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… 神明達哉
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… Brian Haberman
- Re: [dhcwg] Security review of draft-ietf-dhc-sed… Bernie Volz (volz)