IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18

Ted Lemon <ted.lemon@nominum.com> Sat, 31 May 2014 01:22 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72EB21A043C for <dhcwg@ietfa.amsl.com>; Fri, 30 May 2014 18:22:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nOqtqv-pZia for <dhcwg@ietfa.amsl.com>; Fri, 30 May 2014 18:22:56 -0700 (PDT)
Received: from shell-too.nominum.com (shell-too.nominum.com [64.89.228.229]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1104A1A0354 for <dhcwg@ietf.org>; Fri, 30 May 2014 18:22:56 -0700 (PDT)
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id A11171B81D5 for <dhcwg@ietf.org>; Fri, 30 May 2014 18:22:51 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 8930119005C; Fri, 30 May 2014 18:22:51 -0700 (PDT)
Received: from [10.0.10.40] (192.168.1.10) by CAS-02.WIN.NOMINUM.COM (192.168.1.101) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 30 May 2014 18:22:51 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Ted Lemon <ted.lemon@nominum.com>
In-Reply-To: <D1A3F542-E891-4B5D-961A-ED86E9234B03@gmail.com>
Date: Fri, 30 May 2014 21:22:42 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <D0FBDF9E-172E-4BA8-AB89-8AB7E9DA7309@nominum.com>
References: <535FEDAD.5010103@gmail.com> <5388F901.1000709@gmail.com> <78B235AF-D94C-40F1-9C76-4159B3A0A043@nominum.com> <F079574B-FF8A-4C8B-B562-0E0F8D4DC47F@gmail.com> <9EC3E851-483F-49CA-8C76-8D3149E4A230@nominum.com> <D1A3F542-E891-4B5D-961A-ED86E9234B03@gmail.com>
To: Ralph Droms <rdroms.ietf@gmail.com>
X-Mailer: Apple Mail (2.1878.2)
X-Originating-IP: [192.168.1.10]
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/wlNy7uDW6l96gtr0-tg80e4fwaU
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 May 2014 01:22:57 -0000

On May 30, 2014, at 9:09 PM, Ralph Droms <rdroms.ietf@gmail.com> wrote:
> My concern is that the RFC should be clear that authenticating the other endpoint isn't always enough, or can't be used in some situations.  Authenticating messages from a malicious server doesn't do much good.  I don't see how this mechanism could be used in an open network situation like at your local coffee chain shop.

I don't think the working group is qualified to say under what circumstances this mechanism is useful.   I can think of scenarios where it makes perfect sense to use it in the local coffee shop, and also scenarios where it doesn't.   It's applicable when you have keys, or when you are willing to make a leap of faith, or when you want to verify that the thing you're talking to now is the same thing you talked to previously.   Going through "it makes sense in the enterprise but not the coffee shop" seems wrong-headed to me.

v2.23.0 | Report a Bug | By Email