Re: [secdir] review of draft-ietf-dhc-secure-dhcpv6-04.txt
Stephen Kent <kent@bbn.com> Thu, 23 February 2012 01:32 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61D2821E801D for <secdir@ietfa.amsl.com>; Wed, 22 Feb 2012 17:32:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.37
X-Spam-Level:
X-Spam-Status: No, score=-106.37 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQieTOQxVdwn for <secdir@ietfa.amsl.com>; Wed, 22 Feb 2012 17:32:16 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 95A6E21E8013 for <secdir@ietf.org>; Wed, 22 Feb 2012 17:32:16 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:55370 helo=[172.20.8.192]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1S0NXP-000GSf-E6; Wed, 22 Feb 2012 20:32:03 -0500
Mime-Version: 1.0
Message-Id: <p06240802cb6b41feba2f@[172.20.8.192]>
In-Reply-To: <5D36713D8A4E7348A7E10DF7437A4B92188B034F@SZXEML506-MBS.china.huawei.com>
References: <p0624080ccb3e5b4801c7@[128.89.89.66]> <5D36713D8A4E7348A7E10DF7437A4B92188B034F@SZXEML506-MBS.china.huawei.com>
Date: Wed, 22 Feb 2012 20:31:48 -0500
To: Sheng Jiang <jiangsheng@huawei.com>
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-882161773==_ma============"
Cc: "secdir@ietf.org" <secdir@ietf.org>, "shenshuo@cnnic.cn" <shenshuo@cnnic.cn>, "rdroms.ietf@gmail.com" <rdroms.ietf@gmail.com>, "john_brzozowski@cable.comcast.com" <john_brzozowski@cable.comcast.com>, Sheng Jiang <jiangsheng@huawei.com>, "ted.lemon@nominum.com" <ted.lemon@nominum.com>
Subject: Re: [secdir] review of draft-ietf-dhc-secure-dhcpv6-04.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Feb 2012 01:32:17 -0000
At 2:33 AM +0000 2/22/12, Sheng Jiang wrote: >Hi, Stephen, > >Thanks for your review. I have integrated them in a new version or >make some correspondent improvements. However, I do not agree the >below comment and would like to discuss it further. > ><Stephen> The fact that the signature option can be placed anywhere >in the DHCPv6 message strikes me as dangerous. It imposes a >requirement on a receiver to treat the protected and unprotected >portions of the message differently, for any possible placement of >the signature option. This adds complexity to implementations, since >the security checking would have to indicate to the rest of message >processing which parts of a message were checked and which were not >verified. Unless there are DHCHv6 options that may be modified (or >added) legitimately when a message traverses a relay, it is not >clear why there needs to be a provision to exclude any portions of a >DHCPv6 message from the integrity/authentication check. > ><Sheng> The charge is not right here. Although the signature option >can be placed anywhere, it actually protects ALL DHCPv6 options and >payload (except for itself and auth option), see Section 5.2 for how >to perform signature. Therefore, there is no unprotected portion at >all. The place of signature option does not mean the portion after >it is unprotected. The text in 5.2 states, when it describes the Sig option: "It protects all the DHCPv6 header and options before it. Any options after the Signature option can be processed, but it should be noticed that they are not protected by this Signature option." This text contradicts what you said above. The text later in 5.2, in the discussion of how to compute the sig value, says what you meant (sort of), but that contradicts the text cited above. Also, the text describing how to compute the sig is incorrect, since it says: " The signature constructed by using the sender's private key over the following sequence of octets:..." The private key is used to sign the hash value computed over the sequence of octets described in this part of 5.2. Also, allowing the sig option to appear anywhere in the message is, as I indicated earlier, a bad idea. Even if the text is corrected to make clear that the whole message is protected, it is "cleaner" to put the sig option at the end, so that the sender and receiver does not have to skip over it in computing the hash value that is to be signed. Steve
- [secdir] review of draft-ietf-dhc-secure-dhcpv6-0… Stephen Kent
- Re: [secdir] review of draft-ietf-dhc-secure-dhcp… Sheng Jiang
- Re: [secdir] review of draft-ietf-dhc-secure-dhcp… Sheng Jiang
- Re: [secdir] review of draft-ietf-dhc-secure-dhcp… Stephen Kent
- Re: [secdir] review of draft-ietf-dhc-secure-dhcp… Sheng Jiang
- Re: [secdir] review of draft-ietf-dhc-secure-dhcp… Sheng Jiang
- Re: [secdir] review of draft-ietf-dhc-secure-dhcp… Sheng Jiang