Re: [secdir] secdir review of draft-sakane-dhc-dhcpv6-kdc-option

t.p. <daedulus@btconnect.com> Fri, 08 June 2012 14:27 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5AF021F8920; Fri, 8 Jun 2012 07:27:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.254
X-Spam-Level:
X-Spam-Status: No, score=-4.254 tagged_above=-999 required=5 tests=[AWL=-0.655, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TI7n1J8qt9aW; Fri, 8 Jun 2012 07:27:32 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe001.messaging.microsoft.com [213.199.154.204]) by ietfa.amsl.com (Postfix) with ESMTP id E7AFA21F8800; Fri, 8 Jun 2012 07:27:31 -0700 (PDT)
Received: from mail26-am1-R.bigfish.com (10.3.201.239) by AM1EHSOBE001.bigfish.com (10.3.204.21) with Microsoft SMTP Server id 14.1.225.23; Fri, 8 Jun 2012 14:26:39 +0000
Received: from mail26-am1 (localhost [127.0.0.1]) by mail26-am1-R.bigfish.com (Postfix) with ESMTP id BFAD64003F8; Fri, 8 Jun 2012 14:26:39 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.55.224.141; KIP:(null); UIP:(null); IPV:NLI; H:DB3PRD0702HT009.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -28
X-BigFish: PS-28(zzbb2dI98dI9371I542M1dbaI1432I1418I4015Izz1202hzz1033IL8275bh8275dhz2dh2a8h5a9h668h839hd24hf0ah304l)
Received: from mail26-am1 (localhost.localdomain [127.0.0.1]) by mail26-am1 (MessageSwitch) id 1339165597980755_20655; Fri, 8 Jun 2012 14:26:37 +0000 (UTC)
Received: from AM1EHSMHS015.bigfish.com (unknown [10.3.201.252]) by mail26-am1.bigfish.com (Postfix) with ESMTP id E33F8220049; Fri, 8 Jun 2012 14:26:37 +0000 (UTC)
Received: from DB3PRD0702HT009.eurprd07.prod.outlook.com (157.55.224.141) by AM1EHSMHS015.bigfish.com (10.3.207.153) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 8 Jun 2012 14:26:36 +0000
Received: from DBXPRD0610HT005.eurprd06.prod.outlook.com (157.56.252.181) by pod51017.outlook.com (10.3.4.174) with Microsoft SMTP Server (TLS) id 14.15.74.2; Fri, 8 Jun 2012 14:27:26 +0000
Message-ID: <020601cd4582$63db64c0$4001a8c0@gateway.2wire.net>
From: t.p. <daedulus@btconnect.com>
To: ssakane <ssakane@cisco.com>
References: <CBF82D46.6AB4%ssakane@cisco.com>
Date: Fri, 8 Jun 2012 15:24:10 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.252.181]
X-OriginatorOrg: btconnect.com
X-Mailman-Approved-At: Fri, 08 Jun 2012 08:15:52 -0700
Cc: draft-sakane-dhc-dhcpv6-kdc-option@tools.ietf.org, ietf <ietf@ietf.org>, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-sakane-dhc-dhcpv6-kdc-option
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2012 14:27:33 -0000

----- Original Message -----
From: "ssakane" <ssakane@cisco.com>;
To: "t.p." <daedulus@btconnect.com>;
Cc: <draft-sakane-dhc-dhcpv6-kdc-option@tools.ietf.org>;;
<secdir@ietf.org>;; "ietf" <ietf@ietf.org>;
Sent: Friday, June 08, 2012 2:29 PM
> Hi Tom,
>
> Some reviewers suggested me to just remove the figure and its
description in
> 4.1 because it has ambiguity.  I think it would be better to leave the
1st
> paragraph in section 4.1, and I should remove the rest.  What do you
think
> about this idea ?

I would leave it in.

The first paragraph on its own I would think underspecified and the rest
of the section does cover a number of issues, issues that only occurred
to me when I read the section carefully.  As I said in my last post, I
then found I had further issues - how long to wait, should a secure DHCP
trump an insecure DNS? - which may be worth exploring in addition.

I do think that this kind of pseudocode helps a lot of developers to
understand the issues and would want a good reason to remove it; at the
same time, others see it as an impurity that has no part in a Standards
Track RFC.  One option would be to remove it to an Appendix which
implicitly makes it Informative and not Normative so it is there for
those who would benefit from it but will not upset those who consider it
out of place.  But I would bounce this off the krb list to see what
reaction you get.

Tom Petch

> Thanks,
> Shoichi
>
> On 6/8/12 7:37 PM, "t.p." <daedulus@btconnect.com>; wrote:
>
> > Just to make public what I have hinted at privately, I think that
steps
> > in section 4.1 may be somewhat underspecified.
> >
> > They give the logic a client, one which supports both DHCP and DNS,
> > should
> > follow in order to find a KDC, with DNS information being preferred.
> > One scenario outlined in section 1 is of a user having entered
userid
> > and
> > passphrase and waiting to be authenticated.  The steps imply a
number of
> > timeouts in succession without specifying what balance to take of
how
> > long
> > to wait for a server to respond versus how long to keep the user
> > waiting.
> > I would find it difficult to know what balance to strike without
> > guidance.
> >
> > A related issue is that section 4.1 prefers DNS to DHCP for Kerberos
> > information but the Security Considerations stress the weakness of
> > DHCP and recommend authenticating DHCP.  What if DHCP is secure
> > and DNS is not?  Should DNS still be preferred?
> >
> > Tom Petch
> >
> > ----- Original Message -----
> > From: "Jeffrey Hutzelman" <jhutz@cmu.edu>;
> > To: "Samuel Weiler" <weiler+secdir@watson.org>;
> > Cc: <draft-sakane-dhc-dhcpv6-kdc-option@tools.ietf.org>;;
> > <secdir@ietf.org>;; <ietf@ietf.org>;; <jhutz@cmu.edu>;
> > Sent: Thursday, May 24, 2012 6:50 PM
> > Subject: Re: [secdir] secdir review of
> > draft-sakane-dhc-dhcpv6-kdc-option
> >
> >
> >
>
>