Internet DRAFT - draft-templin-dhc-authonly-sedhcpv6
draft-templin-dhc-authonly-sedhcpv6
Network Working Group F. Templin, Ed.
Internet-Draft Boeing Research & Technology
Intended status: Informational September 08, 2016
Expires: March 12, 2017
Authentication-only Mode for Secure DHCPv6
draft-templin-dhc-authonly-sedhcpv6-02.txt
Abstract
Secure DHCPv6 includes mechanisms for encryption and authentication,
where encryption is currently mandated due to concerns for pervasive
monitoring in the Internet. The Secure DHCPv6 specification states
that the mechanisms are applicable in any environment where physical
security on the link is not assured and attacks on DHCPv6 are a
concern. However, this document presents a reference use case where
physical and/or link-layer security are already assured. This
document therefore proposes an authentication-only application of
Secure DHCPv6 when there is already sufficent protection against
pervasive monitoirng.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 12, 2017.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Templin Expires March 12, 2017 [Page 1]
Internet-Draft AERO Minimal Encapsulation September 2016
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Use Case for Authentication-only Secure DHCPv6 . . . . . . . 2
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 4
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
6.1. Normative References . . . . . . . . . . . . . . . . . . 4
6.2. Informative References . . . . . . . . . . . . . . . . . 4
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5
1. Introduction
DHCPv6 [RFC3315] is the stateful autoconfiguration protocol for IPv6
[RFC2460]. Secure DHCPv6 [I-D.ietf-dhc-sedhcpv6] includes mechanisms
for encryption and authentication, where encryption is currently
mandated due to concerns for pervasive monitoring in the Internet.
The Secure DHCPv6 specification states that the mechanisms are
applicable in any environment where physical security on the link is
not assured and attacks on DHCPv6 are a concern. However, this
document presents a reference use case where physical and/or link-
layer security are already assured. This document therefore proposes
an authentication-only application of Secure DHCPv6 when there is
already sufficient protection against pervasive monitoirng.
Encryption avoidance becomes important when information sharing
between DHCPv6 clients, relays and servers is required and/or when an
application of an additional layer of encryption would be redundant
and would result in poor performance. The document therefore
proposes an authentication-only mode for specific use cases where
pervasive monitoring is already mitigated through other means, but a
means for authenticating the source of the DHCPv6 message is still
required.
2. Use Case for Authentication-only Secure DHCPv6
Figure 1 depicts a reference use case for an authentication-only mode
for Secure DHCPv6, where the link between the DHCPv6 client and relay
is protected by link-layer encryption and the DHCPv6 service
infrastructure is potected by physical security:
Templin Expires March 12, 2017 [Page 2]
Internet-Draft AERO Minimal Encapsulation September 2016
+-----------------------------+
| |
| <-- Physical Security --> |
| |
| +-----------------------+ |
| | | |
| | | |
| | DHCPv6 Server | |
| | | |
| | | |
| +-----------+-----------+ |
| | |
+-----------------------+ | +-----------+-----------+ |
| | | | | |
| | | | | |
| DHCPv6 Client | | | DHCPv6 Relay | |
| | | | | |
| | | | | |
+-----------------------+ | +-----------------------+ |
| | | | | |
| Link-layer Encryption | | | Link-layer Encryption | |
| | | | | |
+------------+----------+ +--+------------+----------+--+
| |
| Link |
X----+--------------------------------+----X
Figure 1
In this reference use case, the link between the client and relay is
secured against pervasive monitoring through the application of link-
layer encryption. (The link itself also may or may not be secured at
the phsyical layer.) No information is therefore available in plain
text over the link that connects the client and relay. The DHCPv6
service infrasturcture (i.e., all DHCPv6 relay agents and servers) is
further secured against pervasive monitoring through physical
security and the application of network-layer securing mechanisms
such as IPsec.
In the reference use case, therefore, no opportunity for pervasive
monitoring exists and the use of DHCPv6 application layer encryption
would be unnecessary, inefficient and would interfere with
client/relay/server information sharing. An example where this use
case applies is in the AERO protocol [I-D.templin-aerolink].
This document therefore recommends an amendment of the Secure DHCPv6
specification to permit an authentication-only application of the
Templin Expires March 12, 2017 [Page 3]
Internet-Draft AERO Minimal Encapsulation September 2016
protocol when pervasive monitoring is already mitigated through other
means.
3. IANA Considerations
This document introduces no IANA considerations.
4. Security Considerations
Security considerations are discussed in the DHCPv6 and Secure DHCPv6
specifications [RFC3315][I-D.ietf-dhc-sedhcpv6]. This document notes
that, in addition to proection against pervasive monitoring of DHCPv6
messages, a means for authenticating the sources of DHCPv6 messages
may still be necessary in some environments to mitigate insider
attacks such as spoofing and theft of service.
5. Acknowledgements
TBD
6. References
6.1. Normative References
[I-D.ietf-dhc-sedhcpv6]
Jiang, S., Li, L., Cui, Y., Jinmei, T., Lemon, T., and D.
Zhang, "Secure DHCPv6", draft-ietf-dhc-sedhcpv6-13 (work
in progress), July 2016.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981,
<http://www.rfc-editor.org/info/rfc791>.
[RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6
(IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
December 1998, <http://www.rfc-editor.org/info/rfc2460>.
[RFC3315] Droms, R., Ed., Bound, J., Volz, B., Lemon, T., Perkins,
C., and M. Carney, "Dynamic Host Configuration Protocol
for IPv6 (DHCPv6)", RFC 3315, DOI 10.17487/RFC3315, July
2003, <http://www.rfc-editor.org/info/rfc3315>.
6.2. Informative References
[I-D.templin-aerolink]
Templin, F., "Asymmetric Extended Route Optimization
(AERO)", draft-templin-aerolink-71 (work in progress),
September 2016.
Templin Expires March 12, 2017 [Page 4]
Internet-Draft AERO Minimal Encapsulation September 2016
Author's Address
Fred L. Templin (editor)
Boeing Research & Technology
P.O. Box 3707
Seattle, WA 98124
USA
Email: fltemplin@acm.org
Templin Expires March 12, 2017 [Page 5]