IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-dhc-rfc3315bis-10

"Bernie Volz (volz)" <volz@cisco.com> Fri, 19 January 2018 14:53 UTC

Return-Path: <volz@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F70F120726; Fri, 19 Jan 2018 06:53:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.529
X-Spam-Level:
X-Spam-Status: No, score=-14.529 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qGb3fRbULFzL; Fri, 19 Jan 2018 06:53:35 -0800 (PST)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC34F12D953; Fri, 19 Jan 2018 06:53:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18272; q=dns/txt; s=iport; t=1516373614; x=1517583214; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=QWUcpZTT7NpiqlpKPxfPUDk2f2gGbwbjnPt+PFmG4FA=; b=J2Wv9mZqmGxjyMiuqsxCDxmrlE+6kwdQCW8MOkrpr4wPFrFQxXBtj99q fcx4sQyYqSPofQoz9wiJ5m26QW0x2+DaD0VVxCu1OMVpt8aRDxom7lYgF w2vwDsk0vLSBgBDchsY2sICorSiUNVwZzXh+8doM40vu8KhuvQBRyIlZg 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ADAgAdBmJa/4oNJK1eGQEBAQEBAQEBAQEBAQcBAQEBAYJKeGZ0JweDVpkEggKRYIVnggIKhTsCGoRIQhUBAQEBAQEBAQFrKIUjAQEBAQMjCkwQAgEIDgMEAQEoAwICAjAUCQgCBA4FCIlHZK8qgieKMQEBAQEBAQEBAQEBAQEBAQEBAQEBAR2ERASBDoEHgz+DLoMvBIE8ARIBCUyCYYJlBaN1ApVNlCGXEQIRGQGBOwE1I19wbxWCZ4JVG4FneIoVDxgEgQmBFwEBAQ
X-IronPort-AV: E=Sophos; i="5.46,381,1511827200"; d="scan'208,217"; a="58995587"
Received: from alln-core-5.cisco.com ([173.36.13.138]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 19 Jan 2018 14:53:33 +0000
Received: from XCH-RCD-001.cisco.com (xch-rcd-001.cisco.com [173.37.102.11]) by alln-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id w0JErXUW006990 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 19 Jan 2018 14:53:33 GMT
Received: from xch-aln-003.cisco.com (173.36.7.13) by XCH-RCD-001.cisco.com (173.37.102.11) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 19 Jan 2018 08:53:33 -0600
Received: from xch-aln-003.cisco.com ([173.36.7.13]) by XCH-ALN-003.cisco.com ([173.36.7.13]) with mapi id 15.00.1320.000; Fri, 19 Jan 2018 08:53:32 -0600
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Kyle Rose <krose@krose.org>
CC: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-dhc-rfc3315bis.all@ietf.org" <draft-ietf-dhc-rfc3315bis.all@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-dhc-rfc3315bis-10
Thread-Index: AQHTj9uyrsvjo+IRTkmYu3nNI56zPaN7SK3Q
Date: Fri, 19 Jan 2018 14:53:32 +0000
Message-ID: <a29a0d22e62f457792d2985f125a87f9@XCH-ALN-003.cisco.com>
References: <CAJU8_nX_f0ry1y3Fg7niqAHf_50TVz+YqdsAYTP_e5xkuK2JCw@mail.gmail.com>
In-Reply-To: <CAJU8_nX_f0ry1y3Fg7niqAHf_50TVz+YqdsAYTP_e5xkuK2JCw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.98.1.196]
Content-Type: multipart/alternative; boundary="_000_a29a0d22e62f457792d2985f125a87f9XCHALN003ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/P1E0zEx8TPMaClG7BnkOSShNAXE>
Subject: Re: [secdir] Secdir last call review of draft-ietf-dhc-rfc3315bis-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jan 2018 14:53:37 -0000

Kyle:

On behalf of the authors of draft-ietf-dhc-rfc3315bis, thanks much for the very thorough review (this email and your other email with the nits – most of those nits look appropriate to apply).

Regarding the HMAC-MD5 issue: That was what RFC 3315 specified. Also, the AUTH Option (except for use by RKAP) is being deprecated. For RKAP, there is also a flaw as there is no means for the client to indicate the algorithms it supports and the server generates this key – so what it uses must be supported by the client for it to work. Therefore, simply changing algorithms is not very really possible (likely it would require a NEW option to have the client communicate which algorithm(s) it supports).


-          Bernie

From: Kyle Rose [mailto:krose@krose.org]
Sent: Wednesday, January 17, 2018 4:40 PM
To: The IESG <iesg@ietf.org>; secdir@ietf.org; draft-ietf-dhc-rfc3315bis.all@ietf.org
Subject: Secdir last call review of draft-ietf-dhc-rfc3315bis-10

Let me try sending this to the right .all address.
Reviewer: Kyle Rose
Review result: Ready with issues

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

13.1: "By default, DHCP server implementations SHOULD NOT generate predictable addresses." The justification for this is not addressed in the security considerations section, while the privacy considerations section might be punting this to RFC 7824, though the only mention I can find in a quick search regards iterative allocation in section 4.3.

20.4.1: RKAP uses HMAC-MD5 for symmetric authentication. As an informational matter for an existing protocol, this is certainly justified, but I don't know how the IETF handles obsolete crypto in standards revisions.

20.4.3: "...the client computes an HMAC-MD5 over the DHCP Reconfigure message [ADD: with zeroes substituted for the HMAC-MD5 field], using the Reconfigure Key received from the server"

22. DHCP's security threat model is not clearly stated. For instance, RKAP provides protection against man-on-the-side reconfiguration attacks, but DHCP has no ability by itself to protect against a race between legitimate and rogue DHCP servers: such protection relies on management of multicast groups at layer 2. This is implied by the paragraph on snooping DHCP multicast traffic, but nowhere is it specified normatively that restrictive group management is necessary to eliminate this part of the attack surface. Similarly, it's not clear to me whether a rogue or misconfigured server temporarily in the All_DHCP_Servers or All_DHCP_Relay_Agents_and_Servers multicast group can then hide a client from the official DHCP servers forever by sending it the unicast option, thus maintaining exclusive access to certain messages, notabley Request and Renew. The threat model should be stated clearly in this document, even if the recommended countermeasures are in some other RFC (such as RFC 7610) because they rely on information not in this document.

23. Does it make sense to clarify the threat model for privacy? For instance, this protocol doesn't try to defend clients against tracking within a LAN that can observe the DHCP traffic. I can guess what the threat model is, but ISTM that it should be specified explicitly.

v2.23.0 | Report a Bug | By Email