Re: [secdir] SECDIR review of draft-ietf-dhc-dhcpv6-unknown-msg-05
Chris Lonvick <clonvick@cisco.com> Wed, 05 March 2014 19:55 UTC
Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C587C1A0224; Wed, 5 Mar 2014 11:55:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.048
X-Spam-Level:
X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KNHkl7HtG5Yz; Wed, 5 Mar 2014 11:54:58 -0800 (PST)
Received: from mtv-iport-1.cisco.com (mtv-iport-1.cisco.com [173.36.130.12]) by ietfa.amsl.com (Postfix) with ESMTP id 192771A021C; Wed, 5 Mar 2014 11:54:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3027; q=dns/txt; s=iport; t=1394049294; x=1395258894; h=date:from:to:cc:subject:in-reply-to:message-id: references:mime-version; bh=gPUe08TkaeEDGVzc+MpIppqOKxPZidgYgTuuF8uV1n0=; b=cnScUrYQ6fI10IKU+B005DKR7e0r+3tsq/KJ4sUVelM55YfVXJ4Tl2zM 5DvBVX/BQ1tUqKg5s9vFphnDXcGMzn4NHlpHO84bHlD3lHES297Y8SuAF MZt97Dbs4Rl0F3ITnjpWC5Z6IPjyb5XanJX0DKE42Suxza7bEZaBNf1oR c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsFAOJ/F1OrRDoJ/2dsb2JhbABaDoJ4hBa+CYEaFnSCJQEBAQMBI1YQCQIYKgICVwaIBAeSI5wXoCcXjlEHgm+BSQSJS6Edgm5g
X-IronPort-AV: E=Sophos;i="4.97,594,1389744000"; d="scan'208";a="104419680"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by mtv-iport-1.cisco.com with ESMTP; 05 Mar 2014 19:54:54 +0000
Received: from sjc-xdm-112 (sjc-xdm-112.cisco.com [171.71.188.44]) by mtv-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s25Jssvr029952 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 5 Mar 2014 19:54:54 GMT
Date: Wed, 05 Mar 2014 11:54:54 -0800
From: Chris Lonvick <clonvick@cisco.com>
To: Qi Sun <sunqi@csnet1.cs.tsinghua.edu.cn>
In-Reply-To: <0072CD75-BCD2-4759-A28E-92481E6D50D8@csnet1.cs.tsinghua.edu.cn>
Message-ID: <alpine.LRH.2.00.1403051154270.17205@sjc-xdm-112.cisco.com>
References: <alpine.LRH.2.00.1403031101470.22583@sjc-xdm-112.cisco.com> <3605A730-DFCA-4A9B-9A30-7FAE4A938CBA@gmail.com> <0072CD75-BCD2-4759-A28E-92481E6D50D8@csnet1.cs.tsinghua.edu.cn>
User-Agent: Alpine 2.00 (LRH 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="1202400444-2086425228-1394049294=:17205"
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/EPINhoAzMzAQpaR_Mf8QST1_tjY
Cc: draft-ietf-dhc-dhcpv6-unknown-msg.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SECDIR review of draft-ietf-dhc-dhcpv6-unknown-msg-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Mar 2014 19:55:01 -0000
Hi Qi, That sounds reasonable. Best regards, Chris On Wed, 5 Mar 2014, Qi Sun wrote: > > > Dear Chris, > > Many thanks for your comments! > > About the Security Considerations section, how about we add the following clarification: > > OLD: > 6. Security Considerations > > As the relay agent will forward all unknown types of DHCPv6 messages, > a malicious attacker can interfere with the relaying function by > constructing fake DHCPv6 messages with arbitrary type code. The same > problem may happen in current DHCPv4 and DHCPv6 practice where the > attacker constructs the fake DHCP message with a known type code. > ... > > NEW: > 6. Security Considerations > > This document creates no new security issues that are not already > present in RFC3315. By explicitly documenting the correct handling > of unknown messages, this document, if implemented, reduces any > security exposure that might result from incorrect handling of > unknown messages. The following issues are issues that could already > be present with section 23 of [RFC3315], but we discuss them in > detail here as guidance for implementors. > > As the relay agent will forward all unknown types of DHCPv6 messages, > a malicious attacker can interfere with the relaying function by > constructing fake DHCPv6 messages with arbitrary type code. The same > problem may happen in current DHCPv4 and DHCPv6 practice where the > attacker constructs the fake DHCP message with a known type code. > ... > > Would that be OK? > > Best Regards, > Qi > //Sorry if you received duplicate mails. > > > > On 2014-3-3, at 下午7:07, Chris Lonvick wrote: > > > Hi, > > I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments > were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last > call comments. > > This document looks to be well thought out and almost complete. I would like to see a statement in the Security Considerations section that this > specification adheres to the Security Considerations section of RFC 3315, and augments it by describing the disposition of unknown messages. > > Other than that, the only very minor nit that I have is that the second and third paragraphs of the Security Considerations section are a single thought and > should be combined. > > Thanks, > Chris > > > >