[secdir] SecDir review of draft-ietf-dhc-topo-conf-08

Yaron Sheffer <yaronf.ietf@gmail.com> Fri, 03 June 2016 17:04 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABB8812D543; Fri, 3 Jun 2016 10:04:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FIMReiDdtuSn; Fri, 3 Jun 2016 10:04:35 -0700 (PDT)
Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1972312D198; Fri, 3 Jun 2016 10:04:35 -0700 (PDT)
Received: by mail-wm0-x22f.google.com with SMTP id n184so5000980wmn.1; Fri, 03 Jun 2016 10:04:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:subject:to:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=5S/8I5wsoA61Is6EedXLSunZuD/GmlMBNAuzGvjw49w=; b=FXpIOMPblQ6R3s4DZ/Ap5WtPPeUCjXCOvujjNXfM+VJ8cYf7OGWaH4SS5pY79Ah6Ot Yri6lKoWc0CtqspmdO6H4CrJLLi/lAxJNEHF9WDzJT9KyzLY2Gw4P7OrHFCNgnz9KesA YrETbK6lRpyaGYCsMA+azssOgVy+/Hcku0ENsHnF3OyGSPRftgpuVeOJa6LPve2fsbYp I/0aLvsnry9/MfmyjYR77X2TgqB+GxNak7GS7WYXmS1b8zOT90l3UzKVyQcBqrjdglKo PniHPBCAt6nyLFUVcWyTzqNsJP3kCSltYMqYs4S6QVD65Jw+StojW4h6D112Z4DI5ROh /cSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=5S/8I5wsoA61Is6EedXLSunZuD/GmlMBNAuzGvjw49w=; b=DWm2k28MCkHyRn1NMrhOU8yXujRH73cbk/YINj89oJx8jFRQwQ9SQKyZt77DnADlPx 0hmI6CDkSxaKLM97wxZhZrOSnz8vQ0wOP25j6n1qSxwMmuLD+Ur0uoluRHhkEKzjajc8 lETo3riEWEt7Kbwl9Ow2qh4sVM1HafJ8OpZPrws/4s2YGxiqsRjv00qILoJwH7IP3cWk ZWdENN0bz1ZKGinGriryYV5jwTFgPKLnmqw5CzxKcqXTmZr2jqV2ms1D473DCKW6Ohf4 hFgeU+fpUPPS1BuyiavLPv8OggC6MGUFjqNQIJkS0sGWcW0DKJmryw53XmMf19T088+l bHZg==
X-Gm-Message-State: ALyK8tKqXjsNLlRuOdUPhIAuY/vhsWgu98IwlAFm0OELMu4umMB0Fl8m8NOSWAiE70QvKQ==
X-Received: by 10.28.226.84 with SMTP id z81mr470407wmg.73.1464973473503; Fri, 03 Jun 2016 10:04:33 -0700 (PDT)
Received: from [10.0.0.9] (bzq-109-67-2-59.red.bezeqint.net. [109.67.2.59]) by smtp.gmail.com with ESMTPSA id e1sm6636487wjv.9.2016.06.03.10.04.29 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 03 Jun 2016 10:04:32 -0700 (PDT)
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: IETF Security Directorate <secdir@ietf.org>, The IESG <iesg@ietf.org>, draft-ietf-dhc-topo-conf.all@tools.ietf.org
Message-ID: <5751B895.1070400@gmail.com>
Date: Fri, 3 Jun 2016 20:04:21 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/1RS_iOIoLxL51QGcEg-r-vFJDzY>
Subject: [secdir] SecDir review of draft-ietf-dhc-topo-conf-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2016 17:04:38 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This document describes current practices for configuring DHCP in 
complex network scenarios, where the goal is to allow servers to 
configure DHCP clients differently depending on the client's network 
location.

Summary

This is a very extensive document, but the security considerations do 
not do it justice.

Details

The Security Considerations section is essentially empty, saying only 
that drafts that define DHCP options each include their own security 
considerations. However this document references 12 other RFCs (and they 
in fact do have substantial security considerations) so this leaves the 
reader to research the matter on her own.

Moreover, the technology covered spans more than 20 years (15 years, 
counting only Relay Agent Information), and security best practices have 
changed. Old security recommendations may not be today's best practices, 
and some previously recommended mechanisms may have never materialized 
in real-world deployment.

This document is basically a survey of best practices in deploying DHCP 
in complex networks. As such, I would expect the Security Considerations 
section to include:

- Recommendations about which configuration practices are to be 
preferred from a security point of view.
- Up to date security recommendations in summary form, at least for the 
main use cases covered.
- An architectural view, at the same level as the rest of the document, 
of how these configurations interact with common security practices like 
firewall-based network separation or NAC.

I realize that the document is 3 years old and everyone just wants to 
see it published, but in my opinion it is incomplete in its current form.

Thanks,
	Yaron