IETF Logo Mail Archive

Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt

"Lishan Li" <lilishan48@126.com> Wed, 29 July 2015 14:11 UTC

Return-Path: <lilishan48@126.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23FAB1A1BDD for <saag@ietfa.amsl.com>; Wed, 29 Jul 2015 07:11:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.359
X-Spam-Level:
X-Spam-Status: No, score=0.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RELAY_IS_220=2.118, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2iR5wUvzeQhF for <saag@ietfa.amsl.com>; Wed, 29 Jul 2015 07:11:52 -0700 (PDT)
Received: from m15-57.126.com (m15-57.126.com [220.181.15.57]) by ietfa.amsl.com (Postfix) with ESMTP id 6808F1A1B98 for <saag@ietf.org>; Wed, 29 Jul 2015 07:11:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=Date:From:Subject:MIME-Version:Message-ID; bh=OpEow bj6PMohsf938yTvsn2E1goOOonIWhXIVN02IRs=; b=HtM0PQITa9GnFqoYBgRb5 lsS5gioqYqEVmwgic8qJo3aIu0pkOqbh5vtFNcEJIzT6nB911ROw/4s8wNiVD919 3BMk5OiBdFdtXmS5w5VLksYsR4XQls56/zDj9fH61SSOVPN/0DOx8wPWnsEd4ruJ sfpbXnvEL1EgaOcuRfo7CU=
Received: from lilishan48$126.com ( [166.111.68.231] ) by ajax-webmail-wmsvr57 (Coremail) ; Wed, 29 Jul 2015 22:11:20 +0800 (CST)
X-Originating-IP: [166.111.68.231]
Date: Wed, 29 Jul 2015 22:11:20 +0800
From: Lishan Li <lilishan48@126.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version SP_ntes V3.5 build 20150119(59087.7062) Copyright (c) 2002-2015 www.mailtech.cn 126com
In-Reply-To: <55B8D49A.1010402@cs.tcd.ie>
References: <313da830.6be8.14ed8564467.Coremail.lilishan48@126.com> <m2mvyfh1re.wl%randy@psg.com> <55B8A692.8080409@cs.tcd.ie> <m2a8ufgpjn.wl%randy@psg.com> <55B8D49A.1010402@cs.tcd.ie>
X-CM-CTRLDATA: 4lgEJ2Zvb3Rlcl9odG09MTgwMDo4MQ==
Content-Type: multipart/alternative; boundary="----=_Part_237738_156245817.1438179080977"
MIME-Version: 1.0
Message-ID: <165fe8ce.ef05.14eda273b12.Coremail.lilishan48@126.com>
X-CM-TRANSID: OcqowACnmxUK37hV6bcSAA--.456W
X-CM-SenderInfo: 5olox2hkdqkma6rslhhfrp/1tbiaAtGwVQ88Sw2BgAAsh
X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/ThA6MNfwZ82qZTC9qzbm3Pt_yVU>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jul 2015 14:11:54 -0000

Dear Stephen,


As you said, we can use TOFU for the current mechanism. And in the future, we can specifies a set of key distribution mechanism for the DHCP. Could you please check whether my understanding is correct?
Thanks very much for your guidance.


Best Regards,
Lishan


At 2015-07-29 21:26:50, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>
>
>On 29/07/15 12:40, Randy Bush wrote:
>> but this is a tangent.  the point is that protocols which rely on
>> keying really need to nail the key distribution model(s).  
>
>I agree. But I think one of the issues here is that we don't
>(afaik) have a worked out analysis of how various key
>distribution models play with DHCP.
>
>> 
>> while tofu may be one, is it really one that security folk think the
>> ietf should advocate for set-up authenticity?  it's not how i want to
>> make the wsj; and coffee shop mitm will be in the wsj soon enough.
>
>Fair enough. OTOH, I don't think there will be one key
>distribution model that will work well for all DHCP
>deployments. So we may end up having to specify a set of
>mechanisms, when each is suitable to use and the security
>considerations resulting. That's a chunk of work, and a
>chunk of work where these authors are looking for help.
>I do hope someone's going to volunteer to help them with
>that.
>
>S.
>
>
>> 
>> randy
>> 
>> 
>
>_______________________________________________
>saag mailing list
>saag@ietf.org
>https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email