>#23: Good Security of DHCP
>---------------------------------------+------------------------------------
>Reporter: Hannes.Tschofenig@… |
>Owner: Hannes.Tsschofenig@… Type:
>enhancement | Status:
>closed Priority: major
> | Milestone:
>draft-ietf-geopriv-3825bis
>Component: rfc3825bis |
>Version: Severity:
>Active WG
>Document | Resolution: fixed
> Keywords:
> |
>---------------------------------------+------------------------------------
>Changes (by bernard_aboba@…): * stattus: new
>=> closed * resolution: => fixed *
>severity: - => Active WG Document Comment: The
>current text of the security considerations
>section addresses potential disclosure risks as
>well as modification attacks. I will add some
>advice on use of link level encryption in -06.
>"Where critical decisions might be based on the
>value of this GeoConf option, DHCP
>authentication as defined in "Authentication for
>DHCP Messages" [RFC3118] and "Dynamic Host
>Configuration Protocol for IPv6 (DHCPv6)"
>[RFC3315] SHOULD be used to protect the
>integrity of the DHCP options. Since there is no
>privacy protection for DHCP messages, an
>eavesdropper who can monitor the link between
>the DHCP server and requesting client can
>discover this LCI. To minimize the unintended
>exposure of location information, the LCI option
>SHOULD be returned by DHCP servers only when the
>DHCP client has included this option in its
>'parameter request list' (section 3.5 [RFC2131]).
wrt the above "when":
s/when/after
IMO this makes the statement more direct and to the point.
>When implementing a DHCP server that will serve
>clients across an uncontrolled network, one
>should consider the potential security risks."
I assume that for controlled networks -- this doesn't apply?
James
> -- Ticket URL:
> <http://wiki.tools.ietf.org/wg/geopriv/trac/ticket/23#comment:3>
> geopriv <http://tools.ietf.org/geopriv/>
> _______________________________________________
> Geopriv mailing list Geopriv@ietf.org
> https://www.ietf.org/mailman/listinfo/geopriv
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
