Re: [saag] Whether TOFU should be considered in secure DHCPv6?
Ted Lemon <mellon@fugue.com> Thu, 01 September 2016 03:16 UTC
Return-Path: <mellon@fugue.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E067C12D52D for <ietf@ietfa.amsl.com>; Wed, 31 Aug 2016 20:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dAH9zRA0jBek for <ietf@ietfa.amsl.com>; Wed, 31 Aug 2016 20:16:31 -0700 (PDT)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA80C12D16F for <ietf@ietf.org>; Wed, 31 Aug 2016 20:16:30 -0700 (PDT)
Received: by mail-lf0-x22e.google.com with SMTP id p41so32062550lfi.1 for <ietf@ietf.org>; Wed, 31 Aug 2016 20:16:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=eVPKTv66fOyeYCnot1NHA35v0+BGXjFHhQj10P/bjx0=; b=ZkEQtb/0aGNBHT26tS8or4zOumktZMCoRiMlNGOBSWpDj/tGGLvB3jX7MzwhGbyi0W QaiSxoML8WmkVVzyOzlpqlOGBr4WbLAoHprWnO/gSBWZOAjeC1eiYsR+WTlL5oGEwfK1 YLkuDfcbhvwR5rl9j07J0Krv7W2I+78pDg8tMyKByjtXUgDec+TuchWd75ZLu1EF/6D4 QSP5Oq+LfMSbJF4yU33FYdty21lv1jJyDtCj8qCtrR7q1YFldGaz1d/xjdhCxMgcOesH l7Frp8E1nJ6nlFaHRa2GYYvVf/i95nW07Ntwy8UP1B2SzEqU37vnyWVqaLkRfXh/diAq EnZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=eVPKTv66fOyeYCnot1NHA35v0+BGXjFHhQj10P/bjx0=; b=ZVCtXk9ZNR5Dj2s9ilTRIKz2BvYR6lwZi/f1EpLQzgA/ArXUBybufCHwMrqybAhlN7 mjVTyZVGcH4UuhT1PBj3MUezdiwwdS6HDrlVpONufTnBtOGdLKb8N+kMhgeCb6gwW5Qg AsdD9KeRIaYh+mDOF3+OQQST3Twe5czIJKLWV/otUC3v/zAyvKkMxjHXYbVRa8V+2fvr 5rvo2VOMg1nq+H0HWACIUJxVY8iFlLBZaDVt4y/P7WGlXtmq1bC5ChEWvHiqHlm+OJ4N 7wama7pUYUwv2HgdBfF9eX8xEp7Mf4s+N8Wsz9Aj4cgMN3chS8HzCIuUqpuoZvjjuASw Mj2g==
X-Gm-Message-State: AE9vXwNXVLY0PCLgwkOsMGCop9K6eSamEousB2amfdzJ3cct9ptvDOfRz6n72UHPd/TxMsk8elRrqMviy01xkQ==
X-Received: by 10.25.26.194 with SMTP id a185mr4481107lfa.167.1472699788683; Wed, 31 Aug 2016 20:16:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.217.93 with HTTP; Wed, 31 Aug 2016 20:15:48 -0700 (PDT)
In-Reply-To: <3CE7E269-C895-49BC-972E-5CD33D128987@dukhovni.org>
References: <CAJ3w4NcbueARjfCH4kUkj8Znt2fLOHc4jxPN5GFrYiWsHF=wXg@mail.gmail.com> <09c0e199-07e7-81b2-e414-3920672950b7@cs.tcd.ie> <CAJ3w4Ndo6HVpLotpj426fbzj90rQZvNLsttDUocfFOarSWNFAQ@mail.gmail.com> <m2a8fssc7i.wl-randy@psg.com> <CAJ3w4NcUtOr=8-v+Bg6Sm4yPqsbTGO4RBYEGgq9Bc6N31HMHfA@mail.gmail.com> <m2wpiwqtt4.wl-randy@psg.com> <F39581CB-808F-4BAE-B017-FB820619F546@dukhovni.org> <3CE7E269-C895-49BC-972E-5CD33D128987@dukhovni.org>
From: Ted Lemon <mellon@fugue.com>
Date: Wed, 31 Aug 2016 23:15:48 -0400
Message-ID: <CAPt1N1mpC--YKF0KeKibu8pW5mduLdHKhHPNm4Bd2v0P3+2WNw@mail.gmail.com>
Subject: Re: [saag] Whether TOFU should be considered in secure DHCPv6?
To: ietf <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="001a11403bd8c3fee7053b69a3f5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/j7rOmMDKNtGuIXhJPUaz-4HsZv4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 03:16:33 -0000
The UX for ToFU depends on the use model. For DHCP, the use model I would expect to be most common would be "if I have a choice between a server I talked to before that worked, and a server whose claimed identity can't be checked either because no authentication or because never seen before, pick the one I've seen before that worked." So it would be interesting to answer the question, does this make things worse or better in practice? I think better, but I'm curious to see what sort of opprobrium will rain down on me for putting forth that theory. :)
- Re: [saag] Whether TOFU should be considered in s… Viktor Dukhovni
- Re: [saag] Whether TOFU should be considered in s… Viktor Dukhovni
- Re: [saag] Whether TOFU should be considered in s… Ted Lemon