IETF Logo Mail Archive

Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt

"Lishan Li" <lilishan48@126.com> Thu, 30 July 2015 08:21 UTC

Return-Path: <lilishan48@126.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C7D21B2CC5; Thu, 30 Jul 2015 01:21:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.359
X-Spam-Level:
X-Spam-Status: No, score=0.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RELAY_IS_220=2.118, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y95lJFBXEi2J; Thu, 30 Jul 2015 01:21:17 -0700 (PDT)
Received: from m15-10.126.com (m15-10.126.com [220.181.15.10]) by ietfa.amsl.com (Postfix) with ESMTP id 27A841B2CC1; Thu, 30 Jul 2015 01:21:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=Date:From:Subject:MIME-Version:Message-ID; bh=4crJ6 Do4F2/4n5NxUa3iq0aQ0husAsEDtveR+lzT7Xg=; b=KVc63BqUbj/2aoXAFosOW IGgJa/NyncJ2w7mF0VA4BBVPTaPgdZyjnJdLeLw6WZcaYwB7ivBMOoFCCAhXtqVb Ww6otbTrrMSFBSL1sTSZehVjb/M34Voxj2Z9b8vbKoN1S4BZ6wQ9Vef2yZIqxYJT Yr7iEXHqLDXmbiUVuDD1N8=
Received: from lilishan48$126.com ( [166.111.68.231] ) by ajax-webmail-wmsvr10 (Coremail) ; Thu, 30 Jul 2015 16:21:01 +0800 (CST)
X-Originating-IP: [166.111.68.231]
Date: Thu, 30 Jul 2015 16:21:01 +0800
From: Lishan Li <lilishan48@126.com>
To: Christian Huitema <huitema@microsoft.com>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version SP_ntes V3.5 build 20150119(59087.7062) Copyright (c) 2002-2015 www.mailtech.cn 126com
In-Reply-To: <DM2PR0301MB0655D564B5F697E14F5CF371A88B0@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <313da830.6be8.14ed8564467.Coremail.lilishan48@126.com> <m2mvyfh1re.wl%randy@psg.com> <55B8A692.8080409@cs.tcd.ie> <m2a8ufgpjn.wl%randy@psg.com> <55B8D49A.1010402@cs.tcd.ie> <m2y4hyg2za.wl%randy@psg.com> <DM2PR0301MB0655D564B5F697E14F5CF371A88B0@DM2PR0301MB0655.namprd03.prod.outlook.com>
X-CM-CTRLDATA: DdmVMWZvb3Rlcl9odG09NDUxNzo4MQ==
Content-Type: multipart/alternative; boundary="----=_Part_402966_357673020.1438244461199"
MIME-Version: 1.0
Message-ID: <76f2dbd9.194fc.14ede0cda90.Coremail.lilishan48@126.com>
X-CM-TRANSID: CsqowAB3fg5u3rlV7+4SAA--.2394W
X-CM-SenderInfo: 5olox2hkdqkma6rslhhfrp/1tbiaBlHwVQ88TUqrgABse
X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/X1nwm8Rrg9WSFaFxjHa6Dqo2uCE>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>, Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2015 08:21:19 -0000

Dear Christian,


Thanks for your comments. Please see inline.
At 2015-07-30 08:17:30, "Christian Huitema" <huitema@microsoft.com> wrote:
>On Wednesday, July 29, 2015 12:48 PM, Randy Bush wrote:
>> ...
>> but back to picking on dhcp, :)
>> 
>> within an enterprise, one is tempted to suggest enterprise-controlled credential
>> distribution; i get a cert (or whatever) oob to let my laptop authenticate the
>> dhcp service and vice versa.  but enterprises are seeing a lot of byod, and i am
>> not sure how they are dealing with that.
>> do they really want to authenticate all mobiles?
>> 
>> in the coffee shop, one would like the mobile device to be given the dhcp
>> server's credentials out of band; i suggested a QR code on the wall as one (i.e.
>> there could be others) example.  and, unlike the enterprise, i think the mobile
>> device should reveal as little as possible about itself.
>> 
>> bottom line: i do not think there are easy solutions in the introduction space.
>> but it is our responsibility.  and i am trying to think about it and others should
>> too.
>
>I sent private comments to the draft authors already, mostly about applicability issues, and mostly in line with Randy's comments.
>
>IMHO this draft has a narrow applicability, which depends mostly on whether the client trusts the network. In the cases where the client does not trust the network, I believe attempting DHCP encryption does more harm than good.  The point is, DHCP encryption hides some of the DHCP parameters from parties on the link, but it also reveals the client identity as part of the key negotiation -- or in any case it reveals "parts" of that identity. At the same time, in the absence of pre-established trust, encryption does not really protect against on-link attackers, since they can spoof the server. In the "random coffee shop" scenario, the actual privacy harm is a bad bargain for the dubious security gain. In such scenario, I would recommend data minimization, e.g., a combination of randomized MAC Addresses and the DHCP anonymity profile.

>
[Lishan]:  For the client identity reveal problem, Ralph and Jinmei examined the same problem in the original design. In the 01 version, we have solved the problem. And according to Ralph's suggestion, we currently adopt a scheme in which the server offers its certificate first, and then the client encrypt all of its traffic with the selected server's key, so that the message can only be decoded by the specific server. 
For the spoofing attack problem, our mechanism mainly focus on the client privacy protection. 
And I am sorry not to understand the "dubious security gain", could you please explain it more detail? Thanks!


>Even in the "trusted network" scenario, the gain is only apparent in the absence of link-layer protection. For example, enterprise Wi-Fi networks typically use 802.1x and EAP to negotiate a link-layer encryption key specific to the client. This goes a long way towards protecting all the link traffic, including DHCP. Clearly there is a residual risk of on-line attackers, such as a local computer owned by a virus. That risk is generally mitigated by filters in the switches, restricting the sending of DHCP and RA packets. DHCP encryption would be useful if it was easier to deploy than those filters, and more secure.

>
[Lishan]: The link-layer encryption 802.1x and EAP you mentioned is only designed for the Wi-Fi network. For the general scenario, such as wired environment, the DHCP encryption is needed. 


>So we are left with the application domain of "trusted networks" that do not implement link-layer protection. In those networks, DHCP encryption provide some privacy benefits, by hiding the value of identifiers and configuration parameters.
>
[Lishan]: I cannot agree with you. Whatever in the "trusted networks" or "untrusted networks", DHCPv6 encryption can both achieve the server authentication and encryption to protect the client's privacy.
Best Regards,
Lishan
>
>
>_______________________________________________
>saag mailing list
>saag@ietf.org
>https://www.ietf.org/mailman/listinfo/saag

v2.23.0 | Report a Bug | By Email