Re: [Gen-art] [dhcwg] Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13
Christian Huitema <huitema@microsoft.com> Sat, 11 July 2015 18:28 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 217411A9131; Sat, 11 Jul 2015 11:28:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.003
X-Spam-Level:
X-Spam-Status: No, score=-0.003 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id btEkhY2nsLbv; Sat, 11 Jul 2015 11:28:55 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0798.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:798]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EA351A912F; Sat, 11 Jul 2015 11:28:54 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0656.namprd03.prod.outlook.com (10.160.96.18) with Microsoft SMTP Server (TLS) id 15.1.213.14; Sat, 11 Jul 2015 18:28:34 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0207.004; Sat, 11 Jul 2015 18:28:34 +0000
From: Christian Huitema <huitema@microsoft.com>
To: joel jaeggli <joelja@bogus.com>, "Black, David" <david.black@emc.com>, Warren Kumari <warren@kumari.net>, "olafur@cloudflare.com" <olafur@cloudflare.com>, "ebersman-ietf@dragon.net" <ebersman-ietf@dragon.net>, "steve.sheng@icann.org" <steve.sheng@icann.org>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "ops-dir@ietf.org" <ops-dir@ietf.org>
Thread-Topic: [dhcwg] Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13
Thread-Index: AQHQu/FdUPEPBfjLDUOzAR3uPK2RcJ3WlKJA
Date: Sat, 11 Jul 2015 18:28:33 +0000
Message-ID: <DM2PR0301MB065593620A6E227EB2D5421CA89E0@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <CE03DB3D7B45C245BCA0D2432779493613FF7529@MX104CL02.corp.emc.com> <55A13B30.4070208@bogus.com>
In-Reply-To: <55A13B30.4070208@bogus.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: bogus.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [24.16.156.113]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0656; 5:v9l7T1GtlSQY3BarWIS+r7t2/8IOqgkeaKvwQBq/idTfKsv1OIIN7d1gjSMaFSIUqAAOINWgx7QfqawtqpiaGrqLOK/4XzDrx10pU07c0/EYMpAg30vx8OHAT6FjcTA7MZ6ZuQSnA3EnlZrJObL9Qg==; 24:ExV6acc0U6LZ1ruIZGxL08yScFJgqwJtpxb89XLBbK0tm7v5qnggbgsHeS0Iw8WUu++4KtjTddFyDYAXV7PRks5IFJSqd0cCIzDhrjcX7H0=; 20:jeX5la2lpCLNs5RDNI5i0R3FLFaiKW7GFolOMuXrGie1KnR3mlltwF5suD+Ibtod/SMGDJnL1JAaimnjO7qwhg==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0656;
dm2pr0301mb0656: X-MS-Exchange-Organization-RulesExecuted
x-microsoft-antispam-prvs: <DM2PR0301MB06563824684DC4D8EC716288A89E0@DM2PR0301MB0656.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:DM2PR0301MB0656; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0656;
x-forefront-prvs: 0634F37BFF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(51704005)(5001960100002)(46102003)(33656002)(2501003)(106116001)(99286002)(86362001)(5003600100002)(5001770100001)(74316001)(2201001)(76576001)(92566002)(2656002)(87936001)(54356999)(66066001)(76176999)(50986999)(86612001)(230783001)(5002640100001)(40100003)(189998001)(77156002)(62966003)(77096005)(102836002)(2900100001)(2950100001)(122556002)(7059030); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0656; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2015 18:28:33.5720 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0656
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/NEqzHN2hixPODjzT7Sxwzq0PDAg>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [Gen-art] [dhcwg] Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2015 18:28:57 -0000
On Saturday, July 11, 2015 8:50 AM, joel jaeggli wrote > ... > [5] Section 5: > > Fake > DHCP servers / fake RAs are currently a security concern - this > doesn't make them any better or worse. > > Please cite a reference for this, preferably with operational > recommendations on limiting these problems (e.g., ensure that DHCP and > RA traffic cannot be injected from outside/beyond the network that is relevant to the portal). There is definitely an attack vector there. Suppose an attacker can monitor the traffic, say on an unencrypted Wi-Fi hot spot. The attacker can see a DHCP request or INFORM, and race in a fake response with an URL of their own choosing. The mark's computer automatically connects there, and download some zero-day attack. Bingo! -- Christian Huitema
- [Gen-art] Gen-ART and OPS-Dir review of draft-wku… Black, David
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… joel jaeggli
- Re: [Gen-art] [dhcwg] Gen-ART and OPS-Dir review … Christian Huitema
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Warren Kumari
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Christian Huitema
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Sam Hartman
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Warren Kumari