|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [dhcwg] Response to IESG comments on draft-ietf-dhc-isnsoption-08.txtHi All: Another cut at the security section to address David Black's concerns. ===================== Security: DHCP security considerations are addressed in [RFC3118]. Among these is the potential for a "man-in-the-middle" attack by a hostile entity modifying or replacing the original iSNS option message. Unless some form of authentication is implemented, an attacker may trick the iSNS client into connecting into rogue iSNS servers. To thwart such attacks, the DHCP response should be verified in some manner. One approach is direct authentication via [RFC3118], when implemented. Since this technology is not widely deployed, an alternative is to authenticate the discovered iSNS server through use of IPSec or the iSNS authentication block as described in [ISNS]. Of course, use of iSNS Server authentication implies a site-wide policy requiring use of one of the authentication methods specified in [ISNS] by all iSNS servers. If no authentication is used and it is determined that the potential exists for one of the attacks described in [RFC3118], then the DHCP option message for iSNS should not be utilized. ====================== > -----Original Message----- > From: Black_David@emc.com [mailto:Black_David@emc.com] > Sent: Friday, September 05, 2003 2:25 PM > To: cmonia@NishanSystems.com; ElizabethRodriguez@ieee.org; > rdroms@cisco.com; smb@research.att.com > Cc: narten@us.ibm.com; dhcwg@ietf.org; ips@ece.cmu.edu; > Black_David@emc.com; mankin@isi.edu; > jtseng@NishanSystems.com; kgibbons@NishanSystems.com > Subject: RE: [dhcwg] Response to IESG comments on > draft-ietf-dhc-isnsoptio n-08.txt > > > At the risk of complicating this further, I don't think "RECOMMENDED" > is going to be the right solution, as "cannot obtain an > implementation" does not strike me as a "valid reason in particular > circumstances" (cf. RFC 2119) to ignore a "RECOMMENDED" requirement > statement. > > I think the right thing to do here is to address Ralph's concern > directly rather than trying to craft language that avoids it. In > other words, discuss the usefulness of DHCP Authentication, but point > out that it is not widely implemented, recommend its use when > available (lower case "recommended"), and discuss alternative measures > that can prevent contact with a rogue iSNS server (e.g., in addition > to not using the iSNS DHCP option, IPsec can provide > countermeasures based on setting policy for traffic to the > TCP port used by iSNS, but one has to have local policy > override the IPsec on/off setting in the iSNS DHCP option). > > Thanks, <stuff Deleted> Thanks, -- Charles ----------------------------------------- Charles Monia Senior Technology Consultant Nishan Systems email: cmonia@nishansystems.com voice: (408) 519-3986 fax: (408) 435-8385
Home Last updated: Thu Sep 11 09:19:30 2003 12890 messages in chronological order |