IETF Logo Mail Archive

Re: [secdir] secdir review of draft-raj-dhc-tftp-addr-option-04

Ralph Droms <rdroms@cisco.com> Wed, 03 December 2008 11:16 UTC

Return-Path: <secdir-bounces@ietf.org>
X-Original-To: secdir-archive@ietf.org
Delivered-To: ietfarch-secdir-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5082528C0F8; Wed, 3 Dec 2008 03:16:04 -0800 (PST)
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C00F23A6BB0; Wed, 3 Dec 2008 03:16:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.659
X-Spam-Level:
X-Spam-Status: No, score=-5.659 tagged_above=-999 required=5 tests=[AWL=0.940, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8CiXY8bXJ-Sc; Wed, 3 Dec 2008 03:16:00 -0800 (PST)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id 549133A6B5A; Wed, 3 Dec 2008 03:16:00 -0800 (PST)
X-IronPort-AV: E=Sophos;i="4.33,708,1220227200"; d="scan'208";a="29832248"
Received: from rtp-dkim-2.cisco.com ([64.102.121.159]) by rtp-iport-1.cisco.com with ESMTP; 03 Dec 2008 11:15:56 +0000
Received: from rtp-core-1.cisco.com (rtp-core-1.cisco.com [64.102.124.12]) by rtp-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id mB3BFtTP023167; Wed, 3 Dec 2008 06:15:55 -0500
Received: from xbh-rtp-211.amer.cisco.com (xbh-rtp-211.cisco.com [64.102.31.102]) by rtp-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id mB3BFtQk013188; Wed, 3 Dec 2008 11:15:55 GMT
Received: from xfe-rtp-201.amer.cisco.com ([64.102.31.38]) by xbh-rtp-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 3 Dec 2008 06:15:55 -0500
Received: from bxb-rdroms-8717.cisco.com ([10.98.10.88]) by xfe-rtp-201.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 3 Dec 2008 06:15:54 -0500
Message-Id: <DF78BDA7-CCED-45D8-A568-5D042E721CAF@cisco.com>
From: Ralph Droms <rdroms@cisco.com>
To: John C Klensin <john-ietf@jck.com>
In-Reply-To: <56DEB14D23377D001B19EFE5@p3.int.jck.com>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Wed, 03 Dec 2008 06:15:45 -0500
References: <alpine.BSF.1.10.0811260255330.4213@fledge.watson.org> <90AC45ED-BF49-46ED-A35A-14E1BF699959@cisco.com> <56DEB14D23377D001B19EFE5@p3.int.jck.com>
X-Mailer: Apple Mail (2.929.2)
X-OriginalArrivalTime: 03 Dec 2008 11:15:55.0295 (UTC) FILETIME=[82836AF0:01C95538]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=3063; t=1228302955; x=1229166955; c=relaxed/simple; s=rtpdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rdroms@cisco.com; z=From:=20Ralph=20Droms=20<rdroms@cisco.com> |Subject:=20Re=3A=20secdir=20review=20of=20draft-raj-dhc-tf tp-addr-option-04 |Sender:=20 |To:=20John=20C=20Klensin=20<john-ietf@jck.com>; bh=5xDkCriG10X0T1fzqt/tuszisKteGnNnXV3dG0BaDcY=; b=RVWKXRJ+kNT2Nfvrs9maC3u+hRBU15kTvzdiZrgRcroqj4or3ujqN2/nWE BWqz0h0YVrHJriJVslnr5qvrXUp4ZBt2aea++H5Zs+ByI5yXM5kmhTIlOPAB bYT1XWjK1z;
Authentication-Results: rtp-dkim-2; header.From=rdroms@cisco.com; dkim=pass ( sig from cisco.com/rtpdkim2001 verified; );
Cc: Richard Johnson <raj@cisco.com>, IETF Discussion <ietf@ietf.org>, secdir@ietf.org, Ralph Droms <rdroms@cisco.com>, dhc Chairs <dhc-chairs@tools.ietf.org>, Samuel Weiler <weiler@watson.org>, IESG IESG <iesg@ietf.org>
Subject: Re: [secdir] secdir review of draft-raj-dhc-tftp-addr-option-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: secdir-bounces@ietf.org
Errors-To: secdir-bounces@ietf.org

John - guess I wasn't clear in my reply.  I think it would be fine to  
include text suggesting the use of DHCP authentication.  Mandating  
authentication would be, in my opinion, out of scope.

To be clear, I don't see that there are, in practice, problems with  
the current deployment practice.  RFC 3118 was published several years  
ago, but deployment practice today uses other methods to mitigate the  
risk of DHCP server spoofing attacks.  Similar words about  
recommending the use of RFC 3118 authentication have been included in  
other RFCs, but RFC 3118 remains undeployed (and, in fact, mostly  
unimplemented).

- Ralph


On Dec 2, 2008, at Dec 2, 2008,3:53 PM, John C Klensin wrote:

>
>
> --On Tuesday, 02 December, 2008 15:23 -0500 Ralph Droms
> <rdroms@cisco.com> wrote:
>
>> Sam - I think most of the issues in your review of
>> draft-raj-dhc-tftp-addr-option-04 can be resolved by reviewing
>> the purposes of RFC 3942 and publishing Informational RFCs
>> describing DHCP option codes.  Fundamentally, the reason to
>> publish RFCs under the process described in RFC 3942 is to
>> document existing uses of option codes in the range of option
>> codes reclaimed for assignment to new DHCP options.  The
>> concern is to avoid conflicts between new options and those
>> grandfathered ("hijacked") option codes.  As such, these RFCs
>> (usually Informational) simply document the already
>> ...
>> Responding to some of your specific points:
>>
>>>> At the very least, I suggest mandating the use of DHCP Auth
>>>> and   removing the suggestion to use option 66 to enhance
>>>> security.  And,   in the absence of a more data about how
>>>> widely used this option is,   I suggest not publishing this
>>>> document at all.
>>
>> The consensus of the dhc WG, to which I concur, is to publish
>> the document as Informational. The text in the Security
>> Considerations section about option 66 might be removed.
>> ...
>> To reiterate, it's not so much a question of whether a new
>> code point is needed; rather, according to the procedures
>> described in RFC 3942, this document gives a description of an
>> existing use of option code 150.  That option code is in use
>> ...
>
> Ralph,
>
> It seems to me that there is a middle ground here.   One can
> stick with Informational publication as the WG intends, but
> still modify the Security Considerations section, not only to
> remove the reference to option 66 (if there is consensus that is
> appropriate) but to add some explanation about why the use of
> this option without authentication might be problematic.
>
> Put differently, your objection to Sam's suggestion seems to
> hinge on "just describe the existing practice, don't try to
> change it in this document". Given RFC 3492, that is entirely
> reasonable.  But, if there are relatively obvious difficulties
> with that practice, it seems to me that documenting them would
> be helpful (indeed that not doing so borders on irresponsible).
>
>    john
>
>

_______________________________________________
secdir mailing list
secdir@ietf.org
https://www.ietf.org/mailman/listinfo/secdir

v2.23.0 | Report a Bug | By Email