[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: [dhcwg] Response to IESG comments on draft-ietf-dhc-isnsoption-08.txt

    Hi All:
    Another cut at the security section to address David Black's concerns.
    DHCP security considerations are addressed in [RFC3118].  Among these is the
    potential for a "man-in-the-middle" attack by a hostile entity modifying or
    replacing the original iSNS option message. Unless some form of
    authentication is implemented, an attacker may trick the iSNS client into
    connecting into rogue iSNS servers.
    To thwart such attacks, the DHCP response should be verified in some manner.
    One approach is direct authentication via [RFC3118], when implemented.
    Since this technology is not widely deployed, an alternative is to
    authenticate the discovered iSNS server through use of IPSec or the iSNS
    authentication block as described in [ISNS]. Of course, use of iSNS Server
    authentication implies a site-wide policy requiring use of one of the
    authentication methods specified in [ISNS] by all iSNS servers.
    If no authentication is used and it is determined that the potential exists
    for one of the attacks described in [RFC3118], then the DHCP option message
    for iSNS should not be utilized.
    > -----Original Message-----
    > From: []
    > Sent: Friday, September 05, 2003 2:25 PM
    > To:;;
    > Cc:;;; 
    > Subject: RE: [dhcwg] Response to IESG comments on 
    > draft-ietf-dhc-isnsoptio n-08.txt
    > At the risk of complicating this further, I don't think "RECOMMENDED" 
    > is going to be the right solution, as "cannot obtain an 
    > implementation" does not strike me as a "valid reason in particular 
    > circumstances" (cf. RFC 2119) to ignore a "RECOMMENDED" requirement 
    > statement.
    > I think the right thing to do here is to address Ralph's concern 
    > directly rather than trying to craft language that avoids it.  In 
    > other words, discuss the usefulness of DHCP Authentication, but point 
    > out that it is not widely implemented, recommend its use  when 
    > available (lower case "recommended"), and discuss alternative measures 
    > that can prevent contact with a rogue iSNS server (e.g., in addition
    > to not using the iSNS DHCP option, IPsec can provide 
    > countermeasures based on setting policy for traffic to the 
    > TCP port used by iSNS, but one has to have local policy 
    > override the IPsec on/off setting in the iSNS DHCP option).
    > Thanks,
    <stuff Deleted>
    -- Charles
    Charles Monia
    Senior Technology Consultant
    Nishan Systems
    voice: (408) 519-3986
    fax:   (408) 435-8385


Last updated: Thu Sep 11 09:19:30 2003
12890 messages in chronological order