IETF Logo Mail Archive

RE: [dhcwg] DUID on a Virtual Host

"Templin, Fred L" <Fred.L.Templin@boeing.com> Wed, 21 February 2007 15:04 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJt1T-00066q-Tf; Wed, 21 Feb 2007 10:04:47 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJt1Q-00066j-OB for dhcwg@ietf.org; Wed, 21 Feb 2007 10:04:44 -0500
Received: from blv-smtpout-01.boeing.com ([130.76.32.69] helo=blv-smtpout-01.ns.cs.boeing.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HJt1M-0003mm-9q for dhcwg@ietf.org; Wed, 21 Feb 2007 10:04:44 -0500
Received: from slb-av-01.boeing.com (slb-av-01.boeing.com [129.172.13.4]) by blv-smtpout-01.ns.cs.boeing.com (8.13.6/8.13.6/TEST_SMTPIN) with ESMTP id l1LF4aAo020034 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 21 Feb 2007 07:04:37 -0800 (PST)
Received: from slb-av-01.boeing.com (localhost [127.0.0.1]) by slb-av-01.boeing.com (8.13.6/8.13.6/DOWNSTREAM_RELAY) with ESMTP id l1LF4adx008340; Wed, 21 Feb 2007 07:04:36 -0800 (PST)
Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by slb-av-01.boeing.com (8.13.6/8.13.6/UPSTREAM_RELAY) with ESMTP id l1LF4Ubx008152; Wed, 21 Feb 2007 07:04:35 -0800 (PST)
Received: from XCH-NW-7V2.nw.nos.boeing.com ([130.247.54.35]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 21 Feb 2007 07:04:30 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [dhcwg] DUID on a Virtual Host
Date: Wed, 21 Feb 2007 07:03:58 -0800
Message-ID: <39C363776A4E8C4A94691D2BD9D1C9A10177471D@XCH-NW-7V2.nw.nos.boeing.com>
In-Reply-To: <61C42E7D-47A8-4BC8-9A91-BDF474A9C8B0@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [dhcwg] DUID on a Virtual Host
Thread-Index: AcdVYBVb7Wa470NjSAyg/1If2i1TRwAZ6F4g
References: <8E296595B6471A4689555D5D725EBB21035095C8@xmb-rtp-20a.amer.cisco.com> <200702201524.l1KFOQO4026527@cichlid.raleigh.ibm.com> <39C363776A4E8C4A94691D2BD9D1C9A101774702@XCH-NW-7V2.nw.nos.boeing.com> <45DB65B8.7080107@us.ibm.com> <39C363776A4E8C4A94691D2BD9D1C9A10177470D@XCH-NW-7V2.nw.nos.boeing.com> <61C42E7D-47A8-4BC8-9A91-BDF474A9C8B0@cisco.com>
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Markus Stenberg <mstenber@cisco.com>
X-OriginalArrivalTime: 21 Feb 2007 15:04:30.0493 (UTC) FILETIME=[967D4CD0:01C755C9]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Cc: narten@us.ibm.com, dhcwg@ietf.org, Ted.Lemon@nominum.com, volz@cisco.com
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: dhcwg.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
Errors-To: dhcwg-bounces@ietf.org

Thanks Markus,

I won't pretend to have a deep knowledge of this space, but I
am also being told that public key is considered as a unique
identifier for the SPKI/SDSI framework:

  http://en.wikipedia.org/wiki/Simple_public_key_infrastructure

Fred
fred.l.templin@boeing.com 

> -----Original Message-----
> From: Markus Stenberg [mailto:mstenber@cisco.com] 
> Sent: Tuesday, February 20, 2007 6:29 PM
> To: Templin, Fred L
> Cc: rbrabson@us.ibm.com; narten@us.ibm.com; dhcwg@ietf.org; 
> volz@cisco.com; Ted.Lemon@nominum.com
> Subject: Re: [dhcwg] DUID on a Virtual Host
> 
> On 21.2.2007, at 6.23, Templin, Fred L wrote:
> >> But, stepping back for a second, are public keys considered unique,
> >> anyway?  I'm not a security expert, but I  thought public keys were
> >> generated by the end user, and there is nothing that prevents
> >> two users
> >> from generating the same public key.  If so, how  does a a DHCP  
> >> server
> >> differentiate between two hosts that choose to use the same
> >> public key.
> > Yes, I wondered about that too and that was why I suggested
> > earlier that additional information (e.g., a L2 address, a
> > timestamp, etc.) might also be needed.
> 
> The answer is, it depends.. If you use a public key as-is, 
> then, yes,  
> collisions are possible but not probable  (probability of all say,  
> 1024 or 2048 bits being the same is roughly nil - think 1 in 2^1024  
> and you find that it is very unlikely). Even intentionally creating  
> same public key is insanely hard, equivalent in terms of effort to  
> breaking the encryption itself.
> 
> Of course, lacking/broken sources of randomness (think: boxes with  
> time that starts at 0, creating their first public keys at 
> first boot  
> with clock unset, and so forth) are different beast entirely.  With  
> that sort of environment timestamp won't save you either.
> 
> I think the correct approach is just to promote semi-reasonable  
> sources of randomness, and if that fails, initializing RNG with  
> hardware parameters and then using the public keys as-is.
> 
> There is of course the question of what we want to accomplish with  
> this scheme; raw public keys used like in SSH provide mostly 
> just way  
> of making sure that the users cannot easily pretend to be each other  
> based on sniffed traffic (assuming you add signature option to the  
> packets sent to the server, or alternatively receive encrypted  
> subblocks from the server), and provide some protection of the  
> content; however, are those desirable characteristics for DHCPv6?
> 
> Cheers,
> 
> -Markus
> 
> 

_______________________________________________
dhcwg mailing list
dhcwg@ietf.org
https://www1.ietf.org/mailman/listinfo/dhcwg

v2.30.2 | Report a Bug | By Email | System Status