[saag] Fwd: New Version Notification for draft-ietf-dhc-sedhcpv6-12.txt
Lishan Li <lilishan48@gmail.com> Tue, 26 April 2016 14:03 UTC
Return-Path: <lilishan48@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3146712B065 for <saag@ietfa.amsl.com>; Tue, 26 Apr 2016 07:03:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Level:
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kstJitmPs1HO for <saag@ietfa.amsl.com>; Tue, 26 Apr 2016 07:03:47 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72BAC12D1B2 for <saag@ietf.org>; Tue, 26 Apr 2016 07:03:46 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id c126so19327984lfb.2 for <saag@ietf.org>; Tue, 26 Apr 2016 07:03:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=DjVIi+gWpboMbw+N5SeHAUMQCWXARv9eUHRHER+0pEw=; b=qXnKb6WK55499E7oqXCPqvb9FbJ3fCHErcsuNndSS/jsF8WfAxHaFhWRcdI3d1VCkA Iqv++HCADfHkd60gEfnIO1OF8Xu2dCSexnMdhqRHpPnDtZW//M67aZb0psNEoUfuHA1s VBSGKZuUWHiZyHx+79ayNjPgh8MiQ3YhP5o/zCBpbvTTOXKcpN7VYCpSLfR6XSA7jFav XFHowgwXRV0AJkWK6NVDKaKjw5XPLGfzM6bR1Rhz5MSVDil3FAO6bUY+ARNU4zScOzhv D/DPuhbf5PdVWjoBvkmHYA0EnDx9csCJiy+3G9ZGLMzuWq+BSp2/rAdQbkgfShxA7tvT dwUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=DjVIi+gWpboMbw+N5SeHAUMQCWXARv9eUHRHER+0pEw=; b=WrkM86AvJgVlpgyltD6aDSqbbOH3fQ+IxoW1gC5zQ3gGYvtJcObS2xPh8M+HIAugDi 6gVwvwdfjsZIKAv2oZRBMfrIO0LkZUfSgF4psjKwnaILSAHLRTsSDQAEf5wPYTtm/7gx thNnJbdL14m9IRjIshShjmhY3+oYKNfxWf1Z/cFXJp6kpayTRproRIg0tHIEJfaDXdWu cb2ig12EryOhOSVlMjtnUv3FJeUv9em7spfr2X9ijruXMGte+8BopPElCHVxzE+oRNjw xYeN5lGGniW5A9Gm4NiCCTO/SdAHZ0hf6NYOaXoC7aUDaoanGGnGqdb0w8c/LDyN1OJA xKDA==
X-Gm-Message-State: AOPr4FWQ+T+NokDWy5tyJqxkZF0FM1KDYf2AqqJ/Xwb3whSKK6hzMredYLC+kTwmCwaY2P9DT1dzNfIf25en5g==
MIME-Version: 1.0
X-Received: by 10.112.181.196 with SMTP id dy4mr1395664lbc.42.1461679424581; Tue, 26 Apr 2016 07:03:44 -0700 (PDT)
Received: by 10.114.173.71 with HTTP; Tue, 26 Apr 2016 07:03:44 -0700 (PDT)
In-Reply-To: <20160424143257.6997.44881.idtracker@ietfa.amsl.com>
References: <20160424143257.6997.44881.idtracker@ietfa.amsl.com>
Date: Tue, 26 Apr 2016 22:03:44 +0800
Message-ID: <CAJ3w4NcTwU+XF8iGeL2Nqe-NC9MUiyGJ6_nuOkaG53PU2kVXbA@mail.gmail.com>
From: Lishan Li <lilishan48@gmail.com>
To: saag@ietf.org
Content-Type: multipart/alternative; boundary="001a11c36f5ce0b724053163c211"
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/UybGxUEodGXVyzckZpmsGcfNmf0>
Subject: [saag] Fwd: New Version Notification for draft-ietf-dhc-sedhcpv6-12.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 14:03:51 -0000
Dear all, We have submitted a new version of secure DHCPv6, which describes authentication and encryption mechanisms for DHCPv6. Compared with the before version, we mainly made the following change: 1. we merge DHCPv6 authentication draft and DHCPv6 encryption draft together. 2. For the deployment issues, we just scope secure DHCPv6 to where we can actually use it, such as the desktops in enterprise network. In such networks it will be easier to manage client hosts. One trivial deployment scenario is therefore to manually pre-configure client with the trusted servers' public key and manually register clients' public keys for the server. In IETF95, the DHC WG suggests us to obtain some comments from some secure experts. Could you please review the draft and give some comments? I am really looking forward to your guidance/suggestions! Thanks in advance! Best Regards, Lishan ---------- Forwarded message ---------- From: <internet-drafts@ietf.org> Date: 2016-04-24 22:32 GMT+08:00 Subject: New Version Notification for draft-ietf-dhc-sedhcpv6-12.txt To: Ted Lemon <ted.lemon@nominum.com>, Tatuya Jinmei <jinmei@wide.ad.jp>, Sheng Jiang <jiangsheng@huawei.com>, Dacheng Zhang <dacheng.zhang@gmail.com>, Lishan Li <lilishan48@gmail.com>, Yong Cui <yong@csnet1.cs.tsinghua.edu.cn>, Ted Lemon <Ted.Lemon@nominum.com> A new version of I-D, draft-ietf-dhc-sedhcpv6-12.txt has been successfully submitted by Lishan Li and posted to the IETF repository. Name: draft-ietf-dhc-sedhcpv6 Revision: 12 Title: Secure DHCPv6 Document date: 2016-04-24 Group: dhc Pages: 28 URL: https://www.ietf.org/internet-drafts/draft-ietf-dhc-sedhcpv6-12.txt Status: https://datatracker.ietf.org/doc/draft-ietf-dhc-sedhcpv6/ Htmlized: https://tools.ietf.org/html/draft-ietf-dhc-sedhcpv6-12 Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-dhc-sedhcpv6-12 Abstract: The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) enables DHCPv6 servers to pass configuration parameters. It offers configuration flexibility. If not secured, DHCPv6 is vulnerable to various attacks. This document analyzes the security issues of DHCPv6 and specifies the secure DHCPv6 mechanism for authentication and encryption of messages between a DHCPv6 client and a DHCPv6 server. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat