IETF Logo Mail Archive

Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt

Christian Huitema <huitema@microsoft.com> Thu, 30 July 2015 00:17 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50EC41B30B0 for <saag@ietfa.amsl.com>; Wed, 29 Jul 2015 17:17:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fTqefjxK6z7C for <saag@ietfa.amsl.com>; Wed, 29 Jul 2015 17:17:48 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0759.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::759]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBB481B30BC for <saag@ietf.org>; Wed, 29 Jul 2015 17:17:47 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) with Microsoft SMTP Server (TLS) id 15.1.219.17; Thu, 30 Jul 2015 00:17:30 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0219.018; Thu, 30 Jul 2015 00:17:30 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Randy Bush <randy@psg.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Thread-Topic: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt
Thread-Index: AQHQycGLJ+D8udSoFkCwplDgmzJ2AZ3yCYCAgAAwkACAABkoAIAAHbgAgABqd4CAAEYgIA==
Date: Thu, 30 Jul 2015 00:17:30 +0000
Message-ID: <DM2PR0301MB0655D564B5F697E14F5CF371A88B0@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <313da830.6be8.14ed8564467.Coremail.lilishan48@126.com> <m2mvyfh1re.wl%randy@psg.com> <55B8A692.8080409@cs.tcd.ie> <m2a8ufgpjn.wl%randy@psg.com> <55B8D49A.1010402@cs.tcd.ie> <m2y4hyg2za.wl%randy@psg.com>
In-Reply-To: <m2y4hyg2za.wl%randy@psg.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: psg.com; dkim=none (message not signed) header.d=none;
x-originating-ip: [2001:4898:80e8:2::2de]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0654; 5:CVq5mbPS/QfIXZj/PM9VtLHB4sVsqdM5fAcfH04dAKig89XLV40y19vgzs6omIjcyoPUiS8EKvj+InMxy6MsGn/OFKpjXOu/qz9zY4vYU/ddP9SrKc/j0JOHWNLofC7URQ9bdVygf9Ydvw9MIkMbjg==; 24:wcdSVuKJhrq84ijZ/GQJ51DEb63TJWMwlWVST3mNYrywbS1W+Qib6ORRjl30+BUSmNmafhcSmKeiY/FB5OxGDh8+EFeUU+VyTbVJgIHn7XY=; 20:3U1tEFmt9lPBMyHT6AbgUC38XMet75fRiSnGnqZXTKgRCIDyroYPS5pQie1VncGo3V1fzWhl+VeqPF9m8xI2tw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0654;
x-microsoft-antispam-prvs: <DM2PR0301MB0654EC4D20CFD81058134588A88B0@DM2PR0301MB0654.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(3002001); SRVR:DM2PR0301MB0654; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0654;
x-forefront-prvs: 06530126A4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(24454002)(93886004)(46102003)(106116001)(33656002)(230783001)(5001770100001)(62966003)(77156002)(102836002)(74316001)(189998001)(77096005)(76576001)(5003600100002)(99286002)(5002640100001)(40100003)(122556002)(54356999)(2900100001)(2950100001)(86362001)(50986999)(5001960100002)(76176999)(87936001)(10090500001)(2656002)(92566002)(5001920100001)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0654; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2015 00:17:30.7020 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0654
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/cN0z5TdpDXP6OBKUy8WTjhYoc0A>
Cc: Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Fw:Fw:New Version Notification for draft-cui-dhc-dhcpv6-encryption-02.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2015 00:17:50 -0000

On Wednesday, July 29, 2015 12:48 PM, Randy Bush wrote:
> ...
> but back to picking on dhcp, :)
> 
> within an enterprise, one is tempted to suggest enterprise-controlled credential
> distribution; i get a cert (or whatever) oob to let my laptop authenticate the
> dhcp service and vice versa.  but enterprises are seeing a lot of byod, and i am
> not sure how they are dealing with that.
> do they really want to authenticate all mobiles?
> 
> in the coffee shop, one would like the mobile device to be given the dhcp
> server's credentials out of band; i suggested a QR code on the wall as one (i.e.
> there could be others) example.  and, unlike the enterprise, i think the mobile
> device should reveal as little as possible about itself.
> 
> bottom line: i do not think there are easy solutions in the introduction space.
> but it is our responsibility.  and i am trying to think about it and others should
> too.

I sent private comments to the draft authors already, mostly about applicability issues, and mostly in line with Randy's comments.

IMHO this draft has a narrow applicability, which depends mostly on whether the client trusts the network. In the cases where the client does not trust the network, I believe attempting DHCP encryption does more harm than good.  The point is, DHCP encryption hides some of the DHCP parameters from parties on the link, but it also reveals the client identity as part of the key negotiation -- or in any case it reveals "parts" of that identity. At the same time, in the absence of pre-established trust, encryption does not really protect against on-link attackers, since they can spoof the server. In the "random coffee shop" scenario, the actual privacy harm is a bad bargain for the dubious security gain. In such scenario, I would recommend data minimization, e.g., a combination of randomized MAC Addresses and the DHCP anonymity profile.

Even in the "trusted network" scenario, the gain is only apparent in the absence of link-layer protection. For example, enterprise Wi-Fi networks typically use 802.1x and EAP to negotiate a link-layer encryption key specific to the client. This goes a long way towards protecting all the link traffic, including DHCP. Clearly there is a residual risk of on-line attackers, such as a local computer owned by a virus. That risk is generally mitigated by filters in the switches, restricting the sending of DHCP and RA packets. DHCP encryption would be useful if it was easier to deploy than those filters, and more secure.

So we are left with the application domain of "trusted networks" that do not implement link-layer protection. In those networks, DHCP encryption provide some privacy benefits, by hiding the value of identifiers and configuration parameters.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email