Re: [Geopriv] [geopriv] #23: Good Security of DHCP
"geopriv issue tracker" <trac@tools.ietf.org> Tue, 19 January 2010 22:42 UTC
Return-Path: <trac@tools.ietf.org>
X-Original-To: geopriv@core3.amsl.com
Delivered-To: geopriv@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CBF3D3A6801 for <geopriv@core3.amsl.com>; Tue, 19 Jan 2010 14:42:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nOC3kfKZWc-Q for <geopriv@core3.amsl.com>; Tue, 19 Jan 2010 14:42:46 -0800 (PST)
Received: from zinfandel.tools.ietf.org (unknown [IPv6:2001:1890:1112:1::2a]) by core3.amsl.com (Postfix) with ESMTP id 245973A67BD for <geopriv@ietf.org>; Tue, 19 Jan 2010 14:42:46 -0800 (PST)
Received: from localhost ([::1] helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.69) (envelope-from <trac@tools.ietf.org>) id 1NXMmX-0006oP-7V; Tue, 19 Jan 2010 14:42:41 -0800
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: geopriv issue tracker <trac@tools.ietf.org>
X-Trac-Version: 0.11.6
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.11.6, by Edgewall Software
To: Hannes.Tschofenig@gmx.net, bernard_aboba@hotmail.com, mlinsner@cisco.com
X-Trac-Project: geopriv
Date: Tue, 19 Jan 2010 22:42:41 -0000
X-URL: http://tools.ietf.org/geopriv/
X-Trac-Ticket-URL: http://wiki.tools.ietf.org/wg/geopriv/trac/ticket/23#comment:3
Message-ID: <076.7695ce221210c0f31b26068c8a655d3b@tools.ietf.org>
References: <067.d8c3c451cc0c66cb5bed185ebb0f9399@tools.ietf.org>
X-Trac-Ticket-ID: 23
In-Reply-To: <067.d8c3c451cc0c66cb5bed185ebb0f9399@tools.ietf.org>
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: Hannes.Tschofenig@gmx.net, bernard_aboba@hotmail.com, mlinsner@cisco.com, geopriv@ietf.org
X-SA-Exim-Mail-From: trac@tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Cc: geopriv@ietf.org
Subject: Re: [Geopriv] [geopriv] #23: Good Security of DHCP
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.9
Reply-To: trac@localhost.amsl.com
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/geopriv>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2010 22:42:46 -0000
#23: Good Security of DHCP ---------------------------------------+------------------------------------ Reporter: Hannes.Tschofenig@… | Owner: Hannes.Tschofenig@… Type: enhancement | Status: closed Priority: major | Milestone: draft-ietf-geopriv-3825bis Component: rfc3825bis | Version: Severity: Active WG Document | Resolution: fixed Keywords: | ---------------------------------------+------------------------------------ Changes (by bernard_aboba@…): * status: new => closed * resolution: => fixed * severity: - => Active WG Document Comment: The current text of the security considerations section addresses potential disclosure risks as well as modification attacks. I will add some advice on use of link level encryption in -06. "Where critical decisions might be based on the value of this GeoConf option, DHCP authentication as defined in "Authentication for DHCP Messages" [RFC3118] and "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" [RFC3315] SHOULD be used to protect the integrity of the DHCP options. Since there is no privacy protection for DHCP messages, an eavesdropper who can monitor the link between the DHCP server and requesting client can discover this LCI. To minimize the unintended exposure of location information, the LCI option SHOULD be returned by DHCP servers only when the DHCP client has included this option in its 'parameter request list' (section 3.5 [RFC2131]). When implementing a DHCP server that will serve clients across an uncontrolled network, one should consider the potential security risks." -- Ticket URL: <http://wiki.tools.ietf.org/wg/geopriv/trac/ticket/23#comment:3> geopriv <http://tools.ietf.org/geopriv/>
- [Geopriv] [geopriv] #23: Good Security of DHCP geopriv issue tracker
- Re: [Geopriv] [geopriv] #23: Good Security of DHCP geopriv issue tracker
- Re: [Geopriv] [geopriv] #23: Good Security of DHCP geopriv issue tracker
- Re: [Geopriv] [geopriv] #23: Good Security of DHCP geopriv issue tracker
- Re: [Geopriv] [geopriv] #23: Good Security of DHCP James M. Polk
- Re: [Geopriv] [geopriv] #23: Good Security of DHCP Bernard Aboba
- Re: [Geopriv] [geopriv] #23: Good Security of DHCP James M. Polk
- Re: [Geopriv] [geopriv] #23: Good Security of DHCP Thomson, Martin
- Re: [Geopriv] [geopriv] #23: Good Security of DHCP James M. Polk