Re: [dhcwg] Eric Rescorla's No Objection on draft-ietf-dhc-rfc3315bis-10: (with COMMENT)
Eric Rescorla <ekr@rtfm.com> Tue, 23 January 2018 02:11 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40E7012D887 for <dhcwg@ietfa.amsl.com>; Mon, 22 Jan 2018 18:11:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xGt1v_d67BRg for <dhcwg@ietfa.amsl.com>; Mon, 22 Jan 2018 18:11:21 -0800 (PST)
Received: from mail-yb0-x230.google.com (mail-yb0-x230.google.com [IPv6:2607:f8b0:4002:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD07C127011 for <dhcwg@ietf.org>; Mon, 22 Jan 2018 18:11:21 -0800 (PST)
Received: by mail-yb0-x230.google.com with SMTP id u35so4224836ybi.1 for <dhcwg@ietf.org>; Mon, 22 Jan 2018 18:11:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=paYUGW9pbUDIu/T5aD1qoCa4D0tOT6hrJZZqa30Fqp8=; b=0bgjgPziW407KWxYSoOPMQi2FPPvlLiudoT+d3m5tzz4BYm3A8GlNx+pyhyZJo6yJd IkRXeIiHluMX5jBnqQ8myp+v9QW70Dn5EimOeCvqmu4C0zSTAHIdewPQVO91QVdviQXm ikK7Pd/Uqg2MUhgoFwVUcUeMCSF/LpfYV9IbLBq+lZEfgTdZJUYL+fiEIn+zx3ILfYK1 TzcU9dpafdakPt5yp1fdrzGDKfK5TlRCwJcvY5Y/w9mghlVgJQrpJfNrpWkk9HXsMHXd gO7NiV8nxPkK/+d0AJibfyx5IpQ40+0TcVYm6FzMRg8/8hmNiJtipqo/qAHySR5HosYf pN/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=paYUGW9pbUDIu/T5aD1qoCa4D0tOT6hrJZZqa30Fqp8=; b=jL+nF4K2XL2Fug7CW1nssMW3Wv/IK7KxnQtKa4AgmADqE+uxIdfSlT5BfZye5pxmU1 HKXmUj5jH9xmPpoZox9P8FYxWAgzHquFByCyFyiw16GrS8thV1BwH4OXnjqDm7yFalKD 4y/7+RodhfYmpmnl03D2mjD+tKM6nNaCPbQAA8NduAk93m9NNgBaVDKMgBz/q0K7Ut5h vz+o8YCvB/91RkIo4Bbb77wIwAlY/WCFMQ9fpqoAMGHbGupXnSoRqndOPaSHPv0jmSjJ ygCcsBszAGvS9ouWZbB5XCDRqAxYAUKOhb82FswLcqn5fGmB4cAmBiCt7DFbuP0UA5un 1gJQ==
X-Gm-Message-State: AKwxytc/sSjmC1zHCB6uMK2Wr2qQ9u0YANSauYligLXZ6ixxcbF0k7GM wmQb3jROUuv4K519+dkGH/QPa6ElursGhMZdAbIO+Q==
X-Google-Smtp-Source: AH8x2250xWdP4bLqwnAfG9oPMW9CTQ0qZYwJxlUMwraahdUHJyb1HO6kUJ2UeyVfbjJ5w60xOHdGlH2C4CMxCycNgyQ=
X-Received: by 10.13.226.194 with SMTP id l185mr872422ywe.47.1516673480815; Mon, 22 Jan 2018 18:11:20 -0800 (PST)
MIME-Version: 1.0
Received: by 10.129.160.201 with HTTP; Mon, 22 Jan 2018 18:10:40 -0800 (PST)
In-Reply-To: <39b6f692-ca0f-fd8c-f6af-3410f0e8387e@gmail.com>
References: <151656279222.3388.17356187412394517479.idtracker@ietfa.amsl.com> <85bba58c-e7ef-ce42-50a5-3ba83f2abba0@gmail.com> <CABcZeBNN1GFBZHo2kbvNKwbh1ehHaCcu4yOjz7cuEHcNGkxcxg@mail.gmail.com> <39b6f692-ca0f-fd8c-f6af-3410f0e8387e@gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 22 Jan 2018 18:10:40 -0800
Message-ID: <CABcZeBOnYjOtitSpu9KEiDFb5AkV4iHe2da14X5N__qvdFg+sw@mail.gmail.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-dhc-rfc3315bis@ietf.org, Ralph Droms <rdroms.ietf@gmail.com>, dhc-chairs@ietf.org, dhcwg@ietf.org
Content-Type: multipart/alternative; boundary="001a114fc3d6108f4705636810ff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dhcwg/xE3fcvCKR3CFwjwMpncVtFiiotY>
Subject: Re: [dhcwg] Eric Rescorla's No Objection on draft-ietf-dhc-rfc3315bis-10: (with COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jan 2018 02:11:24 -0000
On Mon, Jan 22, 2018 at 5:07 PM, Tomek Mrugalski <tomasz.mrugalski@gmail.com > wrote: > On 01/23/18 01:25, Eric Rescorla wrote: > > On Mon, Jan 22, 2018 at 4:14 PM, Tomek Mrugalski > > <tomasz.mrugalski@gmail.com <mailto:tomasz.mrugalski@gmail.com>> wrote: > > > > On 01/21/18 20:26, Eric Rescorla wrote: > > > Eric Rescorla has entered the following ballot position for > > > draft-ietf-dhc-rfc3315bis-10: No Objection > > Hi Eric, > > > > Thank you for your review and your favourable ballot. See my answers > > below. > > > > > ------------------------------------------------------------ > ---------- > > > COMMENT: > > > ------------------------------------------------------------ > ---------- > > > > > > Document: draft-ietf-dhc-rfc3315bis-10.txt > > > > > > Anyway, this part of the spec hasn't changed in bis. It would be > > extremely difficult to make any changes as there are millions of > devices > > that already use those DUID types. > > Well, we could encourage people to move to a UUID type for sending, no? > In many environments there is no standard way of getting the UUID. As an > implementor of DHCPv6 client I have no idea how to check whether the > hardware provides access to its UUID. Also, sysadmins like usage of LLT > and LL, because it has MAC address in it. This is something they know > and can read from the box or from the device itself. It's reasonable to > ask a user "what's your mac address?" but it's much more tricky to ask > "what's your uuid?" and expect to get a coherent answer. > > There may be privacy concerns, too. Once your phone discloses its UUID, > it's much easier to track it and changing MAC address wouldn't help you > at all. Devices using anonymity profile (RFC7844) must use LL type. > > I'm not saying that UUID is a bad type of DUID, just pointing out that > it has its own issues. But does it matter that much? DUID is just a blob > that must be unique and the server uses it to identify a client. If the > DUID is of certain type, additional information about the client can be > printed and that's about it. > I think you're misunderstanding me. What I am proposing is that you take the DUID input values, hash them, and use them as input to a name-based UUID: https://tools.ietf.org/rfcmarkup?doc=4122#section-4.3 > > The description of how to actually do replay detection seems pretty > > > thin. Do you think more detail would be helpful here. > > It would. How about this text added to the end of Section 20.3: > > > > "The client that receives a message with RDM field set to 0x00 MUST > > compare its replay detection field with the previous value sent by > > the same server. If this is the first time a client sees > Authentication > > option sent by the server, it MUST record the replay detection value, > > but otherwise skip the replay detection check. > > > > The servers that support reconfigure mechanism MUST ensure the replay > > detection value is retained after restarts. Failing to do that will > > cause the clients to refuse reconfigure messages sent by the server, > > effectively rendering the reconfigure mechanism useless." > > This seems like it scales badly as you need to keep an infinite replay > > list. > Not at all, unless your client interacted with infinite number of > servers and intends to visit them again. The server stores a single 64 > bit integer. Every time a packet is sent, that value is incremented. The > client stores one value for every server it wants to continue > communicating with. For great majority of cases this would be one > server. For mobile clients that visited multiple locations and have the > capability to retain the information to possibly resume operation in > previous locations that would be a handful of servers at most. > It seems like you're assuming that the client can only have one outstanding transaction with the server. Is that correct? -Ekr > What happens if you falsely declare something a replay? > If you falsely declare something a replay (why would you do that?), the > reconfigure packet is dropped by the client. The server will retransmit > its reconfigure message with a higher value which hopefully be accepted > by the client. If you somehow sabotage the client or trick it to believe > that a very high value of replay detection was sent previously, it will > continue to reject reconfigure messages. So you effectively disabled the > reconfigure mechanism on that client, but it continues to operate and > can still renew its configure, just after t1 timer, not immediately. > > Note that the replay detection is intended to be used with RKAP. So in > principle you could perform an attack by sending a packet with high > replay detection to confuse the client, but to do that you'd have to > also put the correct HMAC-MD5 digest. Otherwise the client will discard > your packet. If you have that ability, then you can do worse things than > confuse client's notion of a replay value. > > There is a text about possibility of exploiting the reconfigure key > mechanism to attack a client. Do you think we should extend it to also > mention the replay attack? > > Tomek >
- [dhcwg] Eric Rescorla's No Objection on draft-iet… Eric Rescorla
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Tomek Mrugalski
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Eric Rescorla
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Tomek Mrugalski
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Eric Rescorla
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Bernie Volz (volz)
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Eric Rescorla
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Ted Lemon
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Eric Rescorla
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Ted Lemon
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Eric Rescorla
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Ted Lemon
- Re: [dhcwg] Eric Rescorla's No Objection on draft… Michael Richardson