[secdir] secdir review of draft-ietf-dhc-dhcpv4-active-leasequery-06

Tom Yu <tlyu@mit.edu> Wed, 30 September 2015 02:44 UTC

Return-Path: <tlyu@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1513C1B5A00; Tue, 29 Sep 2015 19:44:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1okQHwf-ri3N; Tue, 29 Sep 2015 19:44:16 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3BCEE1B2D4C; Tue, 29 Sep 2015 19:44:16 -0700 (PDT)
X-AuditID: 12074423-f793f6d000007fc1-2e-560b4c7e815e
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 22.48.32705.E7C4B065; Tue, 29 Sep 2015 22:44:14 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id t8U2iENh012081; Tue, 29 Sep 2015 22:44:14 -0400
Received: from localhost (sarnath.mit.edu [18.18.1.190]) (authenticated bits=0) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t8U2iCGZ024382; Tue, 29 Sep 2015 22:44:13 -0400
From: Tom Yu <tlyu@mit.edu>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-dhc-dhcpv4-active-leasequery.all@tools.ietf.org
Date: Tue, 29 Sep 2015 22:44:12 -0400
Message-ID: <ldvoagk8w3n.fsf@sarnath.mit.edu>
Lines: 19
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDIsWRmVeSWpSXmKPExsUixG6nolvnwx1mMPepiUXPriXMFjP+TGS2 +LDwIYsDs8eSJT+ZPL5c/swWwBTFZZOSmpNZllqkb5fAlbF/Tz97wU72imd/DrE1MLawdTFy ckgImEi0LP/DBGGLSVy4tx4ozsUhJLCYSWLB2X0sIAkhgY2MEt+asiESbxglOt/vYgVJsAlI Sxy/vAusW0QgXeLy9u2MXYwcHMICLhLbNxmBhFkEVCX+TvoGVs4roCvxYdIFdhCbR4BTomfD L6i4oMTJmU/AdjELaEnc+PeSaQIj7ywkqVlIUgsYmVYxyqbkVunmJmbmFKcm6xYnJ+blpRbp munlZpbopaaUbmIEB5SL8g7GPweVDjEKcDAq8fC+EOAOE2JNLCuuzD3EKMnBpCTKe80LKMSX lJ9SmZFYnBFfVJqTWnyIUYKDWUmE96kFUI43JbGyKrUoHyYlzcGiJM676QdfiJBAemJJanZq akFqEUxWhoNDSYI33RuoUbAoNT21Ii0zpwQhzcTBCTKcB2i4O0gNb3FBYm5xZjpE/hSjLseC H7fXMgmx5OXnpUqJ80aDFAmAFGWU5sHNAScCIcZ9rxjFgd4S5p0PUsUDTCJwk14BLWECWjJX lwtkSUkiQkqqgXHCxX1vp9mznXsW5+awsPLR3H/T54ef1G/6X+F+W+eA26Iwtk+mCS+Ljl1p 4dTbaql85OHOo9sCTN9UvQqat6f/vbcHx8fXM/Wl5wQVCzc/OBozz/6LRxN31Y4qD4YV/rf+ sXULH+2//n/jkgDRnM8qE4xFdh46+okzTOaerMKZ+TJ16Vm3GMKVWIozEg21mIuKEwH9xotg 3wIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/1OormDBKs3ciiPNIrSuPD6jgLpA>
Subject: [secdir] secdir review of draft-ietf-dhc-dhcpv4-active-leasequery-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2015 02:44:18 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

Summary: ready with nits

The Security Considerations of the draft seem reasonably complete.
There could be a minor traffic analysis risk in some environments due to
the real-time nature of Active Leasequery -- if the connection between
an authorized requester and the DHCP server traverses network paths
monitored by an adversary, the adversary could learn about the timing of
DHCP events, and might be able distinguish among different types of
events by the relative sizes of the messages.  This could be true even
if TLS is in use.  I suspect that the risk is minimal in typical
deployments.

-Tom