[secdir] Secdir last call review of draft-ietf-dhc-dhcpv6-pd-relay-requirements-04

Christian Huitema via Datatracker <noreply@ietf.org> Fri, 04 December 2020 20:03 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F3AB33A0FF8; Fri, 4 Dec 2020 12:03:16 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Christian Huitema via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: last-call@ietf.org, draft-ietf-dhc-dhcpv6-pd-relay-requirements.all@ietf.org, dhcwg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.23.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160711219694.2677.7881042583251252532@ietfa.amsl.com>
Reply-To: Christian Huitema <huitema@huitema.net>
Date: Fri, 04 Dec 2020 12:03:16 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/flvSYfjzQxzJH-um0-4bOs0hlwE>
Subject: [secdir] Secdir last call review of draft-ietf-dhc-dhcpv6-pd-relay-requirements-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 20:03:17 -0000

Reviewer: Christian Huitema
Review result: Ready

This document presents a set of requirements for how "Prefix Delegating Relays" should
handle the relaying of IPv6 Prefix delegation requests between DHCP clients and DHCP servers.

This document is Ready. But please fix one tiny nit.

Prefix Delegating Relays are more complex than simple DHCP relays. Instead of
merely passing information back and forth between DHCP clients and DHCP servers,
they also need to install IPv6 routes so the allocated IPv6 prefix is routed towards
the client to which the prefix is allocated via DHCP. The document explains
issues found during past deployments, and presents a set of requirements to
ensure smooth operation of the service.

As written in the security section, stating these requrements does not add
any new security considerations beyond those mentioned in RFC 8213, which requires
using IPSEC between DHCP relay and DHCP server. This is fine and I believe that
the draft is ready, except for one nit. The draft mentions "Section 22 of [RFC8213]",
but RFC 8213 only has 6 sections. Since that RFC is entirely about "Security of
Messages Exchanged between Servers and Relay Agents", I don't understand why the
draft needs to mention this bogus "Section 22". Are the authors trying to trick
this reviewer?

There is a security issue concerning communication between clients and relays. This
draft is not the place to address it, which is why I think it is ready, but I can't
resist using this review to pass a message to the working group. On link attackers
could spoof requests for prefix delegation, or responses, just like
they can spoof any DHCP message. Spoofing prefix delegation requests might be a way
to attack networks, or to cause support issues between clients and providers.
RFC 8213 "suggests" using secure DHCPv6 between client and server, but the "secure
DHCPv6" draft cited in RFC 8213 is now expired. I understand that solutions like RA
Guard will in practice provide some protection, but the use of these solutions are
not discussed in RFC 8213. The DHCP WG might want to address that.