[secdir] secdir review of draft-ietf-dhc-leasequery-by-remote-id-07
Samuel Weiler <weiler@watson.org> Thu, 02 December 2010 03:28 UTC
Return-Path: <weiler@watson.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A86033A6843; Wed, 1 Dec 2010 19:28:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.485
X-Spam-Level:
X-Spam-Status: No, score=-2.485 tagged_above=-999 required=5 tests=[AWL=0.114, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yD6UFoMgW1IP; Wed, 1 Dec 2010 19:28:47 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by core3.amsl.com (Postfix) with ESMTP id ED7403A67AE; Wed, 1 Dec 2010 19:28:44 -0800 (PST)
Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.14.4/8.14.4) with ESMTP id oB23TvjY070033; Wed, 1 Dec 2010 22:29:57 -0500 (EST) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.4/8.14.4/Submit) with ESMTP id oB23Tv3n070030; Wed, 1 Dec 2010 22:29:57 -0500 (EST) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Wed, 01 Dec 2010 22:29:56 -0500
From: Samuel Weiler <weiler@watson.org>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-dhc-leasequery-by-remote-id.all@tools.ietf.org
Message-ID: <alpine.BSF.2.00.1012012218180.54384@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org [127.0.0.1]); Wed, 01 Dec 2010 22:29:57 -0500 (EST)
Subject: [secdir] secdir review of draft-ietf-dhc-leasequery-by-remote-id-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Dec 2010 03:28:50 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Sorry for getting this out so late. I'm a bit confused by this doc -- in particular, I'm not understanding how the Remote ID field is being set so that querying based on it gives a complete set of relevant leases. I'm also wondering if the use case envisioned (filtering spoofed source addresses based on the assumption that you can collect a complete list of leases using this method) is dangerous -- at the very least, it suggests that authentication of the queries here is every more important than in 4388. Furthermore, what risks are there if answers to these queries are spoofed away? In this model, could a relay agent be induced to filter out a legitimate client for want of an answer to a DHCPLEASEQUERY? Also, I'm not a fan of referral Security Considerations sections -- I'd rather see a repeat of the text than a reference. -- Sam
- [secdir] secdir review of draft-ietf-dhc-leaseque… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-dhc-leas… Pavan Kurapati