Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
Tomek Mrugalski <tomasz.mrugalski@gmail.com> Fri, 30 May 2014 21:33 UTC
Return-Path: <tomasz.mrugalski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 81D521A883F for <dhcwg@ietfa.amsl.com>; Fri, 30 May 2014 14:33:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GYexLjink8ru for <dhcwg@ietfa.amsl.com>; Fri, 30 May 2014 14:33:04 -0700 (PDT)
Received: from mail-we0-x233.google.com (mail-we0-x233.google.com [IPv6:2a00:1450:400c:c03::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FF791A6FFA for <dhcwg@ietf.org>; Fri, 30 May 2014 14:33:03 -0700 (PDT)
Received: by mail-we0-f179.google.com with SMTP id q59so2560905wes.24 for <dhcwg@ietf.org>; Fri, 30 May 2014 14:32:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=6ea30Gi0d6+N6TIHI2pkOdcrq+WOyal+eDlzjatlw8Y=; b=IExCWSmstEkHj06sBfA0nem84sO78ZzJd9+Fc3pEmH1XH/qBWFKxldNZbuEDjK+hbD VL0NpGObItoBa3PoBOfLeFj4IdKaM2/kDB8ZQFU7AIBwDjIeZGSXUJNoKGf7JrRQXv3v ohLHPW36P34azaAWmQ5BT/eSLeopicQySTo41WOGkILHTsbcmHAK2TYMtyHmTHyOgKfn igPAbfSvQiRBLFDx4cCJc5a+2LrrOR/qIQZbB7fA0dGtbDRcIc1C+QIJh/lSc1uBfMjv LOVN0dYpq/Dh6juisOFUUvSGz3VswQALRMbS44VNj3eTkFPyXhuALj6JUd+W4oTF15TD EuDQ==
X-Received: by 10.195.12.34 with SMTP id en2mr26429440wjd.13.1401485577727; Fri, 30 May 2014 14:32:57 -0700 (PDT)
Received: from [10.0.0.100] (109107011157.gdansk.vectranet.pl. [109.107.11.157]) by mx.google.com with ESMTPSA id nb8sm9084669wic.18.2014.05.30.14.32.55 for <dhcwg@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 30 May 2014 14:32:56 -0700 (PDT)
Message-ID: <5388F901.1000709@gmail.com>
Date: Fri, 30 May 2014 23:32:49 +0200
From: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: dhcwg <dhcwg@ietf.org>
References: <535FEDAD.5010103@gmail.com>
In-Reply-To: <535FEDAD.5010103@gmail.com>
X-Enigmail-Version: 1.5.2
X-TagToolbar-Keys: D20140530233249716
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dhcwg/902fYSuhXLkoGWleYxbRI6F9_Rw
Subject: Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Respond by May 18
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 May 2014 21:33:06 -0000
On 29.04.2014 20:21, Tomek Mrugalski wrote: > Hi all, > > This message starts DHC working group last call about advancing Secure > DHCPv6 with Public Key document as a Standards Track RFC. The authors > believe that this version addressed all the issues raised and is ready. Apologies that I didn't participate in the discussion and didn't review this draft earlier. <dhc co-chair hat off> I read draft-ietf-dhc-sedhcpv6-02 and support this work. I think there's significant value in this work. I agree with previous commenters that the specific use cases could be described somewhere, perhaps in the introduction section. One use case where it could be useful is a high security network, like a military base or a R&D department that wants to protect its secrets. This authentication could be mutual - legitimate employers are provided with devices that have preconfigured keys and this mechanism is an additional step in access control. On the other hand, the employees want to make sure that they indeed connect to the legitimate network, not a spoofed one. Another use case could be a paid hotspot. Unknown clients are assigned a different set of addresses/options that get them to the site where they can pay for the service. Once the service is paid, the client becomes known and future configuration will get him direct connection, thus bypassing annoying login/pay portal. Having to go through the captive portal only one could be a big advantage of this mechanism. The server authentication could also be useful. Mobile clients can store list of previously visited networks that are known to work. I think it is important to add a section that enumerates those and similar use cases. Otherwise you risk that this work will be stalled and you'd be asked to write a separate problem statement document. Section 1 claims that messages exchanged between relay agents and servers are less vulnerable. That is usually true, but it is possible for client to spoof a relay. Instead of sending plain messages, it could send Relay-forward messages with spoofed options and Solicit or Request inside it. I don't see any obvious attack vector here, though. Nitpick: I'm confused what the fourth paragraph is Section 3 is about. It starts discussion about manual key distribution, but then explains flaws of reconfigure key authentication. These are not really related topics, so I think it would read better if the text was split into 2 paragraphs. Section 4: soltuion => solution certificates are can be used => certificates can be used Nitpick: The text mentions clients and DHCPv6 servers. It reads a bit awkwardly. It should be either "DHCPv6 clients and DHCPv6 servers" or "clients and servers". You may mention in Terminology section what clients and servers mean and then use that shorter version throught the text. It will just read easier. Section 4.3 says "the DHCPv6 server (for most of known DHCPv6 implementations) would just omit or disregard unknown options and still process the known options." Are you aware of any implementations that do not follow this principle? "If the client accept the unsecure messages from the DHCPv6 server. The subsequent exchanges will be in unsecure model." Those two sentences should be combined into one. "If the server mandidates the authentication..." => "If the server's policy requires the authentication..." Section 5.1: The Public key format is confusing. Should it be binary data or hex? Second sentence suggests that it's hex string. 2048bit key requires 256 bytes if sent as a binary. However, if you send it as hex string, it requires 512 bytes. Obviously, better way is to send it as binary, as it is size optimal. +1 for having packet size discussion in the document. Here's my take on it: Section 5.2 says that the maxium certificate length is 65535 bytes. There are other limits that would practically never allow you to put that large option. The first soft limit is MTU of the interface, which is typically 1500 bytes - IPv6 header size - UDP header - DHCPv6 header - size of mandatory options - size of certificate option header. (Some may point out that the min. MTU for IPv6-capable links is 1280, so the limit may be even lower than that). This is a "soft" limit. If you cross it, DHCPv6 messages will get fragmented. There's nothing in RFC3315 that forbid that, but I never saw fragmented DHCPv6 packets out in the wild and I expect that it may cause problems (firewalls dropping fragments, simple clients not supporting fragmentation etc.). You can get above that limit, but you'd be walking on an increasingly exotic territory. The next limit is imposed by Payload length in IPv6 header. Its max. value is 65535, so you need to decrease it by mentioned UDP/DHCPv6/options headers. So even max. UDP packet is not enough for storing the max size of the option you propose. I'd be very interested in seeing how existing implementations behave when they receive 64k packets. If you really want to go above that, there are jumbograms (see RFC2675). Although I haven't checked that, my gut feeling is that current implementations will be puzzled when they get a jumbogram-wrapped DHCPv6 packet. Note that the current text of section 5.2 implies that jumbograms are required to deliver the biggest OPTION_CERT_PARAMETER option. I do not know how big X.509 certificates can be. If they are approaching 1500 bytes, you should have a section discussing the issues I mentioned. This document defines two mandatory algorithms: SHA-256 for hash and RSASSA-PKCS1-v1_5 for signature. I'm not a security expert by any means, so I'm not questioning those choices, but it would be useful if you could include some background information why you chose those two. Time stamp in section 3. You chose the timestamp to follow RFC5905 format (64 bit, starting 1 Jan 1900). DHCPv6 already defines a time format (see section 9.2 in RFC3315), which unfortunately is only 32bits. NTP format has the advantage of being 64 bits, but unnecessarily covers dates from 20th century. RFC3315 style on the other hand begins 1 Jan 2000, but is only 32 bits. Perhaps it would make sense to define a new format: 64 bit, starting in 2000? This is just somthing to consider. I'm ok if you want to keep current format. They last paragraph in 5.3 says that authentication option is not covered. So it's unclear for me how should I calculate the digests if both authentication and signature options are present. Section 5.4 defines new value of status code called NotSupportAlgorithm. The name sounds a bit awkward. AlgorithmNotSupported sound better in my opinion. Also, its definition says that the server does not support algorithms that the sender (presumably the client) used. What is the opposite is true: client does not support an algorithm that the server used? Up until now, client never did send status codes. Is the case where client needs to communicate this failure to the server described in the text? Also, I think the status descriptions should be reworded to use either server/client or sender/receiver. Further in the same section: SignitureFail => SignatureFail. That misspelling appears in multiple sections. Section 6.1: which MUST contructed => which MUST be contructed Section 6.1 "Upon receiving an AuthFailNotSupportLoF error status code [...] the client MAY switch to other certificate or public key if it has. But it SHOULD NOT retry with the same certificate/ public-key." Why SHOULD NOT and not MUST NOT? "Upon receiving a SignitureFail error status code, the client MAY resend the message.". I have 2 issues with that. First, if the receiver was unable to verify the signature first time, why would retransmission fix anything? It is likely that the repeated transmissions will also fail signature verification. Second, there should be some clarification regarding retransmission not being immiediate. Otherwise, you risk clients flooding the server. I think some clarification like "upon receiving non-success status code, the client follows normal retransmission routines defined in RFC3315" would do the trick here. Section 6.2: "In the failure cases, both DHCPv6 server and client SHOULD NOT process received message, and the server SHOULD reply a correspondent error status could, while the client does nothing." Isn't this a configuration policy? I can imagine a case where clients that failed authentication are still served, but they get a different threatment (like a separate subnet with captive portal that explains what they are supposed to do). The paragraph that discusses leap of faith should say that specific behavior depends on configured policy. Section 6.4 rough synchronized clocks => roughly synchronized clocks Section 7 "The clients may decline..." => "The clients may discard..." ('decline' has special meaning in DHCPv6 context). Section 8: Why do you need reserved (0000) value in Hash algorithm table? I'd like to see a section describing key rollover. It doesn't have to be long. Just a paragraph or two would suffice. <co-chair hat on> I'll chat with Bernie early next week and we'll wrap up this WGLC shortly afterwards. Tomek
- [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 - Res… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Liubing (Leo)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Declan Ma
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Bernie Volz (volz)
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… liuzilong8266
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ted Lemon
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Sheng Jiang
- [dhcwg] WGLC summary for draft-ietf-dhc-sedhcpv6-… Tomek Mrugalski
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… 神明達哉
- Re: [dhcwg] WGLC for draft-ietf-dhc-sedhcpv6-02 -… Ralph Droms
- [dhcwg] Deployment consideration for SeDHCPv6 Sheng Jiang
- Re: [dhcwg] Deployment consideration for SeDHCPv6 神明達哉
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Ralph Droms
- Re: [dhcwg] Deployment consideration for SeDHCPv6 神明達哉
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Sheng Jiang
- Re: [dhcwg] Deployment consideration for SeDHCPv6 Ralph Droms