| draft-ietf-dhc-sedhcpv6-01.txt | draft-ietf-dhc-sedhcpv6-02.txt | |||
|---|---|---|---|---|
| DHC Working Group S. Jiang, Ed. | DHC Working Group S. Jiang, Ed. | |||
| Internet-Draft Huawei Technologies Co., Ltd | Internet-Draft Huawei Technologies Co., Ltd | |||
| Intended status: Standards Track S. Shen | Intended status: Standards Track S. Shen | |||
| Expires: August 18, 2014 CNNIC | Expires: October 17, 2014 CNNIC | |||
| D. Zhang | D. Zhang | |||
| Huawei Technologies Co., Ltd | Huawei Technologies Co., Ltd | |||
| February 14, 2014 | April 15, 2014 | |||
| Secure DHCPv6 with Public Key | Secure DHCPv6 with Public Key | |||
| draft-ietf-dhc-sedhcpv6-01 | draft-ietf-dhc-sedhcpv6-02 | |||
| Abstract | Abstract | |||
| The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) enables | The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) enables | |||
| DHCPv6 servers to pass configuration parameters. It offers | DHCPv6 servers to pass configuration parameters. It offers | |||
| configuration flexibility. If not secured, DHCPv6 is vulnerable to | configuration flexibility. If not secured, DHCPv6 is vulnerable to | |||
| various attacks, particularly spoofing attacks. This document | various attacks, particularly spoofing attacks. This document | |||
| analyzes the security issues of DHCPv6 and specifies a Secure DHCPv6 | analyzes the security issues of DHCPv6 and specifies a Secure DHCPv6 | |||
| mechanism for communication between DHCPv6 client and server. This | mechanism for communication between DHCPv6 client and server. This | |||
| mechanism is based on public/private key pairs. The authority of the | mechanism is based on public/private key pairs. The authority of the | |||
| skipping to change at page 1, line 41 | skipping to change at page 1, line 41 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on August 18, 2014. | This Internet-Draft will expire on October 17, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 17 | skipping to change at page 2, line 17 | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Requirements Language and Terminology . . . . . . . . . . . . 3 | 2. Requirements Language and Terminology . . . . . . . . . . . . 3 | |||
| 3. Security Overview of DHCPv6 . . . . . . . . . . . . . . . . . 3 | 3. Security Overview of DHCPv6 . . . . . . . . . . . . . . . . . 3 | |||
| 4. Secure DHCPv6 Overview . . . . . . . . . . . . . . . . . . . 4 | 4. Overview of Secure DHCPv6 Mechanism with Public Key . . . . . 4 | |||
| 4.1. New Components . . . . . . . . . . . . . . . . . . . . . 5 | 4.1. New Components . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.2. Support for algorithm agility . . . . . . . . . . . . . . 5 | 4.2. Support for algorithm agility . . . . . . . . . . . . . . 6 | |||
| 5. Extensions for Secure DHCPv6 . . . . . . . . . . . . . . . . 6 | 4.3. Applicability . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.1. Public Key Option . . . . . . . . . . . . . . . . . . . . 6 | 5. Extensions for Secure DHCPv6 . . . . . . . . . . . . . . . . 7 | |||
| 5.2. Certificate Option . . . . . . . . . . . . . . . . . . . 6 | 5.1. Public Key Option . . . . . . . . . . . . . . . . . . . . 7 | |||
| 5.3. Signature Option . . . . . . . . . . . . . . . . . . . . 7 | 5.2. Certificate Option . . . . . . . . . . . . . . . . . . . 7 | |||
| 5.4. Status Codes . . . . . . . . . . . . . . . . . . . . . . 9 | 5.3. Signature Option . . . . . . . . . . . . . . . . . . . . 8 | |||
| 6. Processing Rules and Behaviors . . . . . . . . . . . . . . . 9 | 5.4. Status Codes . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 6.1. Processing Rules of Sender . . . . . . . . . . . . . . . 9 | 6. Processing Rules and Behaviors . . . . . . . . . . . . . . . 10 | |||
| 6.2. Processing Rules of Recipient . . . . . . . . . . . . . . 10 | 6.1. Processing Rules of Sender . . . . . . . . . . . . . . . 10 | |||
| 6.3. Processing Rules of Relay Agent . . . . . . . . . . . . . 11 | 6.2. Processing Rules of Recipient . . . . . . . . . . . . . . 11 | |||
| 6.4. Timestamp Check . . . . . . . . . . . . . . . . . . . . . 12 | 6.3. Processing Rules of Relay Agent . . . . . . . . . . . . . 13 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 6.4. Timestamp Check . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | |||
| 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 10. Change log [RFC Editor: Please remove] . . . . . . . . . . . 16 | 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 | 10. Change log [RFC Editor: Please remove] . . . . . . . . . . . 17 | |||
| 11.1. Normative References . . . . . . . . . . . . . . . . . . 16 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . 16 | 11.1. Normative References . . . . . . . . . . . . . . . . . . 18 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 | 11.2. Informative References . . . . . . . . . . . . . . . . . 18 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 | ||||
| 1. Introduction | 1. Introduction | |||
| The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, [RFC3315]) | The Dynamic Host Configuration Protocol for IPv6 (DHCPv6, [RFC3315]) | |||
| enables DHCPv6 servers to pass configuration parameters. It offers | enables DHCPv6 servers to pass configuration parameters. It offers | |||
| configuration flexibility. If not secured, DHCPv6 is vulnerable to | configuration flexibility. If not secured, DHCPv6 is vulnerable to | |||
| various attacks, particularly spoofing attacks. | various attacks, particularly spoofing attacks. | |||
| This document analyzes the security issues of DHCPv6 in details. | This document analyzes the security issues of DHCPv6 in details. | |||
| This document provides mechanisms for improving the security of | This document provides mechanisms for improving the security of | |||
| skipping to change at page 3, line 45 | skipping to change at page 3, line 48 | |||
| words. | words. | |||
| 3. Security Overview of DHCPv6 | 3. Security Overview of DHCPv6 | |||
| DHCPv6 is a client/server protocol that provides managed | DHCPv6 is a client/server protocol that provides managed | |||
| configuration of devices. It enables DHCPv6 server to automatically | configuration of devices. It enables DHCPv6 server to automatically | |||
| configure relevant network parameters on clients. In the basic | configure relevant network parameters on clients. In the basic | |||
| DHCPv6 specification [RFC3315], security of DHCPv6 message can be | DHCPv6 specification [RFC3315], security of DHCPv6 message can be | |||
| improved. | improved. | |||
| The basic DHCPv6 specifications can optionally authenticate the | The basic DHCPv6 specifications can optionally authenticate the | |||
| origin of messages and validate the integrity of messages using an | origin of messages and validate the integrity of messages using an | |||
| authentication option with a symmetric key pair. [RFC3315] relies | authentication option with a symmetric key pair. [RFC3315] relies on | |||
| on pre-established secret keys. For any kind of meaningful | pre-established secret keys. For any kind of meaningful security, | |||
| security, each DHCPv6 client would need to be configured with its | each DHCPv6 client would need to be configured with its own secret | |||
| own secret key; [RFC3315] provides no mechanism for doing this. | key; [RFC3315] provides no mechanism for doing this. | |||
| For the key of the hash function, there are two key management | For the key of the hash function, there are two key management | |||
| mechanisms. Firstly, the key management is done out of band, | mechanisms. Firstly, the key management is done out of band, usually | |||
| usually through some manual process. For example, operators can | through some manual process. For example, operators can set up a key | |||
| set up a key database for both servers and clients which the | database for both servers and clients which the client obtains a key | |||
| client obtains a key before running DHCPv6. | before running DHCPv6. | |||
| Manual key distribution runs counter to the goal of minimizing the | Manual key distribution runs counter to the goal of minimizing the | |||
| configuration data needed at each host. [RFC3315] provides an | configuration data needed at each host. [RFC3315] provides an | |||
| additional mechanism for preventing off-network timing attacks | additional mechanism for preventing off-network timing attacks using | |||
| using the Reconfigure message: the Reconfigure Key authentication | the Reconfigure message: the Reconfigure Key authentication method. | |||
| method. However, this method provides no message integrity or | However, this method provides no message integrity or source | |||
| source integrity check. This key is transmitted in plaintext. | integrity check. This key is transmitted in plaintext. | |||
| In comparison, the public/private key security mechanism allows | In comparison, the public/private key security mechanism allows the | |||
| the keys to be generated by the sender, and allows the public key | keys to be generated by the sender, and allows the public key | |||
| database on the recipient to be populated opportunistically or | database on the recipient to be populated opportunistically or | |||
| manually, depending on the degree of confidence desired in a | manually, depending on the degree of confidence desired in a specific | |||
| specific application. PKI security mechanism is simpler in the | application. PKI security mechanism is simpler in the local key | |||
| local key management respect. | management respect. | |||
| 4. Secure DHCPv6 Overview | 4. Overview of Secure DHCPv6 Mechanism with Public Key | |||
| To solve the above mentioned security issues, this document | In order to enable a DHCP client and a server mutually authenticate | |||
| introduces the use of public/private key pair mechanism into DHCPv6, | each other without previous key deployment, this document introduces | |||
| also with timestamp. The authority of the sender may depend on | the use of public/private key pair mechanism into DHCPv6, also with | |||
| either pre-configuration mechanism or PKI. By combining with the | timestamp. The authority of the sender may depend on either pre- | |||
| signatures, sender identity can be verified and messages protected. | configuration mechanism or PKI. By combining with the signatures, | |||
| sender identity can be verified and messages protected. | ||||
| This document introduces a Secure DHCPv6 mechanism that uses a public | This document introduces a Secure DHCPv6 mechanism that uses a public | |||
| /private key pair to secure the DHCPv6 protocol. It has two modes; | /private key pair to secure the DHCPv6 protocol. In order to enable | |||
| in both modes, the sender has a public/private key pair. In the | DHCP clients and servers to perform mutual authentication, this | |||
| first mode, the public key of the sender is pre-shared with the | solution provides two public key based mechanisms with different | |||
| recipient, either opportunistically or through a manual process. In | security strengths. One is stronger and only the certificate signed | |||
| the second mode, the sender has a certificate for its public key, | by a trusted CA or preconfigured public key can be accepted. The | |||
| signed by a Certificate Authority that is trusted by the recipient. | other one, called as leap of faith (LoF) mechanism, is relatively | |||
| It is possible for the same public key to be used with different | weak. It allows a client/server pair, that lacks essential trust | |||
| recipients in both modes. | relationship, to build up their trust relationship at run time for | |||
| subsequent exchanges based on faith. This design simplifies the | ||||
| precondition of deploying DHCPv6 authentication and provides limited | ||||
| protection of DHCPv6 message. | ||||
| In the proposed soltuion, both public/private key pairs or | ||||
| certificates are can be used in authentication. When using public/ | ||||
| private key pairs directly, the public key of the sender is pre- | ||||
| shared with the recipient, either opportunistically or through a | ||||
| manual process. When using certificates, the sender has a | ||||
| certificate for its public key, signed by a CA that is trusted by the | ||||
| recipient. It is possible for the same public key to be used with | ||||
| different recipients in both modes. | ||||
| In this document, we introduce a public key option, a certificate | In this document, we introduce a public key option, a certificate | |||
| option and a signature options with a corresponding verification | option and a signature option with a corresponding verification | |||
| mechanism. Timestamp is integrated into signature options. A DHCPv6 | mechanism. Timestamp is integrated into signature options. A DHCPv6 | |||
| message (from a server or a client), with either a public key or | message (from a server or a client), with either a public key or | |||
| certificate option, and carrying a digital signature, can be verified | certificate option, and carrying a digital signature, can be verified | |||
| by the recipient for both the timestamp and authentication, then | by the recipient for both the timestamp and authentication, then | |||
| process the payload of the DHCPv6 message only if the validation is | process the payload of the DHCPv6 message only if the validation is | |||
| successful. Because the sender can be a DHCPv6 server or a client, | successful. Because the sender can be a DHCPv6 server or a client, | |||
| the end-to-end security protection can be from DHCPv6 servers to or | the end-to-end security protection can be from DHCPv6 servers to | |||
| clients, or from clients to DHCPv6 servers. | clients, or from clients to DHCPv6 servers. | |||
| The recipient may choose to further process the message from a sender | ||||
| for which no authentication information exists, either non-matched | ||||
| public key or certificate cannot be verified. By recording the | ||||
| public key or unverifiable certificate that was used by the sender, | ||||
| when the first time it is seen, the recipient can make a leap of | ||||
| faith that the sender is trustworthy. If no evidence to the contrary | ||||
| surfaces, the recipient can then validate the sender as trustworthy | ||||
| when it subsequently sees the same public key or certificate used to | ||||
| sign messages from the same sender. In opposite, once the recipient | ||||
| has determined that it is being attacked, it can either forget that | ||||
| sender, or remember that sender in a blacklist and drop further | ||||
| packets associated with that sender. | ||||
| This improves communication security of DHCPv6 messages. The | This improves communication security of DHCPv6 messages. The | |||
| authentication options [RFC3315] may also be used for replay | authentication options [RFC3315] may also be used for replay | |||
| protection. | protection. | |||
| 4.1. New Components | 4.1. New Components | |||
| The components of the solution specified in this document are as | The components of the solution specified in this document are as | |||
| follows: | follows: | |||
| o The node generates a public/private key pair. A DHCPv6 option is | o The node generates a public/private key pair. A DHCPv6 option is | |||
| defined that carries the public key. | defined that carries the public key. | |||
| The node may also obtain a certificate from a Certificate | The node may also obtain a certificate from a Certificate | |||
| Authority that can be used to establish the trustworthiness of the | Authority that can be used to establish the trustworthiness of the | |||
| node. A second option is defined to carry the certificate. | node. Another option is defined to carry the certificate. | |||
| Because the certificate contains the public key, there is never a | Because the certificate contains the public key, there is never a | |||
| need to send both options at the same time. | need to send both options at the same time. | |||
| o A signature generated using the private key that protects the | o A signature generated using the private key that protects the | |||
| integrity of the DHCPv6 messages and authenticates the identity of | integrity of the DHCPv6 messages and authenticates the identity of | |||
| the sender. | the sender. | |||
| o A timestamp, to detect and prevent packet replay. The secure | o A timestamp, to detect and prevent packet replay. The secure | |||
| DHCPv6 nodes need to meet some accuracy requirements and be synced | DHCPv6 nodes need to meet some accuracy requirements and be synced | |||
| to global time, while the timestamp checking mechanism allows a | to global time, while the timestamp checking mechanism allows a | |||
| skipping to change at page 6, line 5 | skipping to change at page 6, line 35 | |||
| The support for algorithm agility in this document is mainly a | The support for algorithm agility in this document is mainly a | |||
| unilateral notification mechanism from sender to recipient. If the | unilateral notification mechanism from sender to recipient. If the | |||
| recipient does not support the algorithm used by the sender, it | recipient does not support the algorithm used by the sender, it | |||
| cannot authenticate the message. In this case, the receiver SHOULD | cannot authenticate the message. In this case, the receiver SHOULD | |||
| reply with a NotSupportAlgorithm status code (defined in | reply with a NotSupportAlgorithm status code (defined in | |||
| Section 5.4). Upon receiving this status code, the sender MAY resend | Section 5.4). Upon receiving this status code, the sender MAY resend | |||
| the message protected with the mandatory algorithms (defined in | the message protected with the mandatory algorithms (defined in | |||
| Section 5.3). Therefore, the senders in a same administrative domain | Section 5.3). Therefore, the senders in a same administrative domain | |||
| may be allowed to use various algorithms simultaneously. | may be allowed to use various algorithms simultaneously. | |||
| 4.3. Applicability | ||||
| By default, a secure DHCPv6 enabled client SHOULD start with secure | ||||
| model. It sends a DHCPv6 message with secure options. If the | ||||
| recipient is secure DHCPv6 enabled server, their communication should | ||||
| be in secure model. In the scenario where the secure DHCPv6 enabled | ||||
| client and server fail to build up secure communication between them, | ||||
| they may fall back the unsecure model, if both client and server | ||||
| allow it. | ||||
| In the scenario where the recipient is a legacy DHCPv6 server that | ||||
| does not support secure mechanism, the DHCPv6 server (for most of | ||||
| known DHCPv6 implemenations) would just omit or disregard unknown | ||||
| options and still process the known options. The reply message would | ||||
| be unsecured, of course. It is up to the local policy of the client | ||||
| whether to accept the messages. If the client accept the unsecure | ||||
| messages from the DHCPv6 server. The subsequent exchanges will be in | ||||
| unsecure model. | ||||
| In the scenario where a legacy client sends a unsecure message to a | ||||
| secure DHCPv6 enabled server, there are two possibilities depending | ||||
| on the server policy. If the server mandidates the authentication, | ||||
| an UnspecFail (value 1, [RFC3315]) error status code, SHOULD be | ||||
| returned. In such case, the client cannot build up the connection | ||||
| with the server. If the server has been configured to support | ||||
| unsecured request, the server would fall back the unsecure DHCPv6 | ||||
| model, and reply unsecure messages toward the client. | ||||
| 5. Extensions for Secure DHCPv6 | 5. Extensions for Secure DHCPv6 | |||
| This section extends DHCPv6. Three new options have been defined. | This section extends DHCPv6. Three new options have been defined. | |||
| The new options MUST be supported in the Secure DHCPv6 message | The new options MUST be supported in the Secure DHCPv6 message | |||
| exchange. | exchange. | |||
| 5.1. Public Key Option | 5.1. Public Key Option | |||
| The Public Key option carries the public key of the sender. The | The Public Key option carries the public key of the sender. The | |||
| format of the Public Key option is described as follows: | format of the Public Key option is described as follows: | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | OPTION_Public_Key | option-len | | | OPTION_PK_PARAMETER | option-len | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | | | | | |||
| . Public Key (variable length) . | . Public Key (variable length) . | |||
| . . | . . | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| option-code OPTION_PK_PARAMETER (TBA1). | option-code OPTION_PK_PARAMETER (TBA1). | |||
| option-len Length of public key in octets. | option-len Length of public key in octets. | |||
| Public Key A variable-length field containing public key. The | Public Key A variable-length field containing public key. The | |||
| key MUST be represented as a lower-case hexadecimal | key MUST be represented as a lower-case hexadecimal | |||
| string with the most significant octet of the key | string with the most significant octet of the key | |||
| first. | first. Typically, the length of a 2048-bit RSA | |||
| public key is 256 bytes. | ||||
| 5.2. Certificate Option | 5.2. Certificate Option | |||
| The Certificate option carries the certificate of the sender. The | The Certificate option carries the certificate of the sender. The | |||
| format of the Certificate option is described as follows: | format of the Certificate option is described as follows: | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | OPTION_Certificate | option-len | | | OPTION_CERT_PARAMETER | option-len | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | | | | | | |||
| . Certificate (variable length) . | . Certificate (variable length) . | |||
| . . | . . | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| option-code OPTION_CERT_PARAMETER (TBA2). | option-code OPTION_CERT_PARAMETER (TBA2). | |||
| option-len Length of certificate in octets. | option-len Length of certificate in octets, maximum 65535. | |||
| Certificate A variable-length field containing certificate. The | Certificate A variable-length field containing certificate. The | |||
| encoding of certificate and certificate data MUST | encoding of certificate and certificate data MUST | |||
| be in format as defined in Section 3.6, [RFC5996]. | be in format as defined in Section 3.6, [RFC5996]. | |||
| The support of X.509 certificate is mandatory. | The support of X.509 certificate is mandatory. The | |||
| length of a certificate is various. In this | ||||
| specification, typically, the maximum length is | ||||
| 65535 bytes. | ||||
| 5.3. Signature Option | 5.3. Signature Option | |||
| The Signature option allows public key-based signatures to be | The Signature option allows public key-based signatures to be | |||
| attached to a DHCPv6 message. The Signature option could be any | attached to a DHCPv6 message. The Signature option could be any | |||
| place within the DHCPv6 message. It protects the entire DHCPv6 | place within the DHCPv6 message. It protects the entire DHCPv6 | |||
| header and options, except for the Authentication Option. The format | header and options, except for the Authentication Option. The format | |||
| of the Signature option is described as follows: | of the Signature option is described as follows: | |||
| 0 1 2 3 | 0 1 2 3 | |||
| skipping to change at page 9, line 7 | skipping to change at page 10, line 9 | |||
| Note: if both signature and authentication option are presented, | Note: if both signature and authentication option are presented, | |||
| signature option does not protect authentication option. It is | signature option does not protect authentication option. It is | |||
| because both needs to apply hash algorithm to whole message, so there | because both needs to apply hash algorithm to whole message, so there | |||
| must be a clear order and there could be only one last-created | must be a clear order and there could be only one last-created | |||
| option. In order to avoid update RFC3315 because of changing auth | option. In order to avoid update RFC3315 because of changing auth | |||
| option, the authors chose not include authentication option in the | option, the authors chose not include authentication option in the | |||
| signature. | signature. | |||
| 5.4. Status Codes | 5.4. Status Codes | |||
| o NotSupportAlgorithm (TBD4): Indicates the recipient does not | o NotSupportAlgorithm (TBD4): indicates that the DHCPv6 server does | |||
| support algorthims that sender used. | not support algorthims that sender used. | |||
| o NotSupportFaithModel (TBD5): Indicates the recipient does not | o AuthFailNotSupportLoF (TBD5): indicates that the DHCPv6 client | |||
| support the leap of faith model. | fails authentication check and the DHCPv6 server does not support | |||
| the leaf of faith model | ||||
| o FaithListExceed (TBD6): Indicates the recipient's list that stores | o AuthFailSupportLoF (TBD6): indicates that the DHCPv6 client fails | |||
| public keys or unverifiable certificates in the leap of faith | authentication check. Although the DHCPv6 server does support the | |||
| model currently exceeds. | leaf of faith, its list that stores public keys or unverifiable | |||
| certificates in the leap of faith model currently exceeds. | ||||
| o SignitureFail (TBD7): indicates the message from DHCPv6 client | ||||
| fails the signiture check. | ||||
| 6. Processing Rules and Behaviors | 6. Processing Rules and Behaviors | |||
| This section only covers the scenario where both DHCPv6 client and | ||||
| server are secure enabled. | ||||
| 6.1. Processing Rules of Sender | 6.1. Processing Rules of Sender | |||
| The sender of a Secure DHCPv6 message could be a DHCPv6 server or a | The sender of a Secure DHCPv6 message could be a DHCPv6 server or a | |||
| DHCPv6 client. | DHCPv6 client. | |||
| The node must have a public/private key pair in order to create | The node must have a public/private key pair in order to create | |||
| Secure DHCPv6 messages. The node may have a certificate which is | Secure DHCPv6 messages. The node may have a certificate which is | |||
| signed by a CA trusted by both sender and recipient. | signed by a CA trusted by both sender and recipient. | |||
| To support Secure DHCPv6, the Secure DHCPv6 enabled sender MUST | To support Secure DHCPv6, the Secure DHCPv6 enabled sender MUST | |||
| construct the DHCPv6 message following the rules defined in | construct the DHCPv6 message following the rules defined in | |||
| [RFC3315]. | [RFC3315]. | |||
| A Secure DHCPv6 message, except for Relay-forward and Relay-reply | A Secure DHCPv6 message, except for Relay-forward and Relay-reply | |||
| messages, MUST contain either a the Public Key or Certificate option, | messages, MUST contain either a the Public Key or Certificate option, | |||
| which MUST contructed as explained in Section 5.1 or Section 5.2. | which MUST contructed as explained in Section 5.1 or Section 5.2. | |||
| A Secure DHCPv6 message, except for Relay-forward and Relay-reply | A Secure DHCPv6 message, except for Relay-forward and Relay-reply | |||
| messages, MUST contain the Signature option, which MUST be | messages, MUST contain the Signature option, which MUST be | |||
| constructed as explained in Section 5.3. It protects the message | constructed as explained in Section 5.3. It protects the message | |||
| header and the message payload and all DHCPv6 options except for the | header all DHCPv6 options except for the Authentication Option. | |||
| Signature option itself and the Authentication Option. Within the | Within the Signature option the Timestamp field SHOULD be set to the | |||
| Signature option the Timestamp field SHOULD be set to the current | current time, according to sender's real time clock. | |||
| time, according to sender's real time clock. | ||||
| A Relay-forward and relay-reply message MUST NOT contain any Public | A Relay-forward and relay-reply message MUST NOT contain any | |||
| Key or Certificate option or Signature Option. | additional Public Key or Certificate option or Signature Option, | |||
| aside from those present in the innermost encapsulated message from | ||||
| the client or server. | ||||
| Upon receiving a Reply message with a NotSupportAlgorithm status | If the sender is a DHCPv6 client, in the failure cases, it receives a | |||
| code, the sender MAY resend the message protected with the mandatory | Reply message with an error status code. The error status code | |||
| algorithms. | indicates the failure reason on the server side. According to the | |||
| received status code, the client MAY take follow-up action: | ||||
| Upon receiving a Reply message with a NotSupportFaithModel or | o Upon receiving a NotSupportAlgorithm error status code, the client | |||
| FaithListExceed status code, the sender is not able to build up the | MAY resend the message protected with the mandatory algorithms. | |||
| connection with the recipient. The sender MAY swith to a verifiable | ||||
| certificate. In the latter case, the sender MAY retry later. | o Upon receiving an AuthFailNotSupportLoF error status code, the | |||
| client is not able to build up the secure communication with the | ||||
| recipient. The client MAY switch to other certificate or public | ||||
| key if it has. But it SHOULD NOT retry with the same certificate/ | ||||
| public-key. | ||||
| o Upon receiving an AuthFailSupportLoF error status code, the client | ||||
| is not able to build up the secure communication with the | ||||
| recipient. The client MAY switch to other certificate or public | ||||
| key if it has. The client MAY retry with the same certificate/ | ||||
| public-key later. | ||||
| o Upon receiving a SignitureFail error status code, the client MAY | ||||
| resend the message. | ||||
| 6.2. Processing Rules of Recipient | 6.2. Processing Rules of Recipient | |||
| The recipient of a Secure DHCPv6 message could be a DHCPv6 server or | ||||
| a DHCPv6 client. In the failure cases, both DHCPv6 server and client | ||||
| SHOULD NOT process received message, and the server SHOULD reply a | ||||
| correspondent error status could, while the client does nothing. | ||||
| When receiving a DHCPv6 message, except for Relay-Forward and Relay- | When receiving a DHCPv6 message, except for Relay-Forward and Relay- | |||
| Reply messages, a Secure DHCPv6 enabled recipient SHOULD discard the | Reply messages, a Secure DHCPv6 enabled recipient SHOULD discard the | |||
| DHCPv6 message if the Signature option is absent, or both the Public | DHCPv6 message if the Signature option is absent, or both the Public | |||
| Key and Certificate option is absent, or both the Public Key and | Key and Certificate option is absent, or both the Public Key and | |||
| Certificate option are presented. If all three options are absent, | Certificate option are presented. In such failure, the DHCPv6 server | |||
| the recipient MAY fall back the unsecure DHCPv6 model. | SHOULD reply an UnspecFail (value 1, [RFC3315]) error status code. | |||
| If all three options are absent, the sender MAY be legacy node or in | ||||
| unsecure model, then, the recipient MAY fall back the unsecure DHCPv6 | ||||
| model if its local policy allows. | ||||
| The recipient SHOULD first check the support of algorthims that | The recipient SHOULD first check the support of algorthims that | |||
| sender used. If not, an error NotSupportAlgorithm status code should | sender used. If all algorthims are supported, the recipient then | |||
| be sent back to the sender, while the message is dropped siliently. | checks the authority of this sender. If not, the message is dropped. | |||
| If all algorthims are supported, the recipient then checks the | ||||
| authority of this sender. | In such failure, the DHCPv6 server SHOULD reply a NotSupportAlgorithm | |||
| error status code, defined in Section 5.4, back to the client.. | ||||
| If the sender uses certificate, the recipient SHOULD validate the | If the sender uses certificate, the recipient SHOULD validate the | |||
| sender's certificate following the rules defined in [RFC5280]. An | sender's certificate following the rules defined in [RFC5280]. An | |||
| implementation may create a local trust certificate record for a | implementation may create a local trust certificate record for a | |||
| verified certificate in order to avoid repeated verfication procedure | verified certificate in order to avoid repeated verfication procedure | |||
| in the future. A sender certificate that finds a match in the local | in the future. A sender certificate that finds a match in the local | |||
| trust certificate list are treated as verified. A fast search index | trust certificate list are treated as verified. A fast search index | |||
| may be created for this list. | may be created for this list. | |||
| If the sender uses a public key, the recipient SHOULD validate it by | If the sender uses a public key, the recipient SHOULD validate it by | |||
| finding a match public key from the local trust public key list, | finding a match public key from the local trust public key list, | |||
| which is pre-configured or recorded from previous communications. A | which is pre-configured or recorded from previous communications. A | |||
| local trust public key list is a data table maintained by the | local trust public key list is a data table maintained by the | |||
| recipient. It restores public keys from all trustworthy senders. A | recipient. It restores public keys from all trustworthy senders. A | |||
| fast search index may be created for this list. | fast search index may be created for this list. | |||
| The recipient may choose to further process the message from a sender | The recipient may choose to further process the message from a sender | |||
| for which no authorization information exists, either non-matched | for which no authentication information exists, either non-matched | |||
| public key or certificate cannot be verified. By recording the | public key or certificate cannot be verified. By recording the | |||
| public key or unverifiable certificate that was used by the sender, | public key or unverifiable certificate that was used by the sender, | |||
| when the first time it is seen, the recipient can make a leap of | when the first time it is seen, the recipient can make a leap of | |||
| faith that the sender is trustworthy. If no evidence to the contrary | faith (LoF) that the sender is trustworthy. If no evidence to the | |||
| surfaces, the recipient can then validate the sender as trustworthy | contrary surfaces, the recipient can then validate the sender as | |||
| when it subsequently sees the same public key or certificate used to | trustworthy for subsequent message exchanges. In opposite, once the | |||
| sign messages from the same sender. If the recipient does not | recipient has determined that it is being attacked, it can either | |||
| support the leap of faith model, it SHOULD reply a message with an | forget that key, or remember that key in a blacklist and drop further | |||
| error NotSupportFaithModel status code, defined in Section 5.4, back | packets associated with that key. | |||
| to the sender. | ||||
| The number of cached public keys or unverifiable certificates MUST be | If recipient does not support the leap of faith model, the message | |||
| limited in order to protect the DHCPv6 server against resource | that fails authentication check MUST be dropped. In such failure, | |||
| exhaustion attacks. If the recipient's list that stores public keys | the DHCPv6 server SHOULD reply an AuthFailNotSupportLoF error status | |||
| or unverifiable certificates in the leap of faith model exceeds, an | code, defined in Section 5.4, back to the client. | |||
| error FaithListExceed status code SHOULD be returned to the sender. | ||||
| The resource releasing policy against exceeding situations is out of | ||||
| scope. | ||||
| At this point, the recipient has either recognized the authorization | On the recipient that supports the leap of faith model, the number of | |||
| cached public keys or unverifiable certificates MUST be limited in | ||||
| order to protect against resource exhaustion attacks. If the | ||||
| recipient's list that stores public keys or unverifiable certificates | ||||
| in the leap of faith model exceeds, the message that fails | ||||
| authentication check MUST be dropped. In such failure, the DHCPv6 | ||||
| server SHOULD reply an AuthFailNotSupportLoF error status code, | ||||
| defined in Section 5.4, back to the client. The resource releasing | ||||
| policy against exceeding situations is out of scope. | ||||
| At this point, the recipient has either recognized the authentication | ||||
| of the sender, or decided to attempt a leap of faith. The recipient | of the sender, or decided to attempt a leap of faith. The recipient | |||
| MUST now authenticate the sender by verifying the Signature and | MUST now authenticate the sender by verifying the Signature and | |||
| checking timestamp. The order of two procedures is left as an | checking timestamp. The order of two procedures is left as an | |||
| implementation decision. It is RECOMMENDED to check timestamp first, | implementation decision. It is RECOMMENDED to check timestamp first, | |||
| because signature verification is much more computationally | because signature verification is much more computationally | |||
| expensive. | expensive. | |||
| The signature field verification MUST show that the signature has | The signature field verification MUST show that the signature has | |||
| been calculated as specified in Section 5.3. Only the messages that | been calculated as specified in Section 5.3. Only the messages that | |||
| get through both the signature verifications and timestamp check are | get through both the signature verifications and timestamp check are | |||
| accepted as secured DHCPv6 messages and continue to be handled for | accepted as secured DHCPv6 messages and continue to be handled for | |||
| their contained DHCPv6 options as defined in [RFC3315]. Messages | their contained DHCPv6 options as defined in [RFC3315]. Messages | |||
| that do not pass the above tests MUST be discarded or treated as | that do not pass the above tests MUST be discarded or treated as | |||
| unsecure messages. | unsecure messages. In the signature verification failure case, the | |||
| DHCPv6 server SHOULD reply a SignatureFail error status code, defined | ||||
| The recipient MAY record the verified public key or certificate for | in Section 5.4, back to the client. | |||
| future authentications. | ||||
| Furthermore, the node that supports the verification of the Secure | Furthermore, the node that supports the verification of the Secure | |||
| DHCPv6 messages MAY record the following information: | DHCPv6 messages MAY record the following information: | |||
| Minbits The minimum acceptable key length for public keys. An upper | Minbits The minimum acceptable key length for public keys. An upper | |||
| limit MAY also be set for the amount of computation needed when | limit MAY also be set for the amount of computation needed when | |||
| verifying packets that use these security associations. The | verifying packets that use these security associations. The | |||
| appropriate lengths SHOULD be set according to the signature | appropriate lengths SHOULD be set according to the signature | |||
| algorithm and also following prudent cryptographic practice. For | algorithm and also following prudent cryptographic practice. For | |||
| example, minimum length 1024 and upper limit 2048 may be used for | example, minimum length 1024 and upper limit 2048 may be used for | |||
| RSA [RSA]. | RSA [RSA]. | |||
| A Relay-forward or Relay-reply message with any Public Key, | A Relay-forward or Relay-reply message with any Public Key, | |||
| Certificate or the Signature option is invilad. The message SHOULD | Certificate or the Signature option is invilad. The message MUST be | |||
| be discarded silently. | discarded silently. | |||
| 6.3. Processing Rules of Relay Agent | 6.3. Processing Rules of Relay Agent | |||
| To support Secure DHCPv6, relay agents just need to follow the same | To support Secure DHCPv6, relay agents just need to follow the same | |||
| processing rules defined in [RFC3315]. There is nothing more the | processing rules defined in [RFC3315]. There is nothing more the | |||
| relay agents have to do, either verify the messages from client or | relay agents have to do, either verify the messages from client or | |||
| server, or add any secure DHCPv6 options. Actually, be definition in | server, or add any secure DHCPv6 options. Actually, by definition in | |||
| this document, relay agents MUST NOT add any secure DHCPv6 options. | this document, relay agents MUST NOT add any secure DHCPv6 options. | |||
| 6.4. Timestamp Check | 6.4. Timestamp Check | |||
| Recipients SHOULD be configured with an allowed timestamp Delta | Recipients SHOULD be configured with an allowed timestamp Delta | |||
| value, a "fuzz factor" for comparisons, and an allowed clock drift | value, a "fuzz factor" for comparisons, and an allowed clock drift | |||
| parameter. The recommended default value for the allowed Delta is | parameter. The recommended default value for the allowed Delta is | |||
| 300 seconds (5 minutes); for fuzz factor 1 second; and for clock | 300 seconds (5 minutes); for fuzz factor 1 second; and for clock | |||
| drift, 0.01 second. | drift, 0.01 second. | |||
| skipping to change at page 12, line 27 | skipping to change at page 14, line 16 | |||
| would not work. | would not work. | |||
| To facilitate timestamp checking, each recipient SHOULD store the | To facilitate timestamp checking, each recipient SHOULD store the | |||
| following information for each sender, from which at least one | following information for each sender, from which at least one | |||
| accepted secure DHCPv6 message is successfully verified (for both | accepted secure DHCPv6 message is successfully verified (for both | |||
| timestamp check and signature verification): | timestamp check and signature verification): | |||
| o The receive time of the last received and accepted DHCPv6 message. | o The receive time of the last received and accepted DHCPv6 message. | |||
| This is called RDlast. | This is called RDlast. | |||
| o The time stamp in the last received and accepted DHCPv6 message. | o The timestamp in the last received and accepted DHCPv6 message. | |||
| This is called TSlast. | This is called TSlast. | |||
| An verified (for both timestamp check and signature verification) | An verified (for both timestamp check and signature verification) | |||
| secure DHCPv6 message initiates the update of the above variables in | secure DHCPv6 message initiates the update of the above variables in | |||
| the recipient's record. | the recipient's record. | |||
| Recipients MUST check the Timestamp field as follows: | Recipients MUST check the Timestamp field as follows: | |||
| o When a message is received from a new peer (i.e., one that is not | o When a message is received from a new peer (i.e., one that is not | |||
| stored in the cache), the received timestamp, TSnew, is checked, | stored in the cache), the received timestamp, TSnew, is checked, | |||
| skipping to change at page 13, line 5 | skipping to change at page 14, line 41 | |||
| After the signature verification also successes, the RDnew and | After the signature verification also successes, the RDnew and | |||
| TSnew values SHOULD be stored in the cache as RDlast and TSlast. | TSnew values SHOULD be stored in the cache as RDlast and TSlast. | |||
| o When a message is received from a known peer (i.e., one that | o When a message is received from a known peer (i.e., one that | |||
| already has an entry in the cache), the timestamp is checked | already has an entry in the cache), the timestamp is checked | |||
| against the previously received Secure DHCPv6 message: | against the previously received Secure DHCPv6 message: | |||
| TSnew + fuzz > TSlast + (RDnew - RDlast) x (1 - drift) - fuzz | TSnew + fuzz > TSlast + (RDnew - RDlast) x (1 - drift) - fuzz | |||
| If this inequality does not hold, the recipient SHOULD silently | If this inequality does not hold or RDnew < RDlast, the recipient | |||
| discard the message. If, on the other hand, the inequality holds, | SHOULD silently discard the message. If, on the other hand, the | |||
| the recipient SHOULD process the message. | inequality holds, the recipient SHOULD process the message. | |||
| Moreover, if the above inequality holds and TSnew > TSlast, the | Moreover, if the above inequality holds and TSnew > TSlast, the | |||
| recipient SHOULD update RDlast and TSlast after the signature | recipient SHOULD update RDlast and TSlast after the signature | |||
| verification also successes. Otherwise, the recipient MUST NOT | verification also successes. Otherwise, the recipient MUST NOT | |||
| update RDlast or TSlast. | update RDlast or TSlast. | |||
| An implementation MAY use some mechanism such as a timestamp cache to | An implementation MAY use some mechanism such as a timestamp cache to | |||
| strengthen resistance to replay attacks. When there is a very large | strengthen resistance to replay attacks. When there is a very large | |||
| number of nodes on the same link, or when a cache filling attack is | number of nodes on the same link, or when a cache filling attack is | |||
| in progress, it is possible that the cache holding the most recent | in progress, it is possible that the cache holding the most recent | |||
| skipping to change at page 14, line 25 | skipping to change at page 16, line 14 | |||
| A window of vulnerability for replay attacks exists until the | A window of vulnerability for replay attacks exists until the | |||
| timestamp expires. Secure DHCPv6 nodes are protected against replay | timestamp expires. Secure DHCPv6 nodes are protected against replay | |||
| attacks as long as they cache the state created by the message | attacks as long as they cache the state created by the message | |||
| containing the timestamp. The cached state allows the node to | containing the timestamp. The cached state allows the node to | |||
| protect itself against replayed messages. However, once the node | protect itself against replayed messages. However, once the node | |||
| flushes the state for whatever reason, an attacker can re-create the | flushes the state for whatever reason, an attacker can re-create the | |||
| state by replaying an old message while the timestamp is still valid. | state by replaying an old message while the timestamp is still valid. | |||
| In addition, the effectiveness of timestamps is largely dependent | In addition, the effectiveness of timestamps is largely dependent | |||
| upon the accuracy of synchronization between communicating nodes. | upon the accuracy of synchronization between communicating nodes. | |||
| However, the two communciating nodes can be synchronized is out of | However, how the two communcating nodes can be synchronized is out of | |||
| scope of this work. | scope of this work. | |||
| Attacks against time synchronization protocols such as NTP [RFC5905] | Attacks against time synchronization protocols such as NTP [RFC5905] | |||
| may cause Secure DHCPv6 nodes to have an incorrect timestamp value. | may cause Secure DHCPv6 nodes to have an incorrect timestamp value. | |||
| This can be used to launch replay attacks, even outside the normal | This can be used to launch replay attacks, even outside the normal | |||
| window of vulnerability. To protect against these attacks, it is | window of vulnerability. To protect against these attacks, it is | |||
| recommended that Secure DHCPv6 nodes keep independently maintained | recommended that Secure DHCPv6 nodes keep independently maintained | |||
| clocks or apply suitable security measures for the time | clocks or apply suitable security measures for the time | |||
| synchronization protocols. | synchronization protocols. | |||
| skipping to change at page 15, line 36 | skipping to change at page 17, line 25 | |||
| Name | Value | RFCs | Name | Value | RFCs | |||
| -------------------+---------+-------------- | -------------------+---------+-------------- | |||
| Reserved | 0x0000 | this document | Reserved | 0x0000 | this document | |||
| RSASSA-PKCS1-v1_5 | 0x0001 | this document | RSASSA-PKCS1-v1_5 | 0x0001 | this document | |||
| IANA is requested to assign the following new DHCPv6 Status Codes, | IANA is requested to assign the following new DHCPv6 Status Codes, | |||
| defined in Section 5.4, in the DHCPv6 Parameters registry maintained | defined in Section 5.4, in the DHCPv6 Parameters registry maintained | |||
| in http://www.iana.org/assignments/dhcpv6-parameters: | in http://www.iana.org/assignments/dhcpv6-parameters: | |||
| Code | Name | Reference | Code | Name | Reference | |||
| ---------+----------------------+-------------- | ---------+-----------------------+-------------- | |||
| TBD4 | NotSupportAlgorithm | this document | TBD4 | NotSupportAlgorithm | this document | |||
| TBD5 | NotSupportFaithModel | this document | TBD5 | AuthFailNotSupportLoF | this document | |||
| TBD6 | FaithListExceed | this document | TBD6 | AuthFailSupportLoF | this document | |||
| TBD7 | SignitureFail | this document | ||||
| 9. Acknowledgements | 9. Acknowledgements | |||
| The authors would like to thank Bernie Volz, Ted Lemon, Ralph Droms, | The authors would like to thank Bernie Volz, Ted Lemon, Ralph Droms, | |||
| Jari Arkko, Sean Turner, Stephen Kent, Thomas Huth, David Schumacher, | Jari Arkko, Sean Turner, Stephen Kent, Thomas Huth, David Schumacher, | |||
| Francis Dupont, Tomek Mrugalski, Gang Chen and other members of the | Francis Dupont, Tomek Mrugalski, Gang Chen, Qi Sun, Suresh Krishnan | |||
| IETF DHC working groups for their valuable comments. | and other members of the IETF DHC working groups for their valuable | |||
| comments. | ||||
| This document was produced using the xml2rfc tool [RFC2629]. | This document was produced using the xml2rfc tool [RFC2629]. | |||
| 10. Change log [RFC Editor: Please remove] | 10. Change log [RFC Editor: Please remove] | |||
| draft-ietf-dhc-sedhcpv6-02: addressed comments (applicability | ||||
| statement, redesign the error codes and their logic) from IETF89 DHC | ||||
| WG meeting and volunteer reviewers . 2014-04-14. | ||||
| draft-ietf-dhc-sedhcpv6-01: addressed comments from IETF88 DHC WG | ||||
| meeting. Moved Dacheng Zhang from acknowledgement to be co-author. | ||||
| 2014-02-14 | ||||
| draft-ietf-dhc-sedhcpv6-00: adopted by DHC WG. 2013-11-19. | draft-ietf-dhc-sedhcpv6-00: adopted by DHC WG. 2013-11-19. | |||
| draft-jiang-dhc-sedhcpv6-02: removed protection between relay agent | draft-jiang-dhc-sedhcpv6-02: removed protection between relay agent | |||
| and server due to complexity, following the comments from Ted Lemon, | and server due to complexity, following the comments from Ted Lemon, | |||
| Bernie Volz. 2013-10-16. | Bernie Volz. 2013-10-16. | |||
| draft-jiang-dhc-sedhcpv6-01: update according to review comments from | draft-jiang-dhc-sedhcpv6-01: update according to review comments from | |||
| Ted Lemon, Bernie Volz, Ralph Droms. Separated Public Key/ | Ted Lemon, Bernie Volz, Ralph Droms. Separated Public Key/ | |||
| Certificate option into two options. Refined many detailed | Certificate option into two options. Refined many detailed | |||
| processes. 2013-10-08. | processes. 2013-10-08. | |||
| End of changes. 47 change blocks. | ||||
| 130 lines changed or deleted | 236 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||