ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [secdir] secdir review of draft-sakane-dhc-dhcpv6-kdc-option

2012-06-08 09:27:49
from [t.p.] [Permanent Link] 
----- Original Message -----
From: "ssakane" <ssakane(_at_)cisco(_dot_)com>
To: "t.p." <daedulus(_at_)btconnect(_dot_)com>
Cc: <draft-sakane-dhc-dhcpv6-kdc-option(_at_)tools(_dot_)ietf(_dot_)org>;
<secdir(_at_)ietf(_dot_)org>; "ietf" <ietf(_at_)ietf(_dot_)org>
Sent: Friday, June 08, 2012 2:29 PM

Hi Tom,

Some reviewers suggested me to just remove the figure and its

description in

4.1 because it has ambiguity.  I think it would be better to leave the

1st

paragraph in section 4.1, and I should remove the rest.  What do you

think

about this idea ?


I would leave it in.

The first paragraph on its own I would think underspecified and the rest
of the section does cover a number of issues, issues that only occurred
to me when I read the section carefully.  As I said in my last post, I
then found I had further issues - how long to wait, should a secure DHCP
trump an insecure DNS? - which may be worth exploring in addition.

I do think that this kind of pseudocode helps a lot of developers to
understand the issues and would want a good reason to remove it; at the
same time, others see it as an impurity that has no part in a Standards
Track RFC.  One option would be to remove it to an Appendix which
implicitly makes it Informative and not Normative so it is there for
those who would benefit from it but will not upset those who consider it
out of place.  But I would bounce this off the krb list to see what
reaction you get.

Tom Petch


Thanks,
Shoichi

On 6/8/12 7:37 PM, "t.p." <daedulus(_at_)btconnect(_dot_)com> wrote:


Just to make public what I have hinted at privately, I think that

steps

in section 4.1 may be somewhat underspecified.

They give the logic a client, one which supports both DHCP and DNS,
should
follow in order to find a KDC, with DNS information being preferred.
One scenario outlined in section 1 is of a user having entered

userid

and
passphrase and waiting to be authenticated.  The steps imply a

number of

timeouts in succession without specifying what balance to take of

how

long
to wait for a server to respond versus how long to keep the user
waiting.
I would find it difficult to know what balance to strike without
guidance.

A related issue is that section 4.1 prefers DNS to DHCP for Kerberos
information but the Security Considerations stress the weakness of
DHCP and recommend authenticating DHCP.  What if DHCP is secure
and DNS is not?  Should DNS still be preferred?

Tom Petch

----- Original Message -----
From: "Jeffrey Hutzelman" <jhutz(_at_)cmu(_dot_)edu>
To: "Samuel Weiler" <weiler+secdir(_at_)watson(_dot_)org>
Cc: <draft-sakane-dhc-dhcpv6-kdc-option(_at_)tools(_dot_)ietf(_dot_)org>;
<secdir(_at_)ietf(_dot_)org>; <ietf(_at_)ietf(_dot_)org>; 
<jhutz(_at_)cmu(_dot_)edu>
Sent: Thursday, May 24, 2012 6:50 PM
Subject: Re: [secdir] secdir review of
draft-sakane-dhc-dhcpv6-kdc-option
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [secdir] secdir review of draft-sakane-dhc-dhcpv6-kdc-option, tglassey
Next by Date:  Re: Last Call: <draft-hoffman-tao4677bis-15.txt> (The Tao of IETF: A Novice's Guide to the Internet Engineering Task Force) to Informational RFC, Bradner, Scott
Previous by Thread:  Re: [secdir] secdir review of draft-sakane-dhc-dhcpv6-kdc-option, Sam Hartman
Next by Thread:  Re: [secdir] secdir review of draft-sakane-dhc-dhcpv6-kdc-option, t.p.
Indexes:  [Date] [Thread] [Top] [All Lists]