IETF Logo Mail Archive

Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18

Sheng Jiang <jiangsheng@huawei.com> Tue, 13 May 2014 08:58 UTC

Return-Path: <jiangsheng@huawei.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 200501A0447 for <dhcwg@ietfa.amsl.com>; Tue, 13 May 2014 01:58:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.552
X-Spam-Level:
X-Spam-Status: No, score=-4.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rkfj-J_1-NFw for <dhcwg@ietfa.amsl.com>; Tue, 13 May 2014 01:58:41 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id EB98A1A018F for <dhcwg@ietf.org>; Tue, 13 May 2014 01:58:40 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml204-edg.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BEC16684; Tue, 13 May 2014 08:58:33 +0000 (GMT)
Received: from LHREML405-HUB.china.huawei.com (10.201.5.242) by lhreml204-edg.china.huawei.com (172.18.7.223) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 13 May 2014 09:56:47 +0100
Received: from NKGEML404-HUB.china.huawei.com (10.98.56.35) by lhreml405-hub.china.huawei.com (10.201.5.242) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 13 May 2014 09:58:21 +0100
Received: from NKGEML512-MBX.china.huawei.com ([169.254.7.206]) by nkgeml404-hub.china.huawei.com ([10.98.56.35]) with mapi id 14.03.0158.001; Tue, 13 May 2014 16:58:08 +0800
From: Sheng Jiang <jiangsheng@huawei.com>
To: Ted Lemon <ted.lemon@nominum.com>, 神明達哉 <jinmei@wide.ad.jp>
Thread-Topic: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
Thread-Index: AQHPY9fqOkQX2Up+wk+VaPjsYGUK15sp5cSAgAlKLTCAAZYjAIABm4uAgAAEhoCAACMagIABlPqAgABElYCABc/wYA==
Date: Tue, 13 May 2014 08:58:07 +0000
Message-ID: <5D36713D8A4E7348A7E10DF7437A4B923AE47C5A@nkgeml512-mbx.china.huawei.com>
References: <535FEDAD.5010103@gmail.com> <CAJE_bqen37j5UCsKZj6syVyvk2Xed4V_xGp-t4xY8shjmS+H5g@mail.gmail.com> <5D36713D8A4E7348A7E10DF7437A4B923AE43272@nkgeml512-mbx.china.huawei.com> <CAJE_bqe75D7oRJq=XmjPR9Dfvu3-AcL8kF9Pkm3JEOVsyxhr5A@mail.gmail.com> <5D36713D8A4E7348A7E10DF7437A4B923AE442FD@nkgeml512-mbx.china.huawei.com> <CAJE_bqc+Z8awb5773OLs8QtXuCRxYCWFRAKuQ9YP8anFwEQqsQ@mail.gmail.com> <5D53E8BB-F692-4752-A1B2-9BB09747C58B@nominum.com> <CAJE_bqeNNW1=dSnj4f=t7Fx9waG81cDeHdcikqk0ECUoLvgVzQ@mail.gmail.com> <86DAC0E6-BC1A-4247-9AD1-C13DA01F170D@nominum.com>
In-Reply-To: <86DAC0E6-BC1A-4247-9AD1-C13DA01F170D@nominum.com>
Accept-Language: en-GB, zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.111.98.145]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/wwrgsysz-OiTQQPTXgFCXUAaX_4
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 May 2014 08:58:43 -0000

>On May 9, 2014, at 2:39 PM, 神明達哉 <jinmei@wide.ad.jp> wrote:
>> My main concern is the combination of authenticating clients with the
>> leap of faith model.  This model isn't suitable for the "grant
>> different access" usage, since anyone can pretend to be an
>> authenticated client with that model.
>
Ted Lemon>You are right--I don't think there is a use case for leap-of-faith with clients.

The purpose of authenticating clients with the leap of faith model is to protect the follow-up client-to-server messages, such as Confirm, Renew, Rebind, Decline, Release, Information-request messages, hence, more protection for clients.

When there is no security protection, an attacker can try to tamper the messages or generate bogus messages at the all the stages of the communication between a DHCP client and a server. For example, an attacker may send a bogus Release message, masquerading as a client, to the server. The network then deny the access from that IP address. It would actually affect the client.

After introducing leap of faith, the attack surface is narrowed. An attacker can only have changes to perform above mentioned attacks when the legal client or the legal DHCP server exchange their first pair of messages. After that, any bogus packets could be detected. So, the clients that use PK or unverifiable certificate would have more protection over legacy clients.

It has been realized that the leap of faith cannot prevent an attacker from impersonating legal clients to perform resource exhausting attacks against the DHCP server. In order to deal with this type of attack, certificate based mechanism needs to be provided. We also note that the leap of faith will consume additional memory resources of servers to remember the hash values of the public keys used by the clients. However, when using SHA-1 the length of the hash of a public key is no longer than an IPv6 address. So, we don’t think this will seriously affect the performance of the DHCP server.

Best regards,

Sheng + Dacheng

v2.23.0 | Report a Bug | By Email